Purdue School of Engineering and Technology

Purdue School of Engineering and Technology

Database Security

CIT 34400 / 3 Cr.

This course will cover fundamentals of database security, data auditing, basic security models, and best practices. Topics may include security architecture, access control policies, auditing and monitoring. The course combines lectures with hands-on activities through lab sessions and an application oriented project using a database system such as Oracle or SQL Server.

Oracle / MSSQL Server

Course Outcomes (What are these?)

  • Outline the fundamentals of security, and how it relates to information systems (CIT k)
  • Identify risks and vulnerabilities in operating systems from a database perspective (CIT m)
  • Construct and justify good password policies, and techniques to secure passwords (CIT k, m)
  • Implement administration policies for users (CIT m)
  • Compare the various database security models  (CIT m)
  • Implement a Virtual Private Database using views, roles, and application context (CIT c, k)
  • Define, develop and analyze an interesting database security related research project. (CIT d, k)

CIT Student Outcomes (What are these?)

(c) An ability to design, implement, and evaluate a computer-based system, process, component, or program to meet desired needs.

(d) An ability to function effectively on teams to accomplish a common goal.

(k) An ability to identify and analyze user needs and take them into account in the selection, creation, evaluation and administration of computer-based systems.

(m) An understanding of best practices and standards and their application.

  • Security Architecture
  • Operating System Security Fundamentals
  • Administration of Users
  • Profiles, Password Policies, Privileges, and Roles
  • Database Applications Security Models
  • Virtual Private Databases
  • Database Auditing Models
  • Application and Data Auditing
  • Auditing Database Activities
  • Security and Auditing Cases Project Security


Principles of Undergraduate Learning (PULs)

2. Critical Thinking

3. Integration and Application of Knowledge

4. Intellectual Depth, Breadth, and Adaptiveness

What You Will Learn

Security Architecture

  • Define security
  • Outline the concept of information security
  • Describe an information system and its components
  • Define database management system functionalities

 Operating System Security Fundamentals

  • Explain the functions of an operating system
  • Describe the operating system security environment from a database perspective
  • List the components of an operating system security environment
  • Explain the differences between authentication methods

 Administration of Users

  • Outline the concept of operating system authentication
  • Create users and logins using Oracle
  • Remove a user from Oracle
  • Modify an existing user using Oracle
  • List all default users on Oracle

 Profiles, Password Policies, Privileges, and Roles

  • Define and use a profile
  • Design and implement password policies
  • Grant and revoke user privileges
  • Create, assign, and revoke user roles
  • List best practices for securing a network environment

 Database Applications Security Models

  • Identify and explain the concepts of five security models
  • List the most commonly used application types
  • Implement the most common application security models
  • Understand the use of data encryption within database applications

 Virtual Private Databases

  • Define the term “virtual private database” and explain its importance
  • Implement a virtual private database
  • Use a data dictionary to view an Oracle virtual private database
  • Use OEM’s Policy Manager to view an Oracle virtual private database
  • Implement row-level and column-level security

 Database Auditing Models

  • Understanding the database auditing environment
  • Create a flowchart of the auditing process
  • List eh basic objects, benefits, and side effects of an audit
  • Creating your own auditing models

Application and Data Auditing

  • Create and implement Oracle triggers
  • Define and implement Oracle fine grained auditing
  • Create a DML statement audit trail
  • Implement a DML statement auditing using a repository
  • Implement Oracle PL/.SQL procedure authorization

Auditing Database Activities

  • Use and audit Oracle database activities
  • Learn how to create DLL triggers with Oracle
  • Audit Oracle database activities using Oracle
  • Use SQL server for security auditing