ETL Processes Security Modeling

Thedevelopmentof informationsystems(IS)inasecureenvironmentorconditionisacomplex taskthatinvolvesmanyadditionalbasicsecurityprotocols,policiesaswellasindustrystandardson passwords,anti-virusprograms,firewallsanddataencryption.However,intraditionalISdevelopment lifecycles,securityiseitherignoredoraddedasanafterthought,whichdoesnotassurethesystem completesecurity.So,itisnecessarytogivemoreimportancetothisissueandconsideritaspartof ISdevelopmentprocess.Inthiscontext,theauthorsshouldguaranteethesecurityofETL(Extract, Transform, Load) processes, which are among the most critical and complex tasks during DW developmentproject.Inthisstudy,securitymanagementiscarriedoutforETLprocessesbyproposing a meta-model integrating the security concepts from the security requirements to the necessary preventiveand/orcorrectivetreatments.Theproposedmeta-modelisvalidatedwithinstantiation. KEywoRDS COSMIC, CVSS, ETL Processes, Measure, Meta-Model, Security, Vulnerability

[1]  Gary B. Wills,et al.  Formal Modelling of Data Integration Systems Security Policies , 2016, Data Science and Engineering.

[2]  Anca Mehedintu,et al.  Web-enabled Data Warehouse and Data Webhouse , 2008 .

[3]  Gary B. Wills,et al.  SecureDIS: A framework for secure Data Integration Systems , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).

[4]  Vishal Bhatnagar,et al.  Private and Secure Hyperlink Navigability Assessment in Web Mining Information System , 2011 .

[5]  Kevin M. Stine,et al.  SP 800-55 Rev. 1. Performance Measurement Guide for Information Security , 2008 .

[6]  Gary B. Wills,et al.  Exposing data leakage in Data Integration Systems , 2014, The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014).

[7]  Wolfgang Lehner,et al.  Quality measures for ETL processes: from goals to implementation , 2014, Concurr. Comput. Pract. Exp..

[8]  Mario Piattini,et al.  Building a secure star schema in data warehouses by an extension of the relational package from CWM , 2008, Comput. Stand. Interfaces.

[9]  Karsten Brauer Authentication and security aspects in an international multi-user network , 2011 .

[10]  Mario Piattini,et al.  Secure business process model specification through a UML 2.0 activity diagram profile , 2011, Decis. Support Syst..

[11]  Jan Jürjens,et al.  Towards the Secure Modelling of OLAP Users' Behaviour , 2010, Secure Data Management.

[12]  Olga Ormandjieva,et al.  Early Quantitative Assessment of Non-Functional Requirements , 2007 .

[13]  Maya Daneva,et al.  Scope Management of Non-Functional Requirements , 2007, 33rd EUROMICRO Conference on Software Engineering and Advanced Applications (EUROMICRO 2007).

[14]  Salah Triki Sécurisation des entrepôts de données : de la conception à l’exploitation , 2013 .

[15]  Alain Abran,et al.  Scenario-based Black-Box Testing in COSMIC-FFP , 2006 .

[16]  V. Basili Software modeling and measurement: the Goal/Question/Metric paradigm , 1992 .

[17]  Satish Kumar,et al.  Data Warehouse Security Issue , 2016 .

[18]  Hassan Badir,et al.  Dynamic management of data warehouse security levels based on user profiles , 2016, 2016 4th IEEE International Colloquium on Information Science and Technology (CiSt).

[19]  Mario Piattini,et al.  A UML 2.0/OCL Extension for Designing Secure Data Warehouses , 2005, J. Res. Pract. Inf. Technol..

[20]  Bharat K. Bhargava Security in Data Warehousing , 2000, DaWaK.

[21]  Eduardo Fernández-Medina,et al.  Model driven development of secure XML data warehouses: a case study , 2010, EDBT '10.

[22]  Faïez Gargouri,et al.  A GQVM approach to secure WeBhouse ETL processes development , 2016, 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA).

[23]  P Kiran,et al.  Modeling Extraction Transformation Load Embedding Privacy Preservation using UML , 2012 .

[24]  Abdeltawab M. Hendawi,et al.  A proposed model for data warehouse ETL processes , 2011, J. King Saud Univ. Comput. Inf. Sci..

[25]  Faïez Gargouri,et al.  Matching Procedure for NVD Vulnerabilities to Secure ETL Processes Steps , 2017, 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA).

[26]  Eric S. K. Yu,et al.  Towards modelling and reasoning support for early-phase requirements engineering , 1997, Proceedings of ISRE '97: 3rd IEEE International Symposium on Requirements Engineering.

[27]  Mario Piattini,et al.  Towards Comprehensive Requirement Analysis for Data Warehouses: Considering Security Requirements , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[28]  Anjana Gosain,et al.  Security Issues in Data Warehouse: A Systematic Review☆ , 2015 .