Article
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Data Warehouses (DWs) manage historical information for the decision-making process and for enterprises. Online Analytical Processing Applications (OLAP) tools are the most used tools for implementing and consulting DWs and it is necessary to define security measures to avoid the accessing of unauthorised information by users by executing queries. It is vitally important to consider security requirements from the earliest stages of the development process. We have created a Model-Driven Architecture (MDA) to develop a secure DW and in this paper, we propose how to implement the security measures that are defined at upper abstraction levels using our approach to SQL Server Analysis Services (SSAS).

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... In fact, a number of researchers have looked at similar techniques for setting access constraints at an early stage in the OLAP design process [6]. Others have developed security requirements for the entire Data Warehouse life cycle [7]. Such models have great value of course, particularly if one has the option to create the warehouse from scratch. ...
... The administrator of the warehouse is ultimately responsible for defining roles and privileges for each of the possible end users. In fact, a number of general warehouse security models have been proposed in the literature [2]- [5]. Several authors define frameworks that are likely too restrictive for production warehouses. ...
Full-text available
Article
Online Analytical Processing (OLAP) has become an increasingly important and prevalent component of Decision Support Systems. OLAP is associated with a data model known as a cube, a multi-dimensional representation of the core measures and relationships within the associated organization. While numerous cube generation and processing algorithms have been presented in the literature, little effort has been made to address the unique security and authentication requirements of the model. In particular, the hierarchical nature of the cube allows users to bypass -either intentionally or unintentionally -partial constraints defined at alternate aggregation levels. In this paper, we present an authentication framework that builds upon an algebra designed specifically for OLAP domains. It is Object-Oriented in nature and uses query re-writing rules to ensure consistent data access across all levels of the conceptual model. The process is largely transparent to the user, though notification is provided in cases in which a subset of the original request is returned. We demonstrate the scope of our framework with a series of common OLAP queries. The end result is an intuitive but powerful approach to database authentication that is uniquely tailored to the OLAP domain.
Article
Decision makers query enterprise information stored in Data Warehouses (DW) by using tools (such as On-Line Analytical Processing (OLAP) tools) which use specific views or cubes from the corporate DW or Data Marts, based on the multidimensional modeling. Since the information managed is critical, security constraints have to be correctly established in order to avoid unauthorized accesses.Objective In previous work we have defined a Model-Driven based approach for developing a secure DWs repository by following a relational approach. Nevertheless, is also important to define security constraints in the metadata layer that connects the DWs repository with the OLAP tools, that is, over the same multidimensional structures that final users manage. This paper defines a proposal to develop secure OLAP applications and incorporates it into our previous approach.Method Our proposal is composed of models and transformations. Our models have been defined using the extension capabilities from UML (conceptual model) and extending the OLAP package of CWM with security (logical model). Transformations have been defined by using a graphical notation and implemented into QVT and MOFScript. Finally, this proposal has been evaluated through case studies.ResultsA complete MDA architecture for developing secure OLAP applications. The main contributions of this paper are: improvement of a UML profile for conceptual modeling; definition of a logical metamodel for OLAP applications; and definition and implementation of transformations from conceptual to logical models, and from logical models to the secure implementation into a specific OLAP tool (SSAS).Conclusion Our proposal allows us to develop secure OLAP applications, providing a complete MDA architecture composed of several security models and automatic transformations towards the final secure implementation. Security aspects are early identified and fitted into a most robust solution that provides us a better information assurance and a saving of time in maintenance.
Article
The present paper addresses an issue about the relationship between organisational structure and information systems security. Systems security is generally perceived as, and actually often constitutes, “restrictions” and “anti-ergonomics”. The general research question we address in this research is the other way round: What are the constraints of existing organisational structure and organisational processes that limit information systems security? The general R.Q. is subdivided into three sub-questions regarding: 1) the relationship between ISS and organisational structure; 2) the conditions for effective implementation of ISS; 3) how the ISS implementation is hindered. The novelty of this research lies in answering all the mentioned sub-questions simultaneously. Conceptual analysis is utilised to interpret results, while socio-technical approach and the recent “integrated social-technical theory” are used as the main theoretical background. Research findings include organisational impacts on ISS and taxonomies of conditions and constraints that the organisation puts on Information Systems Security.
Conference Paper
Data warehouses (DWs) manage crucial information for enterprises which must be protected from unauthorized accesses. The question of which security issues are present in all stages of the DW design is therefore of great importance when considering these security constraints in design decisions. We have used the model driven architecture (MDA) approach to propose an MDA architecture with which to develop secure DWs, which defines secure models at different abstraction levels along with their automatic transformation between models. Our approach considers a multidimensional path towards on-line analytical processing (OLAP) tools, but did not, until now, support the transformation of complex security rules from conceptual models. After carrying out a modification of our conceptual metamodel to support a better representation of security rules and to define several sets of transformation rules, this paper shows how to transform these security rules through an example.
Full-text available
Article
The article focuses on cognitive modeling for games and animation This article focuses on the need of security management for information system in the 21st century. It is described that changes in communication and information technologies and particularly their confluence has raised a number of concerns connected with the protection of organizational information assets. Achieving consensus regarding safeguards for an information system, among different stakeholders in an organization, has become more difficult than solving many technical problems that might arise. Authors of this article are suggesting for a development of vision for new organizational structure. They say that future users of information systems must address organizational problems at a time when the organizational form is being revolutionized. In order to be more efficient, effective, and responsive organizations must provide prominence to the use of networks and computer-based information systems but it is often found that some organizations facing pressures of organizational cost containment and external competition, they are rushing headlong into adopting IT without carefully planning and understanding the security concerns which creates future problems.
Full-text available
Conference Paper
The Model-Driven Architecture is an initiative by the Object Management Group to automate the generation of platform-specific models from platform-independent models. While there exist some well-established standards for modeling platform models, there is currently no matured foundation for specifying transformations between such models. In this paper, we propose a possible taxonomy for the classification of several existing and proposed model transformation approaches. The taxonomy is described with a feature model that makes the different design choices for model transformations explicit. Based on our analysis, we propose a few major categories in which most model transformation approaches fit.
Full-text available
Article
Is there such a thing anymore as a software system that doesn't need to be secure? Almost every softwarecontrolled system faces threats from potential adversaries, from Internet-aware client applications running on PCs, to complex telecommunications and power systems accessible over the Internet, to commodity software with copy protection mechanisms. Software engineers must be cognizant of these threats and engineer systems with credible defenses, while still delivering value to customers. In this paper, we present our perspectives on the research issues that arise in the interactions between software engineering and security. Keywords Security, Software Engineering, Copy protection, Watermarking. 1 BACKGROUND Just about every software system deployed today must defend itself from malicious adversaries. Modern society is critically dependent on a wide range of software systems. Threats from a software security breach could range from the very mild (such as the defeat of copy protect...
Article
Due to the sensitive data contained in Data Warehouses (DW), it is essential to specify security measures from the early stages of the DW design and enforce them. Traditional access control models for transactional (relational) databases, based on tables, columns and rows, are not appropriate for DWs. Instead, security and audit rules defined for DWs must be specified based on the multidimensional (MD) modeling used to design data warehouses. Current approaches for the conceptual modeling of DWs do not allow us to specify security and confidentiality constraints in the conceptual modeling phase. In this paper, we propose an Access Control and Audit (ACA) model for DWs by specifying security rules in the conceptual MD modeling. Thus, we define authorization rules for users and objects and we assign sensitive information rules and authorization rules to the main elements of a MD model (e.g., facts or dimensions). Moreover, we also specify certain audit rules allowing us to analyze user behaviors. To be able to include and use our ACA model in the conceptual MD modeling, we extend the Unified Modeling Language (UML) with our ACA model, thereby allowing us to design secure MD models. Finally, to show the benefit of our approach, we apply our approach to a health care case study.
Article
Information assurance, security, and privacy have moved from narrow topics of interest to information system designers to become critical issues of fundamental importance to society. This opens up new requirements and opportunities for novel approaches. Meeting this challenge requires to advance the theory and practice of security, privacy, and trust of Web-based applications and to provide declarative policy representation languages and ontologies together with algorithms to reason about policies. This paper summarizes an ontological approach to enhancing the Semantic Web with security.
Conference Paper
Security represents a crucial aspect in the development of data warehouses (DWs), since they contain confidential data. It becomes therefore necessary to specify security and audit requirements for the multidimensional modelling, that cannot be directly transferred to the relational model of the DW. The standard framework for software development model driven architecture (MDA) allows us to define transformations between models by proposing query/view/transformations (QVT). This proposal allows the definition of formal, elegant and unequivocal transformations between platform independent model (PIM) and platform specific model (PSM). This paper employs QVT to establish a set of relations that allows us to transform security information embedded in the DWs multidimensional conceptual model to a relational logical scheme
Article
Data Warehouses (DW), Multidimensional (MD) databases, and On-Line Analytical Processing (OLAP) applications provide companies with many years of historical information for the decision-making process. Owing to the relevant information managed by these systems, they should provide strong security and confidentiality measures from the early stages of a DW project in the MD modeling and enforce them. In the last years, there have been some proposals to accomplish the MD modeling at the conceptual level. Nevertheless, none of them considers security measures as an important element in their models, and therefore, they do not allow us to specify confidentiality constraints to be enforced by the applications that will use these MD models. In this paper, we present an Access Control and Audit (ACA) model for the conceptual MD modeling. Then, we extend the Unified Modeling Language (UML) with this ACA model, representing the security information (gathered in the ACA model) in the conceptual MD modeling, thereby allowing us to obtain secure MD models. Moreover, we use the OSCL (Object Security Constraint Language) to specify our ACA model constraints, avoiding in this way an arbitrary use of them. Furthermore, we align our approach with the Model-Driven Architecture, the Model-Driven Security and the Model-Driven Data Warehouse, offering a proposal highly compatible with the more recent technologies.
Article
ions of the MOF Model Package .......................................................3-13 Figure 3-4. MOF Model Classifiers ...............................................................................................3-31 Figure 3-5. Feature Types of the MOF Model ..............................................................................3-37 Figure 3-6. MOF Model Elements for Association ......................................................................3-53 Figure 3-7. MOF Model Packaging ...............................................................................................3-61 Figure 3-8. MOF Model -- Other Elements....................................................................................3-67 Figure 4-1. The MOF Facility Package ..........................................................................................4-2 9/1/97 Meta Object Facility 1.1 1-1 1. Overview 1.1 Introduction The following companies are pleased to co-submit to the OMG AD RFP2:...
Secure Databases Systems Advanced Databases: Technology Design
  • E Ferrari
  • B Thuraisingham
Common Warehouse Metamodel (CWM)
  • Cwm Omg