1. COURSE SUMMARY

This course will focus on issues related to the design and implementation of secure data stores. Emphasis will be placed on multilevel security in database systems, covert channels, and security measures for relational and object-oriented database systems.

2. LEARNING OUTCOMES
1 Knowledge and Understanding

1. Understand the basic concept of database security

2. Apply appropriate access controls and authentication techniques at different levels

3. Understand, identify and find solutions to security problems in statistical database systems

4. Understand the model for protecting new generation database systems

2 Cognitive/Intellectual skills/Application of Knowledge

1. Integration of theory and practice within the constraints of a given framework
2. Analyse failures in computer systems and devise ways to prevent them.
3. Select and apply appropriate mathematical methods for modelling and analysing computer engineering and information security problems.
4. Use scientific and engineering principles in the development of solutions to problems in computer engineering and information security.

3 Communication/ICT/Numeracy/Analytic Techniques/Practical Skills

1. Prepare technical reports and deliver technical presentations.
2. Plan the installation and maintenance of computer hardware, software, computer systems and equipment.
3. Use computational tools and packages appropriate to computer engineering and information security

4 General transferable skills

1. Have the capacity for self-learning in familiar and unfamiliar situations.
2. Use competently information technology (ICT).
3. Communicate effectively (written, verbal, drafting, sketching etc.)

3. INDICATIVE CONTENT

Unit 1

Introduction: Introduction to Databases Security, Problems in Databases Security Controls,
Security Models – 1: Introduction, Access Matrix Model ,Take-Grant Mode! , Aclcn Model, PN Model, Hartsor and Hsiao's Model, Fernandez's Model, Bussolati and Martella's Model for Distributed databases
Security Models – 2: Bell and LaPadula's Model, Biba's Model, Dion's Model, Sea View
Model, Jajodia and Sandhu'r Model, The Lattice Model for the Flow Control, Conclusion

Unit 2

Security Mechanisms: Introduction, User Identification/Authentication, Memory Protection, Resource Protection Control , Flow Mechanisms, Isolation Security, Functionalities in Some Operating Systems Trusted Computer System, Evaluation Criteria - Security Software Design: Introduction, A Methodological Approach to Security Software Design, Secure Operating System ,Design Secure DBMS, Design Security Packages, Database Security Design

Unit 3

Statistical Database Protection & Intrusion Detection Systems: Introduction, Statistics Concepts and Definitions, Types of Attacks, Inference Controls evaluation, Criteria for Control Comparison. IDES System, RETISS System, ASES System Discovery

Unit 4

Models for the protection of new generation Database Systems -1: Introduction, A Model for the protection of frame based systems , A Model for the protection of object: Oriented Systems SORION, Model for the protection of Object-Oriented Databases, Models for the protection of new Generation Database Systems -2: A Model for the protection of New Generation Database Systems: the Orion model Jajodia anc Kenan’s Model, A Model for the Protection of Active Databases, Conclusions

4.  LEARNING AND TEACHING STRATEGY

The module will be delivered through lectures and tutorial sessions by the use of step-by-step worked examples. The project development will be undertaken during IT laboratory sessions. Tutorials and IT labs will be also used to form their practical knowledge and professional skills.
Organized discussions and teamwork will help students to get cognitive, intellectual and key (transferable) skills.

5. ASSESSMENT STRATEGY

Assessment on the programme is undertaken in accordance with the current Academic Regulations of the Institute.
Assessment Criteria:
· For the examination setting and marking, schemes will be drawn as appropriate to the skills assessed.
· For the assessment of the laboratory work, the appropriate Laboratory assessment criteria will be used
· For the assignment, criteria will be drawn up appropriate to the topic, based on the generic marking criteria

6. STRATEGY FOR FEEDBACK AND STUDENT SUPPORT DURING MODULE

· Interactive lecturing style, with opportunities for questions, and requirement to work on simple problems with practical laboratory exercise also.
· Peer marking of tutorial questions for formative feedback.
· Tutorial classes where students can ask questions and be lead through solutions as required.
· Marked summative assessments (laboratory report and assignment) handed back to students, with comments.

7. INDICATIVE RESOURCES

•  Database Security by Castano, Silvana; Fugini, Maria Grazia; Martella, Giancarlo, Pearson Edition, 1994
•  Database Security and Auditing: Protecting Data Integrity and Accessibility 1st Edition, Hassan Afyouni Thomos Edition, 2006
•  Online materials uploaded on the Learning Portal
•  Background Texts (include number in library or URL)
•  Journals
•  Key websites and on-line resources
•  Teaching/Technical Assistance
•  Laboratory space and equipment
•  Computer requirements

8. TEACHING TEAM :

MRS.ALPHONSINE MUKABUNANI

Forensic and criminal psychology is an applied area of psychology that draws on other areas of psychological enquiry and explores the borderland between psychology and the law. The aim of this course is to provide the platform for students to provide an academic overview of some areas of Forensic and Criminal Psychology, while reinforcing previously learnt generic and specific academic skills.