Clark Atlanta University

 

Information Assurance Design

CIS 474: Intro. to Database Systems

 

 

Overview:

  • Description
  • Objective
  • Goals/Outcome
  • Outline
  • Suggested Assignments
  • References

     

Suggested Time: 4 class periods
 
 

 

 

 

 

 

 

 

 

 


                 

Course Length: 3 Hours

Pre-Requisite  : CIS 209 or CIS 211

 

                                                                                                                                                                                                                                                                                                                                                                                                                                   

 

 

 

 

 

 

 

 
 
 

 

 

 


     Target Audience

                                                   Levels

Disciplines

CS

 

CIS

Undergraduate

x

 

x

Graduate

 

 

 

 

Description:

This course introduces students to the concepts of Information Assurance as it relates to databases.  It introduces students to various database vulnerabilities, inference, and cryptography.  Technically this course examines the general dimension of providing security in database systems. 

 
 
 

 

 

 

 

 

 


Objective(s):

The primary purpose of this course is to:

  • Introduce inference as a database security issue.
  • Introduce cryptography and how it can be used in databases.
  • Introduce various database vulnerabilities.
  • Introduce the importance server security, user authentication, and session security as it relates to database security.

 

 

 

 

 

 

 

 

 
 
                         

 

 

 

 

 

 

 

 

Outline:

·        Inference

Ø      What is inference?

Ø      What can be done about inference?

o       The use of polyinstantiation – technique that allows different records to exist in the same table at various security levels. 

·        Cryptography Principles

Ø      What is cryptography?

Ø      Use of encryption to secure information

Ø      Public key infrastructure

Ø      Digital signatures

·        Database Vulnerabilities

Ø      Server Security

Ø      Database Connections

Ø      Table Access Control

Ø      Restricting Database Access

 

·        Primary Areas of Database Security

Ø      Server Security

o       ensuring security relating to the actual data or private HTML files stored on the server

Ø      User-authentication security

o       ensuring login security that prevents unauthorized access to information

Ø      Session security

o       ensuring that data is not intercepted as it is broadcast over the Internet or Intranet

 

·        How sensitive data can be obtained from queries

Ø      Direct Attack

Ø      Indirect Attack

Ø      Sum

Ø      Count

Ø      Median

Ø      Tracker Attacks

Ø      Linear System Vulnerability

 
 

Suggested Assignments:

  • Create a database that contains students’ username and password information. Write an encryption program that encrypts the password as it is input into the database.
  • Research various ways data can be obtained from a database.  Chose one and write a two page paper explaining what it is and how it is used.

 
 

References:

·        Cannady, James. “Security Models for Object-Oriented Databases”. April 18, 2005. <www.cccure.org>

·        Rahmel, Dan. “Database Security”. Internet Systems. April 1997. April 18, 2005. <http://www.governmentsecurity.org> 

·        Wiedman, Blake. Database Security (Common-sense Principles)”. April 18, 2005. <http://www.governmentsecurity.org>