Title

Evolution of a database security course: Using non-enterprise teaching tools

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University

Faculty

Computing, Health and Science

School

School of Computer and Information Science

RAS ID

4059

Comments

Originally published as: Brown, J. (2007, December). Evolution of a Database Security course: using non-enterprise teaching tools. In Australian Information Security Management Conference (p. 23). Original article available here

Abstract

This paper examines the issues in delivering a university unit of teaching in database security, examining problems in database environment selection and the ability to provide hands on training for students via on-campus and online modes. Initial problems with Linux and then Windows based enterprise database environments prompted the adoption of Microsoft Access as a database tool that was easier to deliver in-class and online. Though Access is file based and has fundamental flaws in its security implementation (within the enterprise context) it can be tweaked to emulate RDBMS level security, allowing students to see how a properly designed security model should operate. The paper shows that Microsoft Access can emulate field-level security with a correctly designed table and user model, but that the database itself should only be used to 'show and tell' security implementations, not apply them.

DOI

10.4225/75/57b52b0443e2f

Access Rights

free_to_read

 
COinS
 

Link to publisher version (DOI)

10.4225/75/57b52b0443e2f