THE UNIVERSITY OF CRIMINAL INVESTIGATION AND POLICE STUDIES

DOCTORAL STUDIES

INFORMATION TECHNOLOGY

Course:

Database Security

Course Code: II1

ECTS: 10

Course Status:

Elective

Number of Effective Classes (Per Week): 5

Theoretical Education:

Practical Training:

Research Study Project:

5

-

-

Prerequisite/s: None

Educational Objective: The goal of the course is to understand common database attacks, tools and techniques employed by attackers.

Projected Outcome: Upon satisfactory completion of this course, the student will: identify security threats in database systems, understand the concepts and security mechanisms in the protection of data, design and implement secure database systems. On completion of the course, the student should be able to review and discuss scientific papers on the domain of database security.

Course Contents/Structure

Theoretical education: Database and Database Management System (DBMS), Data Definition; Data Manipulation Statements, Overview of Relational Query Optimization, Database Security Mechanisms, Discretionary access control, Mandatory Access Control – MAC; Role-Based Access Control – RBAC, Data Encryption. Data encryption as a measure to protect sensitive data.

Practical training: Exercises to develop ontologies and knowledge bases. Secure data using combination of public, private, and symmetric keys to encrypt and decrypt data. Encrypt data stored in MySQL using RSA, DSA, or DH encryption algorithms. SQL injection attacks.

Teaching Methods: lecture, modified lecture, presentation.

Assessment (Maximum Number of Points: 100)

Pre-Exam Obligations

No. of Points

Final Examination

No. of Points

Research study paper

30

Oral examination

70

Textbook/s

1. Ron Ben-Natan: Implementing Database Security and Auditing, Burlington, MA: Elsevier Digital Press, 2009.

2. Dragan Pleskonjić et al.,: Sigurnost računarskih sistema i mreža, Beograd: Mikro knjiga, 2007.