Amrita School of Computing, Chennai

Course Delivery Plan

Course Code : Course Name 20CYS213 System Security Program Cybersecurity

L-T–P-C 3-0-0-3 Semester / Year IV / 2nd Year
Name(s) of the Faculty Mr. S. Saravanan Pre-requisite 20CYS203 Operating System and 20CYS204
Database Management System
Course Mentor Mr. S. Saravanan Academic Year 2024-2025
Course Overview The goal of this course is to enable students to learn about various security vulnerabilities, attacks and
countermeasures in OS and databases. This course also explores various types of malwares.

Course Objectives Course Outcomes

1 Capable of analyzing, evaluating and enhancing the CO1
security of information systems by identifying
A quick refresher to the fundamentals of Database and Operating Systems
potential threats and possible countermeasures in the
field of database and system security.
CO2 Exploring access control security models and policies in database and
operating systems
CO3 Familiarize the Challenges, Attacks and Defences in Database Systems
CO4 Exploring the basic functionalities of different types of Malwares
CO5 Familiarize the Challenges, Attacks and Defences in Operating Systems

Page 1 of 10
Syllabus
Program vs processes, Transaction recovery and concurrency control in database systems- Schedule, Concurrency control protocols, Deadlock
handling. Access control mechanisms in general computing systems - Lampson's access control matrix. Mandatory access control,
Authentication mechanisms in databases, DAC, MAC, RBAC, SELinux. Auditing in databases, Statistical inferencing in databases, Private
information retrieval viewed as a database access problem. Privacy in data publishing, Virtual Private Databases, Hadoop security.
Security and protection in operating systems - access control, auditing, trusted computing base with reference to Multics and the commercial
Operating Systems Malware analysis and protection- viruses, worms and Trojans, Rootkits, Ransomware, Polymorphic malware, Malware
capture and analysis using honeypots. Common vulnerabilities and Exposures, Secure system configuration, Minimal footprint, Security of
booting, Trusted computing, Virtualization techniques for security, Mobile Operating Systems security especially in Android.

Textbooks
T1. Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in computing, Prentice Hall Professional Technical Reference, Fourth Edition; 2006.
T2. Michael Palmer, Guide to Operating System Security, Cengage Learning; Second Edition; 2019

References
R1. M. Gertz and S. Jajodia, Handbook of Database Security-Applications and Trends, Springer; 2008.
R2. T. Jaeger, Operating System Security, Vol. 1 of Synthesis Lectures on Information Security, Privacy and Trust, Morgan & Claypool Publishers;
2008.
R3. W. Mauerer, Professional Linux Kernel Architecture, John Wiley and Sons, New York; 2008.
R4. R Anderson, Security engineering, John Wiley & Sons; 2008.
R5. Matt Bishop, Computer security: Art and Science, Vol. 2, Addison-Wesley; 2012.
R6. E. Nikolay, Android Security Internals: An In-Depth Guide to Android's Security Architecture, No Starch Press; 2014.

Page 2 of 10
Concept Map

Page 3 of 10
 Evaluation and Grading

Internal (60) External (40) Total

Components Marks Total Marks

Periodicals Mid Term Exam 30

30
Continuous Quiz (3) 20 30 End Semester = 40 Internal + External = 100
Assessments
Certification
10

Programme Outcome (PO)

PO1 Engineering knowledge: Apply the knowledge of mathematics, science, engineering fundamentals, and an engineering specialization to
the solution of complex engineering problems.

PO2 Problem analysis: Identity, formulate, research literature, and analyze complex engineering problems reaching substantiated conclusions
using the first principles of mathematics, natural sciences, and engineering sciences.
PO3 Design/development of solutions: Design solutions for complex engineering problems and design system components or processes that
meet the specified needs with appropriate consideration for public health and safety, and cultural, societal, and environmental
considerations.
PO4 Conduct investigations of complex problems: Use research-based knowledge and research methods including design of experiments,
analysis and interpretation of data, and synthesis of the information to provide valid conclusions.

PO5 Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern engineering and IT tools including prediction
and modeling to complex engineering activities with an understanding of the limitations.
PO6 The engineer and society: Apply reasoning informed by the contextual knowledge to assess societal, health, safety, legal and cultural
issues and the consequent responsibilities relevant to the professional engineering practice.

PO7 Environment and sustainability: Understand the impact of the professional engineering solutions in societal and environmental contexts,
and demonstrate the knowledge of, and need for sustainable development.
PO8 Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms of the engineering practice.

Page 4 of 10
 PO9 Individual and teamwork: Function effectively as an individual, and as a member or leader in diverse teams, and in multidisciplinary
settings.
PO10 Communication: Communicate effectively on complex engineering activities with the engineering community and with society at large,
such as, being able to comprehend and write effective reports and design documentation, make effective presentations, and give and
receive clear instructions.
PO11 Project management and finance: Demonstrate knowledge and understanding of the engineering and management principles and apply
these to one’s own work, as a member and leader in a team, to manage projects and in multidisciplinary environments.
PO12 Life-long learning: Recognize the need for and have the preparation and ability to engage in independent and life-long learning in the
broadest context of technological change.
PSO1 Gain a thorough understanding of the Cyber Security landscape with its growing threats and vulnerabilities in the world of computing
including software and hardware. Attain skills to comprehend and anticipate future challenges and devise methods to meet them and also,
be articulate and skilled to convince all the stakeholders.
PSO2 Acquire and demonstrate the ability to use standard tools, practices, and technologies for the analysis, design, development and
implementation of innovative and optimal Cyber Security solutions without compromising the privacy needs of individual and entities and
the security concerns of law enforcement agencies.
CO – PO Affinity Map
PO/PSO PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2
CO
CO 1 3 1 2 3 1
CO 2 3 1 2 3 1

CO 3 3 1 2 3 1

CO 4 3 1 2 3 1

CO 5 3 1 2 3 1

3 – Strong, 2 Moderate, 1 -weak

Percentage of Students
Target
Threshold (%) Level Level Level
(%)
1 2 3
50% 55% 50% 60% 70%

Page 5 of 10
 Mode of Out- Class Activities CO
Class Topics to be covered In-Class Activities Reference
Teaching (E – Ref.) Mapping
Presentat
Self-Assessment
ion + https://diffzi.com/program-vs-process/ T1 (Page
1 Program vs processes and Group CO1
smart No. 312)
Discussions
board
Transaction recovery Presentat https://slideplayer.com/slide/5028977/
and concurrency ion + Student Centric
2 https://www.youtube.com/watch?v=gG4bMa54s CO1 R1
control in database smart Approach
lk
systems board
Presentat
Schedule and
ion + Direct Instruction https://www.youtube.com/watch?v=SSxH1ZfUv
3-6 Concurrency control CO1 R1
smart Method io
protocols
board
Presentat
ion + https://www.geeksforgeeks.org/handling-
7 Deadlock handling POGIL approach CO1 T2
smart deadlocks/
board
https://link.springer.com/content/pdf/10.1007/3-
Access control Presentat Cooperative
540-45608-2_3.pdf and
mechanisms in ion + learning along with T1 (Page
8 https://westoahu.hawaii.edu/cyber/best- CO2
general computing smart student centered No. 100 -
practices/best-practices-weekly-
systems board approach 114)
summaries/access-control/
https://www.youtube.com/watch?v=jyNU4aZTw
rc
https://www.youtube.com/watch?v=LDton4iKC
Presentat
K4 and
Lampson's access ion + -Direct Instruction
9-10 https://www.youtube.com/watch?v=soY8FWT5 CO2 R2
control matrix smart Method
Uo4 ;
board
https://courses.cs.vt.edu/~cs5204/fall05-
kafura/Papers/Security/Protection-Lampson.pdf

Mandatory access smart Direct Instruction https://www.sciencedirect.com/topics/computer-

11 CO2 R1
control board Method science/mandatory-access-control

Page 6 of 10
 QUIZ 1
http://etutorials.org/cert/dba+certification/Chapte
Authentication Discussions and r+4.+Database+Security/Authentication+Method
12 mechanisms in Demo Inquiry based s/ CO1 R1
databases learning https://docs.oracle.com/cd/B14117_01/network.1
01/b10777/authuser.htm
Presentat
https://access.redhat.com/documentation/en-
DAC, MAC, RBAC, ion + Direct Instruction
13-14 us/red_hat_enterprise_linux/5/html/deployment_ CO2 R1
SELinux smart Method
guide/selg-overview
board
Presentat https://docs.oracle.com/cd/B19306_01/network.
Discussions, and
ion + 102/b14266/auditing.htm#CHDJBDHJ and
15-16 Auditing in databases Cooperative CO3 R1,T1
smart https://docs.oracle.com/cd/B12037_01/network.
learning
board 101/b10773/auditing.htm
https://link.springer.com/referenceworkentry/10.
1007%2F978-0-387-39940-
Presentat
9_203#:~:text=Inference%20control%20in%20d
Statistical inferencing ion + Direct Instruction
17 atabases%2C%20also,to%20which%20the%20d CO3 R1
in databases smart Method
ata%20correspond. And
board
https://www.temjournal.com/content/41/01/temj
ournal4101.pdf
Private information Presentat
retrieval viewed as a ion + http://citeseerx.ist.psu.edu/viewdoc/download?d
18-19 POGIL approach CO3 R1-R4
database access smart oi=10.1.1.22.1099&rep=rep1&type=pdf
problem board
Presentat Problem based
Privacy in data ion + learning using https://www.morganclaypool.com/doi/abs/10.22
20 CO3 R1
publishing smart direct instruction 00/S00237ED1V01Y201003DTM002
board method
Presentat
Direct Instruction
Virtual Private ion + https://www.oracle.com/database/technologies/v
21-22 Method and CO3 R1
Databases smart irtual-private-db.html
Discussions
board
MID TERM EXAM
Page 7 of 10
 Page
No:303,
Direct Instruction Hadoop
23-24 Hadoop security Demo https://www.edureka.co/blog/hadoop-security/ CO3
Method the
definitive
guide
Presentat
Security and Direct Instruction
ion + https://www.tutorialspoint.com/Protection-and-
25-26 protection in operating Method and CO2 T2
smart Security-in-Operating-System
systems Discussions
board
Access control,
auditing, trusted
Direct Instruction
computing base with https://crypto.stanford.edu/cs155old/cs155-
27-28 Demo Method and CO3 T2, R2
reference to Multics spring09/hw_and_proj/lectures/lecture9.pdf
Discussions
and the commercial
Operating Systems
Presentat Cooperative
Malware analysis and
ion + learning along with
29-30 protection- viruses, https://purplesec.us/common-malware-types/ CO4 T2
smart student centered
worms and Trojans
board approach
QUIZ 2
Presentat https://digitalguardian.com/blog/what-
Rootkits, Discussions, and
ion + polymorphic-malware-definition-and-best-
31-32 Ransomware, Cooperative CO4 T2
smart practices-defending-against-polymorphic-
Polymorphic malware learning
board malware
Cooperative
Malware capture and
learning along with https://tulja.github.io/blogs/2019/08/18/gsocPost
33-34 analysis using Demo CO4 T2
student centered .html
honeypots
approach

Common Presentation Direct Instruction https://www.induscommunity.com/blogs/commo

35 vulnerabilities and + smart Method and n-vulnerabilities-and-exposures-cve-all-you- CO4 R4
Exposures board Discussions need-to-know-30min/

Page 8 of 10
 https://www.itgovernance.co.uk/secure-
Presentation Direct Instruction
Secure system configuration#:~:text=Secure%20configuration
36-37 + smart Method and CO5 R4
configuration %20refers%20to%20security,criminal%20hacke
board Discussions
rs%20look%20to%20exploit.
Cooperative
Presentation https://www.emerald.com/insight/content/doi/10.
learning along
38 Minimal footprint + smart 1108/ICS-04-2020- CO5 R5
with student
board 0054/full/html?skipTracking=true
centered approach
https://www.youtube.com/watch?v=ZF1xGdhyU
Presentation Discussions, and
yw and
39-40 Security of booting + smart Cooperative CO5 R5
https://www.youtube.com/watch?v=WRFnOh_p
board learning
qX8
Problem based
https://www.youtube.com/watch?v=JrPYi3HB1
Presentation learning using
Ao and R4 (Page
41 Trusted computing + smart direct instruction CO5
https://cs.stanford.edu/people/eroberts/cs201/pro No. 111)
board method, POGIL
jects/trusted-computing/what.html
approach
https://www.cse.wustl.edu/~jain/cse571-
Presentation
Virtualization Direct Instruction 11/ftp/virtual/index.html#:~:text=The%20three% R4 (Page
42-43 + smart CO5
techniques for security Method 20major%20approaches%20are,principle%20co No. 260)
board
mponent%20of%20virtualization%20security.
QUIZ 3
Mobile Operating Presentation
Direct Instruction https://heimdalsecurity.com/blog/android-
44-45 Systems security + smart CO5 R6
Method malware/
especially in Android board
END SEMESTER EXAM

Page 9 of 10
Attendance Requirement:

(i) All students must maintain a minimum of 75% attendance in each course. This requirement is crucial for academic success and eligibility to
appear for mid-term and end-semester examinations.

(ii) Students who fail to meet the 75% attendance threshold will not be permitted to appear for the mid-term and end-semester exams.
Requests for exceptions will not be considered under any circumstances.

(iii) Attendance will be calculated up to three days prior to the commencement of the mid-term and end-semester exams, as per the academic
calendar.

Faculty Course Mentor Chairperson/ Program Chair

Page 10 of 10