CS2DI17-Databases and Information Security

Module Provider: Computer Science
Number of credits: 20 [10 ECTS credits]
Level:5
Terms in which taught: Autumn / Spring term module
Pre-requisites: CS1PR16 Programming and CS1FC16 Fundamentals of Computer Science
Non-modular pre-requisites:
Co-requisites:
Modules excluded:
Current from: 2019/0

Module Convenor: Dr Martin Lester

Email: m.lester@reading.ac.uk

Type of module:

Summary module description:

The module consists of two parts. The first part, Databases, covers an introduction to the basics of relational database design, Structured Query Languages (SQL) and some selected advanced database topics. The second parts covers the major threats and risks that affect the security of a network and the systems that rely on it (network security), and the major threats to data in both structured and unstructured form (data security).

Aims:

Databases provides students with the underlying principles and practical experience of the design and implement scalable, secure databases. Information Security aims to build knowledge to counter the threats to a computer system and to minimise risks with technical mechanisms. This module also encourages students to develop a set of professional skills such as end user awareness, software design and development, creativity, team working and personal development planning.

Assessable learning outcomes:

The student will be able to:

• Carry out the analysis of a simple problem susceptible to solution using database technology;

• Produce a well-structured design in terms of the structural elements of a relational database;

• Design and implement a database application to solve the problem posed;

• Use the SQL language, including DDL, an in-database procedural language such as PL/SQL, and databas e triggers;

• Describe RDBMS features such as transaction management, locking and consistent backups;

• Describe SQL optimisation issues;

• Identify ways of countering different types of threat ;

• Produce strategies to minimise risks of security breaches in a range of network environments and data storage systems;

• Critically analyse the shortcomings of a range of securi ty strategies;

• Describe and apply the techniques used to penetrate a Web application;

• Develop appropriate security policies and network architectures to minimise the threats from network intrusion;

• Understand the different types of threat posed by different classes of hacker and by different categories of malware;

• Describe and apply the principles of key cryptography and message digests in security protocols such as SSL;

• Design and implement secure unstructured data transferral systems using XML;

• Apply appropriate access controls and authentication techniques at different levels;

• Critically analyse the security and privacy issues surrounding unstructured data in a variety of different scenarios, with an in-depth focus on securing such data in Web applications;

• Critically an alyse the security and privacy issues surrounding structured data, including the techniques used to secure file storage and databases.

Additional outcomes:

Practical experience in design and implementation of a relational database.

Outline content:

Knowledge of basic principles of the relational database model, relations, attributes, keys, Entity-Relationship and Relational Modelling, Normalisation, the SQL language. Data storage structures Transactions and locking Procedural and object-oriented languages used with RDBMSs, PL/SQL Introduction to XML As one of the most prevalent technologies for the transferral of unstructured data, the students will be given a brief introduction to the purpose and use of XML. This will cover the structu re, design and implementation of XML documents, and the use of such in application design and the transferal of unstructured data. Overview of information security This part of the module provides an overview of the issues involved in information security in general, focusing on cryptography, the theories underlying computer security, authentication and access control. Network Security This part of the module focuses on the role the network plays in computer security, including its vulnerabiliti es, and the techniques that can be used to make the network secure. The part covers security issues related to general networks (e.g. port scanning, Denial of Service, etc.), the Web (e.g. SQL injection, XSS, CSRF, directory traversal attacks, etc.), and system threats in general, such as viruses, worms and Trojan horses. It also covers security controls such as firewalls, secure network protocols such as SSL and IPSec, and Intrusion Detection Systems. Data Security This part of the module focus es on the security of structured data (i.e. data stored in file storage systems or in databases) and unstructured data (i.e. data outside of a storage system that is manually used and transformed, and which is frequently in various states of rest, transit and use). The part covers the techniques that should be used to secure access to structured data, to prevent its accidental loss and to prevent it from being read by intruders; it also covers the techniques used to secure unstructured data, wit h particular emphasis made on Web applications, one of the most commonly used sources of unstructured data, yet one of the most notoriously difficult systems to secure. This part brings together the previous two parts, and shows how the theories and techniques used in Computer and Network Security can be applied to ensure the security of structured and unstructured data.

Brief description of teaching and learning methods:

Lectures supported by laboratory practicals, seminars and a number of assignments.

Contact hours:

	Autumn	Spring	Summer
Lectures	19	20	1
Practicals classes and workshops	10
Guided independent study:	70	80
Total hours by term	99	100	1
Total hours for module	200

Summative Assessment Methods:

Method	Percentage
Written exam	50
Set exercise	50

Summative assessment- Examinations:

One examination paper of 2 hours duration.

Summative assessment- Coursework and in-class tests:

Formative assessment methods:

Penalties for late submission:
The Module Convener will apply the following penalties for work submitted late:

where the piece of work is submitted after the original deadline (or any formally agreed extension to the deadline): 10% of the total marks available for that piece of work will be deducted from the mark for each working day[1] (or part thereof) following the deadline up to a total of five working days;

where the piece of work is submitted more than five working days after the original deadline (or any formally agreed extension to the deadline): a mark of zero will be recorded.

The University policy statement on penalties for late submission can be found at: http://www.reading.ac.uk/web/FILES/qualitysupport/penaltiesforlatesubmission.pdf
You are strongly advised to ensure that coursework is submitted by the relevant deadline. You should note that it is advisable to submit work in an unfinished state rather than to fail to submit any work.

Assessment requirements for a pass:

A mark of 40% overall.

Reassessment arrangements:

One examination paper of 3 hours duration in August/September - the resit module mark will be the higher of the exam mark (100% exam) and the exam mark plus previous coursework marks (50% exam, 50% coursework).

Additional Costs (specified where applicable):
1) Required text books:
2) Specialist equipment or materials:
3) Specialist clothing, footwear or headgear:
4) Printing and binding:
5) Computers and devices with a particular specification:
6) Travel, accommodation and subsistence:

Last updated: 7 February 2020