A UML 2.0 profile to define security requirements for Data Warehouses

Many Data Warehouses (DWs) fail to provide the appropriate information because the users' requirements are not correctly modeled. In addition, the security requirements are considered in the final implementation, and do not take the users' necessities into consideration. However, as DWs store confidential and sensitive information, it is crucial to take security measures into account from early DW design phases, and to enforce them. This paper proposes a profile which uses the Unified Modeling Language (UML) extensibility mechanisms. This profile allows us to define security requirements for DWs at the business level, taking into account the information requirements modeled with a previous profile. Our proposal is aligned with Model Driven Architecture (MDA), thus permitting the transformation of security requirements throughout the entire DW life cycle. Finally, in order to show the benefits of our profile, we develop a case study related to the management of a pharmacy consortium business.

[1]  Matthias Jarke,et al.  Scenarios in System Development: Current Practice , 1998, IEEE Softw..

[2]  Mario Piattini,et al.  Developing secure data warehouses with a UML extension , 2007, Inf. Syst..

[3]  A Min Tjoa,et al.  A prototype model for data warehouse security based on metadata , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).

[4]  M.R. Razzazi,et al.  Examination and Classification of Security Requirements of Software Systems , 2006, 2006 2nd International Conference on Information & Communication Technologies.

[5]  Mario Piattini,et al.  A set of QVT relations to transform PIM to PSM in the Design of Secure Data Warehouses , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[6]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[7]  Axel van Lamsweerde,et al.  From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering , 2003 .

[8]  Julio Cesar Sampaio do Prado Leite,et al.  On Non-Functional Requirements in Software Engineering , 2009, Conceptual Modeling: Foundations and Applications.

[9]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[10]  Alberto Abelló,et al.  Research in data warehouse modeling and design: dead or alive? , 2006, DOLAP '06.

[11]  Mario Piattini,et al.  Access control and audit model for the multidimensional modeling of data warehouses , 2006, Decis. Support Syst..

[12]  Mario Piattini,et al.  Application of QVT for the Development of Secure Data Warehouses: A case study , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[13]  José Samos,et al.  A Framework for the Classification and Description of Multidimensional Data Models , 2001, DEXA.

[14]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[15]  Il-Yeol Song,et al.  A UML profile for multidimensional modeling in data warehouses , 2006, Data Knowl. Eng..

[16]  Günther Pernul,et al.  Towards OLAP security design — survey and research issues , 2000, DOLAP '00.

[17]  Annie I. Antón,et al.  Goal-based requirements analysis , 1996, Proceedings of the Second International Conference on Requirements Engineering.

[18]  Sushil Jajodia,et al.  Polyinstantation for Cover Stories , 1992, ESORICS.

[19]  Jose-Norberto Mazón,et al.  An MDA approach for the development of data warehouses , 2008, Decis. Support Syst..

[20]  Mario Piattini,et al.  Building a secure star schema in data warehouses by an extension of the relational package from CWM , 2008, Comput. Stand. Interfaces.

[21]  Jose-Norberto Mazón,et al.  A Model-Driven Goal-Oriented Requirement Engineering Approach for Data Warehouses , 2007, ER Workshops.

[22]  Mario Piattini,et al.  A UML 2.0/OCL Extension for Designing Secure Data Warehouses , 2005, J. Res. Pract. Inf. Technol..

[23]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[24]  Jim Conallen,et al.  Building Web applications with UML , 1999 .

[25]  Günther Pernul,et al.  A Pragmatic Approach to Conceptual Modeling of OLAP Security , 2001, ER.

[26]  Eric Yu,et al.  Modeling Strategic Relationships for Process Reengineering , 1995, Social Modeling for Requirements Engineering.

[27]  Haralambos Mouratidis,et al.  Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems , 2003, CAiSE.

[28]  Anjana Gosain,et al.  Informational Scenarios for Data Warehouse Requirements Elicitation , 2004, ER.

[29]  José Samos,et al.  Building Secure Data Warehouse Schemas from Federated Information Systems , 2002 .

[30]  A Min Tjoa,et al.  A security concept for OLAP , 1997, Database and Expert Systems Applications. 8th International Conference, DEXA '97. Proceedings.