Sect. 001
|
Lecture
|
M W
|
1620 - 1745
|
KOM 307
|
Tentative Schedule
|
Date |
Lecture
Topic |
Homework
& Projects |
Links
to Documents |
Week
1 |
Jan.
25 |
Introduction: view of
overall data environment |
Research
Assignment. Send me your chosen topic for approval by Feb. 7. |
|
Jan.
27 |
Database Security: Security
Access Point, Security vulnerability, threat and risk. |
|
||
Week 2 |
Feb. 1 |
Authentication and Authorization: access control matrix, c-list, access
control list, multilevel/multilateral security model, Bell-LaPadula and Biba
model |
|
|
Feb. 3 |
SQL Server Access control:
Multilevel and multilateral security model, SQL Server principals
(login/user/role) and securables (examples) |
|
|
|
Week
3 |
Feb.
8 |
SQL
Server Access control: Role(fixed/user-defined server roles,
fixed/user-defined database roles, application role) |
Homework1
available |
|
Feb.
10 |
Permission Management: permission
query (example), grant, revoke and deny (example) |
|
|
|
Week 4 |
Feb. 15 |
Permission Management: No class.
University Closed. |
|
|
Feb. 17 |
SQL Programming: No class.
University Closed. |
|
||
Week
5 |
Feb.
22 |
SQL
Programming: Permissions on database objects, schema, database and server (example),
Ownership chaining (example) |
|
|
Feb.
24 |
SQL
Programming: Procedure and functions, including passing table type parameter
and table-valued functions (example).
execute as clause (example) |
Homework2
available |
|
|
Week 6 |
Mar. 1 |
SQL Programming: DML triggers (example, instead-of trigger
example) |
||
Mar. 3 |
Row-level Security: Logon
triggers and DDL triggers (example),
filter/block predicate, security policy (example) |
Database Project Available |
|
|
Week
7 |
Mar.
8 |
Virtual Private Database: VPD (schema, test) |
Homework3
available |
|
Mar.
10 |
1st Exam (week1 – week5 excluding
security policy) |
|
|
|
Week 8 |
Mar. 15 |
Encryption: Went over 1st
exam |
|
|
Mar. 17 |
Encryption: SQL encryption Hierarchy, symmetric/asymmetric key,
certificate, database
master key, service
master key, encryption/decryption using hashing, password, symmetric key, asymmetric key, certificate. |
|
|
|
Week
9 |
Mar.
22 |
Encryption:
Always Encrypted(Example),
Transparent Database Encryption(Example),
Sign data(Example), Dynamic
Data Masking(Example) |
|
|
Mar.
24 |
SQL Injection: SQL Injection
vulnerability, Confirming SQL Injection (inline SQL Injection, Terminating
SQL Injection, Multiple statements, Time Delays) |
|
|
|
Week 10 |
Mar. 29 |
SQL Injection: Exploiting SQL Injection
(UNION, conditional statement, out-of-band communication), code-level
defense, code analysis |
||
Mar. 31 |
Auditing: Class
canceled. Please work on projects and research presentation. |
|
|
|
Week
11 |
Apr.
5 |
Auditing:
Change Tracking (example),
Change data capture (example) |
|
|
Apr.
7 |
Auditing:
SQL Server Audit (example) |
|
|
|
Week 12 |
Apr. 12 |
2nd Exam |
|
|
Apr. 14 |
No class today. Work on project and
presentation. |
|
|
|
Week
13 |
Apr.
19 |
Presentation:
Presentation List Slides |
|
|
Apr.
21 |
Presentation:
|
|
|
|
Week 14 |
Apr. 26 |
Presentation |
|
|
Apr. 28 |
Presentation |
|
|
|
Week 15 |
No Final Exam |
|
|
Class
Resources
Please
take your time to go through the syllabus carefully and with patience. |
|
All
class examples, assignments, and source codes are available in this
directory. |