Mario Guimaraes

Forensic analysis of private browsing artifacts

The paper investigates the effectiveness of the privacy mode feature in three widely used Web browsers, and outlines how to investigate when these browsers have been used to perform a criminal or illegal act. It performs an identical test on a privacy mode session for each of the three Web browsers and investigates whether traces are left behind. The analysis is done in three phases. First, common places where history and cache records are usually stored are examined. Then, other locations on the local machine are examined using special forensic tools. Also, the physical memory (RAM) is captured and examined for traces.

New challenges in teaching database security

Traditional Database Security has focused primarily on creating user accounts and managing user privileges to database objects. The wide spread use of databases over the web, heterogeneous client-server architectures, application servers, and networks creates an urgent need to widen this focus. This paper will provide an overview of the new and old database security challenges. Section one provides an overview of the Database Security concerns. It emphasizes Database Applications as the greatest concern and describes the SQL Slammer Worm, an example of not patching the Database Management System (DBMS) The second section explains in detail three Database topics: SQL injection [1], Multilevel Security [2] and Data Warehouse/Data Mining/Statistical security. The reason for focusing on these topics is because they are new Database Security issues (at least not taught in traditional database courses) and they are not topics that student will learn in any other course. The last topic provides guidelines for when to teach each Database Security topic and concludes by emphasizing the need for developing a Database Security Plan. Emphasis on a Database Security Plan resulted from interviewing Database Administrators and Security Specialists.

Database forensics

At the user or surface level, most Database Management System (DBMS) are similar. Most databases contain multiple tables, a standardized query language, primary key, foreign key, referential integrity, and metadata. With regard to physical file structures, concurrency mechanisms, security mechanisms, query optimization and datawarehouse techniques, databases may be radically different from each other. Most Forensic tools are too time consuming to be applied to large databases. Meanwhile, database tools such as oracle logminer and auditing features can assist in forensics, but were not created for that purpose. Many of these tools alter the database in ways that may complicate the use of their results in a legal proceeding. This paper analyzes the challenges of digital forensics, related literature, topics involved, current options for performing forensics on databases as well as considerations in teaching database forensics.

Using animation courseware in the teaching of database security

Information security, and particularly, data security, are primary concerns especially as more and more data are shared over mediums such as the Internet and the Web. Traditionally database security focused on user authentication and managing user privileges to database objects. This has proven to be inadequate given the growing number of successful database hacking incidents and the increase in the number of organizations reporting loss of sensitive.

Overview of intrusion detection and intrusion prevention

This report provides an overview of IPS systems. In the first section a comparison of IDS and IPS is made, where an IPS system is defined as an integration of IDS and a firewall. The second section describes what is needed to set up an IPS system. In the third section, IPS alternatives are discussed for different types of organizations. The fourth section describes the dangers of e-mail and the need of an E-mail Exploit Detection Engine that has many characteristics of an Intrusion Prevention System. The conclusion summarizes what should be taken into consideration when deciding on an Intrusion Prevention System.

Incorporating security components into database courses

This paper describes information security topics to be presented in a course that provides instruction on the principles of database technology. Besides the customary coverage of securing the contents of databases (which is often presented in most courses of this type) we propose that is necessary to include instruction on other topics, such as securing the DBMS software, patch and version management of the DBMS application itself, issues and best practices surrounding security of database enable applications, impact of the security of the underlying Operating System on the security of the DBMS and the data it contains, impact of network security on the secure usage of DBMS systems and the impact of security issues facing web and application servers that may be closely coupled to the database. The use of projects with and without lab support will be a final discussion point. The topics itemized above should be present in all introductory database course. More advanced courses, should find more extensive coverage of these topics which should often be elaborated through the use of projects and accompanying labs.

Experience using the ASA algorithm teaching system

This paper describes the experience gained while using a computer based algorithm system called ASA, and explains why the evaluation motivated the need for high level structures to represent student and algorithmic knowledge. The system has been used in classrooms at SENAC, a Brazilian company associated with the Brazilian National Commerce Confederation, which promotes technical education. SENAC has a branch in every state of Brazil (26) and every year trains approximately one million students.

Game development with Game Maker, Flash and Unity

This tutorial will present and compare three software platforms for developing video games: Game Maker, Flash and Unity Pro. Game Maker is suited for developing quick prototypes. Flash is a natural choice for production of web-based software and Unity is a good choice for gamers who wish to develop and deploy their products to a multitude of platforms. The first part will involve modifying and creating games with game maker. The second part will involve modifying and creating games with flash. The third part will focus on unity. Finally, a discussion on the pros and cons of each platform is presented.

Database and database application security

This paper focuses on the emerging importance of database and application security, textbooks and other supplementary materials to teach these topics and where to place these topics in a curriculum. The paper emphasizes 1) the growing concerns of database technologies and database applications, 2) existing books and supporting materials, and 3) and Zayed Universitys approach to teaching these topics. At Zayed, we incorporate database and database application security in two different courses.

Incorporating database security courseware into a database security class

Data security is a growing concern and it seems timely to develop and incorporate database security courses into programs of study in the computing disciplines. This paper describes a recently developed course in database security and introduces a set of animations that might be incorporated to bring about more effective instruction and enhance student learning. Currently animations are being developed for referential integrity, integrity matrices, row level security, SQL injections and inference problems. Animations related to encryption, multilevel security and database auditing procedures will be added in the future. The database security animations will be included as a module in an ongoing animated database courseware project designed to provide supplementary instructional materials for the teaching of database topics. Animations can be incorporated directly into classroom instruction or used independently by students to reinforce what they have learned or to deepen their understanding.