4/2/24, 9:28 PM about:blank

K L Deemed to be University
Department of Computer Science and Engineering-Honors -- KLVZA
Course Handout
2023-2024, Even Sem
Course Title :DATABASE & SYSTEM SECURITY
Course Code :21CS3260P
L-T-P-S Structure : 3-0-4-0
Pre-requisite :
Credits :5
Course Coordinator :Ruth Ramya Kalangi
Team of Instructors :
Teaching Associates :
Syllabus :Oracle users and Schema: Oracle users and Schema: Oracle database security New features. Db users
and schemas, Working as the SYS User, System Privileges, Roles, The DBA Role, The Create-Session Role,
Password-Protected Roles, Security Administrator User, Security Administration Role Verification, Security
Administrator Role Acquisition, System Privileges Granted to the Security Administrator Role, Working as the
Security Administrator, Acquire secadm_role from a SQL*Plus Local Connection, Toggle Between Roles,
Create an Application Security User and roles, create an Application user ,Create HR View role, Oracle Java
Database Connectivity, Java Packages, Environment, Java Stored Procedures. Transparent Data Encryptson,
Encryption Data stored in database, protecting data, Viewing Data, TDE Setup: Oracle 10g, Oracle wallet,
TDE’s Key Management, Creating Encrypted columns in a table, Salt viewing encrypted columns, Encrypting
an existing column, Table space Encryption, Oracle by Configuration, Exporting, Importing Encrypted Data.
Oracle database vaults: Installing Oracle Database Vault, Realm Protection Patterns, creating first realm,
Accessing realm Protection objects, Realm Components, Realm objects, Realm Authorization, Managing Role
Provisioning with database, vault realm authorization, Realm and DBV Administrator, Realm authorization and
objects owner Account, realm authorization controlled with DBV rule set, command rules, Components,
Commands supported in Command rules, DBV connect command rule, Rule Sets, Factors.. Secret Password
Encryption: Generating the Password and Artifacts, Calculating the Size of the Password, Initializing Static
Class Members, Negotiated Algorithm, Encrypting with the Public RSA Key, Returning Secret Password Key
Artifacts to the Client, Encrypting Data with Our Secret Password. Oracle Structures for Secret Password
Encryption Package to Get Secret Password Artifacts and Encrypted Data, Application Security Package
Specification, Application Security Package Body: Functions, Application Security Package Body: Procedures,
Java Methods for Secret Password Decryption. Data Encryption in Transit Granting More System Privileges to
the Application Security User, Permitting Users to Execute Packages in Other Schemas, Application Security
User Activities, Creating a Table for Error Logging, Creating a Table for Managing Our Error Log Table,
Creating an Error Log Management Procedure, Creating a Trigger to Maintain the Error Log Table, Testing the
Trigger, Updating the Application Security Package, Methods for Using and Testing Encryption in Transit,
Loading Updated Oracle Java Secure Class into Oracle, Security Structures for the HR User, Logging the Error
Message, Procedure Variables and Data Decryption, Integrity Constraint on Employees Table, Avoiding SQL
Injection, Demonstrating Failure to SQL Inject in Stored Procedure, Executing the HR Package Specification
and Body, Demonstrations and Tests of Encrypted Data Exchange, Sending Encrypted Data to Oracle Database
for Insert/Update, Testing Encryption Failure with New Client Keys, Testing Failure with New Oracle
Connection, Running Basic Key Exchange Without Data Encryption, Packaging Template to Implement
Encryption. Database Auditing: An Overview of Database Auditing, Types of Audits, Audit Trails and Logs,
Audit Analysis and Reporting Continuous Auditing and Monitoring.
Text Books :1.Expert Oracle and Java Security: Programming secure Oracle Database Applications with Java,
David Coffin, A.Press, L.P,2011. 2.Applied Oracle Security: Developing Secure Database and Middleware,
about:blank 1/10
4/2/24, 9:28 PM about:blank

vDavid C. Knox Scott G. Gaetjen, Hamza Jahangir, Tyler Muth, Patrick Sack, Richard Wark, Bryan Wise, Tata
McGraw Hill, 2010..
Reference Books : 1. Database Security and Auditing,Hassan A. Afyouni, Cengage Learning, 2005. 2.
Implementing Database Security and Auditing: Includes Examples for Oracle, SQL Server, Db2 Udb, Sybase,
Ben-Natan, R. B., Digital Press 2005.
Web Links :1.Database Security for Cyber Professionals, Chad
Russell,Udemy,https://www.udemy.com/course/database-security-for-cyber-professionals/ 2. Network Security
&Database Vulnerabilities, IBM Security Learning Services, Coursera,
https://www.coursera.org/learn/network-security-database-vulnerabilities 3.Introduction to Oracle Database
Backup and Security, Rafiq Wayani,Udemy, https://www.coursera.org/specializations/oracle-sql-databases. 4.
Oracle Autonomous DatabaseAdministration, ngela Wall+13 more instructor, Coursera,
https://www.coursera.org/learn/oracle-autonomous-database-administration#about 5. Network Administration
Courses, Udemy learning Services, Udemy,https://www.udemy.com/topic/network-administration/
Course Rationale : This course provides students with an understanding of database security concepts and
practices in specific; the course further elaborates fundamental principles of database security. There are two
important things with respect to application and database security. First, in the architecture and design phases,
complexity exists due to the technology and the various options available to reach an optimal level of security.
Second, in the development and deployment phases, most people don’t employ full and complete security
implementations. The reasons for this vary, but their obvious lack of knowledge and lack of a set of reference
architectures from which to draw upon are key. This not only limits what can be crafted as a viable solution but
can also have disastrous effects in cost overruns, project delays, inadequate results, and vulnerable systems.
They have not mitigated the risks to an acceptable level. This course also covers a list of advanced topics, such
as SQL injection, database management security issues, roles, Password Encryptions, data encryption in transit
and related issues.
Course Objectives :The objective of the Database Security course is to understand the key issues associated
with protecting assets, determining the levels of protection and response to security incidents and designing a
consistent, reasonable database security system. Database and application security form one end of the
computer security field. These two areas are closely aligned because of the heavy and obvious relationship
between applications and Databases. Along with other areas of security, database and application security
continues to evolve rapidly. Creating a sound and secure (database) application is challenging not just because
it can be complex, but more so because of the many possible methods that can be used to accomplish it.

COURSE OUTCOMES (COs):

Blooms
CO Taxonomy
Course Outcome (CO) PO/PSO
NO Level
(BTL)
Understand Database Users, Roles related to User Administration
CO1 PSO1,PO3 2
and Java concepts
CO2 Apply Data Encryption and Database Vaults PO5,PSO1 3
CO3 Apply secret password Encryption & Decryption. PSO1,PO2 3
Apply Data Encryption for the Data in Transit and Database
CO4 PSO1,PO5 3
Auditing Technique

COURSE OUTCOME INDICATORS (COIs)::

Outcome Highest
COI-1 COI-2 COI-3
No. BTL

about:blank 2/10
4/2/24, 9:28 PM about:blank

Btl-2
Btl-1
Understand Application
CO1 2 Remember System Privileges
Security User, HR View Role
& Roles, Role Verification.
and Java concepts
Btl-1
Btl-2 Btl-3
Remember Encrypting
CO2 3 Understand Transparent Data Apply Command Rules, Rule
&Viewing Data Stored in
Encryption Sets &Factors
Database
Btl-3
Btl-1 Btl-2
Apply Application Security
CO3 3 Remember Generating the Understand Secret Password
Package Body :Functions
Password and Artifacts. Encryption
,Procedures.
Btl-1 Btl-2
Btl-3
Remember Granting More Interpret Methods for Using
CO4 3 Apply Data Encryption in
System Privileges to the and Testing Encryption in
Transit.
Application Security User Transit
Btl-1 Btl-2 Btl-3
CO5 Recall Oracle Users & their Understand Transparent Data Implement Database Security
Roles Encryption Techniques

PROGRAM OUTCOMES & PROGRAM SPECIFIC OUTCOMES (POs/PSOs)

Po
Program Outcome
No.
Engineering Knowledge:Apply the knowledge of mathematics, science, engineering fundamentals, and
PO1
an engineering specialization to the solution of complex engineering problems.
Problem Analysis: Identify, formulate, review research literature, and analyse complex engineering
PO2 problems reaching substantiated conclusions using first principles of mathematics, natural sciences and
engineering sciences
Design/Development of Solutions: Design solutions for complex engineering problems and design
PO3 system components or processes that meet the specified needs with appropriate consideration for the
public health and safety, and the cultural, societal, and environmental considerations
Conduct Investigations of Complex Problems:Use research-based knowledge and research methods
including design of experiments, analysis and interpretation of data, and synthesis of the information to
PO4
provide valid conclusions for complex problems that cannot be solved by straightforward application of
knowledge, theories and techniques applicable to the engineering discipline.
Modern Tool Usage:Create, select, and apply appropriate techniques, resources, and modern engineering
PO5 and IT tools including prediction and modelling to complex engineering activities with an understanding
of the limitations.
The Engineer and Society:Apply reasoning informed by the contextual knowledge to assess societal,
PO6 health, safety, legal and cultural issues and the consequent responsibilities relevant to the professional
engineering practice.
Environment and Sustainability:Understand the impact of the professional engineering solutions in
PO7 societal and environmental contexts, and demonstrate the knowledge of, and need for sustainable
development
Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms of the
PO8
engineering practice
Individual and Team Work: Function effectively as an individual, and as a member or leader in diverse
PO9
teams, and in multidisciplinary settings.

about:blank 3/10
4/2/24, 9:28 PM about:blank

Communication:Communicate effectively on complex engineering activities with the engineering

PO10 community and with society at large, such as, being able to comprehend and write effective reports and
design documentation, make effective presentations, and give and receive clear instructions
Project Management and Finance: Demonstrate knowledge and understanding of the engineering and
PO11 management principles and apply these to one’s own work, as a member and leader in a team, to manage
projects and in multidisciplinary environments.
Life-long Learning: Recognize the need for, and have the preparation and ability to engage in
PO12
independent and lifelong learning in the broadest context of technological change.
PSO1 An ability to design and develop software projects as well as Analyze and test user requirements.
PSO2 An Ability to gain working Knowledge on emerging software tools and technologies.

Lecture Course DELIVERY Plan:

Book No[CH Teaching-
Sess.No. CO COI Topic No][Page Learning EvaluationComponents
No] Methods

ALM,End Semester
Course Handout, users and
Exam Online,MOOCs
COI- schemas, Working as the SYS
1 CO1 T1[2][5-10] Chalk,PPT,Talk Certification,MOOCs
2 User, System Privileges, Roles
Review,Paper
,The DBA Role
Publication

ALM,End Semester
Oracle Java Database
Exam Online,MOOCs
COI- Connectivity, Java Packages
2 CO2 T1[3][27-29] Chalk,PPT,Talk Certification,MOOCs
2 Environment, Java Stored
Review,Paper
Procedures
Publication

Generating the Password and ALM,End Semester

Artifacts, Calculating the Size Exam Online,MOOCs
COI-
3 CO3 of the Password, T1[6][85-88] Chalk,PPT,Talk Certification,MOOCs
3
InitializingStatic Class Review,Paper
Members Publication

ALM,End Semester
Creating a Trigger to Maintain
Exam Online,MOOCs
COI- the Error Log Table, Testing T1[7][116-
4 CO4 Chalk,PPT,Talk Certification,MOOCs
3 the Trigger, Updating the 118]
Review,Paper
Application Security Package
Publication

Lecture Session wise Teaching – Learning Plan

SESSION NUMBER : 1

Session Outcome: 1 Understand System Privileges & Role

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods

about:blank 4/10
4/2/24, 9:28 PM about:blank

--- NOT
5 Attendance 1 Talk APPLICABLE
---
10 Course Handout 2 PPT Role playing
--- NOT
10 Users and Schemas 2 Talk APPLICABLE
---
--- NOT
10 Working as the SYS User, System Privileges 1 PPT APPLICABLE
---
--- NOT
10 Roles, The DBA Rol 2 Chalk APPLICABLE
---
--- NOT
5 Conclusion 1 Talk APPLICABLE
---

SESSION NUMBER : 2

Session Outcome: 1 Understand Oracle Database Connectivity

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
20 Oracle Java Database Connectivit 2 Chalk Fish Bowl
--- NOT
20 Java Packages Environment, Java Stored Procedures 2 PPT APPLICABLE
---
--- NOT
5 Summary 1 Talk APPLICABLE
---

SESSION NUMBER : 3

Session Outcome: 1 Understand Generating the Password and Artifacts

Session Outcome: 2 Apply d Calculating the Size of the Password,

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Generating the Password and Artifacts 2 PPT APPLICABLE
---

about:blank 5/10
4/2/24, 9:28 PM about:blank

One minute
10 Calculating the Size of the Password 3 Talk
paper
--- NOT
10 nitializing Static Class Members 3 Chalk APPLICABLE
---
--- NOT
5 Summary 1 Talk APPLICABLE
---

SESSION NUMBER : 4

Session Outcome: 1 Apply Triggers to Maintain the Error Log Table

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
20 Creating a Trigger to Maintain the Error Log Table 3 PPT Video synthesis
--- NOT
10 Testing the Trigger 3 Chalk APPLICABLE
---
--- NOT
10 Updating the Application Security Package 3 PPT APPLICABLE
---
--- NOT
5 Summary 1 Talk APPLICABLE
---

Tutorial Course DELIVERY Plan: NO Delivery Plan Exists

Tutorial Session wise Teaching – Learning Plan

No Session Plans Exists

Practical Course DELIVERY Plan:

Tutorial
Session Topics CO-Mapping
no

1 Roles and privileges in a database. CO5

Practical Session wise Teaching – Learning Plan

SESSION NUMBER : 1

Session Outcome: 1 mplement the concept of roles and privileges in a database

Session Outcome: 2 implement the concept of data manipulation and authorization in adatabas
about:blank 6/10
4/2/24, 9:28 PM about:blank

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
30 Implementation of roles and privileges in a database. 3 Talk APPLICABLE
---
--- NOT
30 Results & Documentation 3 Chalk APPLICABLE
---
--- NOT
30 Viva Voice 1 Talk APPLICABLE
---

Skilling Course DELIVERY Plan: NO Delivery Plan Exists

Skilling Session wise Teaching – Learning Plan

No Session Plans Exists

WEEKLY HOMEWORK ASSIGNMENTS/ PROBLEM SETS/OPEN ENDEDED PROBLEM-SOLVING EXERCISES etc:

Assignment Assignment
Week Topic Details co
Type No

COURSE TIME TABLE:

Hour 1 2 3 4 5 6 7 8 9
Day Component
Theory -- -- -- -- -- -- -- -- --
Tutorial -- -- -- -- -- -- -- -- --
Mon
Lab -- -- -- -- -- -- -- -- --
Skilling -- -- -- -- -- -- -- -- --
Theory -- -- -- -- -- -- -- -- --
Tutorial -- -- -- -- -- -- -- -- --
Tue
Lab -- -- -- -- -- -- -- -- --
Skilling -- -- -- -- -- -- -- -- --
Theory -- -- -- -- -- -- -- -- --
Tutorial -- -- -- -- -- -- -- -- --
Wed
Lab -- -- -- -- -- -- -- -- --
Skilling -- -- -- -- -- -- -- -- --
Thu Theory --- --- --- --- --- --- --- --- ---
Tutorial --- --- --- --- --- --- --- --- ---

about:blank 7/10
4/2/24, 9:28 PM about:blank

Lab --- --- --- --- --- --- --- --- ---
Skilling --- --- --- --- --- --- --- --- ---
Theory -- -- -- -- -- -- -- -- --
Tutorial -- -- -- -- -- -- -- -- --
Fri
Lab -- -- -- -- -- -- -- -- --
Skilling -- -- -- -- -- -- -- -- --
Theory -- -- -- -- -- -- -- -- --
Tutorial -- -- -- -- -- -- -- -- --
Sat
Lab -- -- -- -- -- -- -- -- --
Skilling -- -- -- -- -- -- -- -- --
Theory -- -- -- -- -- -- -- -- --
Tutorial -- -- -- -- -- -- -- -- --
Sun
Lab -- -- -- -- -- -- -- -- --
Skilling -- -- -- -- -- -- -- -- --

REMEDIAL CLASSES:

Supplement course handout, which may perhaps include special lectures and discussions that would be planned,
and schedule notified according

SELF-LEARNING:

Assignments to promote self-learning, survey of contents from multiple sources.

S.no Topics CO ALM References/MOOCS

DELIVERY DETAILS OF CONTENT BEYOND SYLLABUS:

Content beyond syllabus covered (if any) should be delivered to all students that would be planned, and schedule
notified accordingly.
Advanced Topics, Additional Reading, Research
S.no CO ALM References/MOOCS
papers and any

EVALUATION PLAN:

Evaluation Evaluation Assessment Duration

Weightage/Marks CO1 CO2 CO3 CO4 CO5
Type Component Dates (Hours)
End End Semester Weightage 24 6 6 6 6
Semester Exam (online 120
Summative MCQ) Max Marks 100 25 25 25 25
Evaluation
Total= 40 Lab End Semester Weightage 16 16
120
% Exam Max Marks 50 50
In Semester Lab In Semester Weightage 10 120 10
Summative Exam
about:blank 8/10
4/2/24, 9:28 PM about:blank

Evaluation Max Marks 50 50

Total= 38 Weightage 8 2 2 2 2
% MOOCs
120
Certification Max Marks 100 25 25 25 25
Leaderboard Weightage 10 10
ranking for Global 120
Challenges Max Marks 50 50
Weightage 10 2.5 2.5 2.5 2.5
Paper Publication 120
Max Marks 40 10 10 10 10
Weightage 8 2 2 2 2
ALM 120
In Semester Max Marks 40 10 10 10 10
Formative Continuous Weightage 7 7
Evaluation Evaluation - Lab 120
Total= 22 Exercise Max Marks 120 120
% Weightage 7 1.75 1.75 1.75 1.75
MOOCs Review 120
Max Marks 40 10 10 10 10

ATTENDANCE POLICY:

Every student is expected to be responsible for regularity of his/her attendance in class rooms and laboratories,
to appear in scheduled tests and examinations and fulfill all other tasks assigned to him/her in every course
In every course, student has to maintain a minimum of 85% attendance to be eligible for appearing in Semester
end examination of the course, for cases of medical issues and other unavoidable circumstances the students will
be condoned if their attendance is between 75% to 85% in every course, subjected to submission of medical
certificates, medical case file and other needful documental proof to the concerned departments

DETENTION POLICY :

In any course, a student has to maintain a minimum of 85% attendance and In-Semester Examinations to be
eligible for appearing to the Semester End Examination, failing to fulfill these conditions will deem such student
to have been detained in that course.

PLAGIARISM POLICY :

Supplement course handout, which may perhaps include special lectures and discussions

COURSE TEAM MEMBERS, CHAMBER CONSULTATION HOURS AND CHAMBER VENUE DETAILS:

Supplement course handout, which may perhaps include special lectures and discussions
Chamber
Delivery Sections Chamber Chamber Signature of
Name of Consultation
Component of of Consultation Consultation Course
Faculty Timings for each
Faculty Faculty Day (s) Room No: faculty:
day
Ruth
Ramya L 21-MA - - - -
Kalangi
Ruth
Ramya P 21-MA - - - -
Kalangi

about:blank 9/10
4/2/24, 9:28 PM about:blank
GENERAL INSTRUCTIONS

Students should come prepared for classes and carry the text book(s) or material(s) as prescribed by the Course
Faculty to the class.

NOTICES

Most of the notices are available on the LMS platform.

All notices will be communicated through the institution email.

All notices concerning the course will be displayed on the respective Notice Boards.

Signature of COURSE COORDINATOR

(Ruth Ramya Kalangi)

Signature of Department Prof. Incharge Academics & Vetting Team Member

Department Of CSE-Honors

HEAD OF DEPARTMENT:

Approval from: DEAN-ACADEMICS

(Sign with Office Seal) [object HTMLDivElement]

about:blank 10/10