An engineering process for developing Secure Data Warehouses

We present a new approach for the elicitation and development security requirements in the entire Data Warehouse (DWs) life cycle, which we have called a Secure Engineering process for DAta WArehouses (SEDAWA). Whilst many methods for the requirements analysis phase of the DWs have been proposed, the elicitation of security requirements as non-functional requirements has not received sufficient attention. Hence, in this paper we propose a methodology for the DW design based on Model Driven Architecture (MDA) and the standard Software Process Engineering Metamodel Specification (SPEM) from the Object Management Group (OMG). We define four phases comprising of several activities and steps, an d five disciplines which cover the whole DW design. Our methodology adapts the i^* framework to be used under MDA and the SPEM approaches in order to elicit and develop security requirements for DWs. The benefits of our proposal are shown through an example related to the management of the pharmacies consortium business.

[1]  Emil C. Lupu,et al.  Security and management policy specification , 2002, IEEE Netw..

[2]  Ralph Kimball,et al.  The Data Warehouse Lifecycle Toolkit: Expert Methods for Designing, Developing and Deploying Data Warehouses with CD Rom , 1998 .

[3]  Günther Pernul,et al.  A Pragmatic Approach to Conceptual Modeling of OLAP Security , 2001, ER.

[4]  Eric Yu,et al.  Modeling Strategic Relationships for Process Reengineering , 1995, Social Modeling for Requirements Engineering.

[5]  William Perry Effective methods for software testing, third edition , 1995 .

[6]  Haralambos Mouratidis,et al.  Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems , 2003, CAiSE.

[7]  Sushil Jajodia,et al.  Polyinstantation for Cover Stories , 1992, ESORICS.

[8]  Advis,et al.  Advances in Information Systems, Third International Conference, ADVIS 2004, Izmir, Turkey, October 20-22, 2004, Proceedings , 2004, ADVIS.

[9]  Jose-Norberto Mazón,et al.  An MDA approach for the development of data warehouses , 2008, Decis. Support Syst..

[10]  Mario Piattini,et al.  Building a secure star schema in data warehouses by an extension of the relational package from CWM , 2008, Comput. Stand. Interfaces.

[11]  Bashar Nuseibeh,et al.  Core Security Requirements Artefacts , 2004 .

[12]  Jaelson Brelaz de Castro,et al.  DWARF: an approach for requirements definition and management of data warehouse systems , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[13]  Anjana Gosain,et al.  Informational Scenarios for Data Warehouse Requirements Elicitation , 2004, ER.

[14]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[15]  Bhavani Thuraisingham,et al.  Heterogeneous Information Exchange and Organizational Hubs , 2002, Springer Netherlands.

[16]  Daniel L. Moody,et al.  From enterprise models to dimensional models: a methodology for data warehouse and data mart design , 2000, DMDW.

[17]  Paolo Giorgini,et al.  Goal-oriented requirement analysis for data warehouse design , 2005, DOLAP '05.

[18]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[19]  Annie I. Antón,et al.  Requirements-based Access Control Analysis and Policy Specification (ReCAPS) , 2009, Inf. Softw. Technol..

[20]  Mario Piattini,et al.  MIDEA: A Multidimensional Data Warehouse Methodology , 2001, ICEIS.

[21]  Alberto Abelló,et al.  Research in data warehouse modeling and design: dead or alive? , 2006, DOLAP '06.

[22]  Ralph Kimball,et al.  The Data Warehouse Lifecycle Toolkit , 2009 .

[23]  Mario Piattini,et al.  Developing secure data warehouses with a UML extension , 2007, Inf. Syst..

[24]  Sergio Luján-Mora,et al.  A Comprehensive Method for Data Warehouse Design , 2003, DMDW.

[25]  A Min Tjoa,et al.  A prototype model for data warehouse security based on metadata , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).

[26]  Luigi V. Mancini,et al.  Conflict Detection and Resolution in Access Control Policy Specifications , 2002, FoSSaCS.

[27]  Mario Piattini,et al.  A Framework for the Development of Secure Data Warehouses based on MDA and QVT , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[28]  Günther Pernul,et al.  Towards OLAP security design — survey and research issues , 2000, DOLAP '00.

[29]  Juan Trujillo,et al.  A Data Warehouse Engineering Process , 2004, ADVIS.

[30]  Philippe Kruchten,et al.  The Rational Unified Process Made Easy - A Practitioner's Guide to the RUP , 2003, Addison Wesley object technology series.

[31]  A Min Tjoa,et al.  A security concept for OLAP , 1997, Database and Expert Systems Applications. 8th International Conference, DEXA '97. Proceedings.

[32]  Mario Piattini,et al.  Access control and audit model for the multidimensional modeling of data warehouses , 2006, Decis. Support Syst..

[33]  José Samos,et al.  A Framework for the Classification and Description of Multidimensional Data Models , 2001, DEXA.

[34]  Jose-Norberto Mazón,et al.  A Model-Driven Goal-Oriented Requirement Engineering Approach for Data Warehouses , 2007, ER Workshops.

[35]  Mario Piattini,et al.  A UML 2.0/OCL Extension for Designing Secure Data Warehouses , 2005, J. Res. Pract. Inf. Technol..

[36]  Il-Yeol Song,et al.  A UML profile for multidimensional modeling in data warehouses , 2006, Data Knowl. Eng..

[37]  Robert Winter,et al.  A method for demand-driven information requirements analysis in data warehousing projects , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[38]  William E. Perry,et al.  Effective methods for software testing , 1995 .

[39]  José Samos,et al.  Building Secure Data Warehouse Schemas from Federated Information Systems , 2002 .

[40]  Mario Piattini,et al.  Application of QVT for the Development of Secure Data Warehouses: A case study , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[41]  Matteo Golfarelli,et al.  A methodological framework for data warehouse design , 1998, DOLAP '98.

[42]  Bashar Nuseibeh,et al.  Modelling access policies using roles in requirements engineering , 2003, Inf. Softw. Technol..

[43]  Mario Piattini,et al.  A set of QVT relations to transform PIM to PSM in the Design of Secure Data Warehouses , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[44]  R. B. Neely,et al.  On security policy modeling , 1993, COMPASS '93: Proceedings of the Eighth Annual Conference on Computer.