CSCI 6560: Selected Topics in Database: Database Security

Sect. 001

Lecture

M W

1620 - 1745

KOM 307

Tentative Schedule

 

Date

Lecture Topic

Homework & Projects

Links to Documents

Week 1

Jan. 25

Introduction: view of overall data environment

Research Assignment. Send me your chosen topic for approval by Feb. 7.

DBSec’20

DBSec’19

DBSec’18

Jan. 27

Database Security: Security Access Point, Security vulnerability, threat and risk.

 

DNS Attack(handout1, handout2)

DoS Attack

Buffer Overflow(handout1, handout2)

Week 2

Feb. 1

Authentication and Authorization: access control matrix, c-list, access control list, multilevel/multilateral security model, Bell-LaPadula and Biba model

 

AssignedPapers

Feb. 3

SQL Server Access control: Multilevel and multilateral security model, SQL Server principals (login/user/role) and securables (examples)

 

 

Week 3

Feb. 8

SQL Server Access control: Role(fixed/user-defined server roles, fixed/user-defined database roles, application role)

Homework1 available

 

Feb. 10

Permission Management: permission query (example),  grant, revoke and deny (example)

 

 

Week 4

Feb. 15

Permission Management: No class. University Closed.

 

Feb. 17

SQL Programming: No class. University Closed.

 

 Company Schema

Week 5

Feb. 22

SQL Programming: Permissions on database objects, schema, database and server (example), Ownership chaining (example)

 

 

Feb. 24

SQL Programming: Procedure and functions, including passing table type parameter and table-valued functions  (example). execute as clause (example)

Homework2 available

 

Week 6

Mar. 1

SQL Programming: DML triggers (example, instead-of trigger example)

Implementing SQL Server Row and Cell Level Security (Code)

Mar. 3

Row-level Security: Logon triggers and  DDL triggers (example), filter/block predicate, security policy (example)

Database Project Available

 

Week 7

Mar. 8

Virtual Private DatabaseVPD (schema, test)

Homework3 available

Implementing SQL Server Row and Cell Level Security (Code)

Mar. 10

1st Exam (week1 – week5 excluding security policy)

 

 

Week 8

Mar. 15

Encryption: Went over 1st exam

 

 

Mar. 17

Encryption: SQL encryption Hierarchy, symmetric/asymmetric key, certificate, database master key, service master key, encryption/decryption using hashing, passwordsymmetric keyasymmetric keycertificate.

 

 

Week 9

Mar. 22

Encryption: Always Encrypted(Example), Transparent Database Encryption(Example), Sign data(Example), Dynamic Data Masking(Example)

 

 

Mar. 24

SQL Injection: SQL Injection vulnerability, Confirming SQL Injection (inline SQL Injection, Terminating SQL Injection, Multiple statements, Time Delays)

 

 

Week 10

Mar. 29

SQL Injection: Exploiting SQL Injection (UNION, conditional statement, out-of-band communication), code-level defense, code analysis

Mar. 31

Auditing: Class canceled. Please work on projects and research presentation.

 

 

Week 11

Apr. 5

Auditing: Change Tracking (example), Change data capture (example)

 

 

Apr. 7

Auditing: SQL Server Audit (example)

 

 

Week 12

Apr. 12

2nd Exam

 

 

Apr. 14

No class today. Work on project and presentation.

 

 

Week 13

Apr. 19

Presentation: Presentation List Slides

 

 

Apr. 21

Presentation:

 

 

Week 14

Apr. 26

Presentation 

 

Apr. 28

Presentation

 

 

Week 15

No Final Exam

 

 

Class Resources

Syllabus

Please take your time to go through the syllabus carefully and with patience.

$PUB

All class examples, assignments, and source codes are available in this directory.