Access control and audit model for the multidimensional modeling of data warehouses

Due to the sensitive data contained in Data Warehouses (DW), it is essential to specify security measures from the early stages of the DW design and enforce them. Traditional access control models for transactional (relational) databases, based on tables, columns and rows, are not appropriate for DWs. Instead, security and audit rules defined for DWs must be specified based on the multidimensional (MD) modeling used to design data warehouses. Current approaches for the conceptual modeling of DWs do not allow us to specify security and confidentiality constraints in the conceptual modeling phase. In this paper, we propose an Access Control and Audit (ACA) model for DWs by specifying security rules in the conceptual MD modeling. Thus, we define authorization rules for users and objects and we assign sensitive information rules and authorization roles to the main elements of a MD model (e.g., facts or dimensions). Moreover, we also specify certain audit rules allowing us to analyze user behaviors. To be able to include and use our ACA model in the conceptual MD modeling, we extend the Unified Modeling Language (UML) with our ACA model, thereby allowing us to design secure MD models. Finally, to show the benefit of our approach, we apply our approach to a health care case study.

[1]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[2]  Gary W. Smith Modeling Security-Relevant Data Semantics , 1991, IEEE Trans. Software Eng..

[3]  Matteo Golfarelli,et al.  The Dimensional Fact Model: A Conceptual Model for Data Warehouses , 1998, Int. J. Cooperative Inf. Syst..

[4]  Jean-Marc Jézéquel,et al.  《UML》 2002 - the Unified Modeling Language : model engineering, concepts, and tools : 5th International Conference, Dresden, Germany, September 30 - October 4, 2002 : proceedings , 2002 .

[5]  Martin Gogolla,et al.  Analysis of UML Stereotypes within the UML Metamodel , 2002, UML.

[6]  Walid G. Aref,et al.  Digital government security infrastructure design challenges , 2001 .

[7]  Christer Carlsson,et al.  Past, present, and future of decision support technology , 2002, Decis. Support Syst..

[8]  Mario Piattini,et al.  Designing Secure Databases for OLS , 2003, DEXA.

[9]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[10]  Dorothy E. Denning,et al.  A Multilevel Relational Data Model , 1987, 1987 IEEE Symposium on Security and Privacy.

[11]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[12]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[13]  Bhavani M. Thuraisingham,et al.  MOMT: A Multilevel Object Modeling Technique for Designing Secure Database Applications , 1996, J. Object Oriented Program..

[14]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[15]  A Min Tjoa,et al.  A prototype model for data warehouse security based on metadata , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).

[16]  Ke Wang,et al.  An access control language for web services , 2002, SACMAT '02.

[17]  Ernesto Damiani,et al.  An Access Control Model for Data Archives , 2001, SEC.

[18]  W. H. Inmon,et al.  Building the Data Warehouse,3rd Edition , 2002 .

[19]  Manuel Palomar,et al.  Designing Data Warehouses with OO Conceptual Models , 2001, Computer.

[20]  José Samos,et al.  A Framework for the Classification and Description of Multidimensional Data Models , 2001, DEXA.

[21]  Lakshmi S. Iyer,et al.  Knowledge warehouse: an architectural integration of knowledge management, decision support, artificial intelligence and data warehousing , 2002, Decis. Support Syst..

[22]  Sushil Jajodia,et al.  Polyinstantation for Cover Stories , 1992, ESORICS.

[23]  Gurpreet Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[24]  Elisa Bertino,et al.  A flexible authorization mechanism for relational data management systems , 1999, TOIS.

[25]  Mario Piattini,et al.  Extending UML for Designing Secure Data Warehouses , 2004, ER.

[26]  Anthony Hall,et al.  Correctness by Construction: Developing a Commercial Secure System , 2002, IEEE Softw..

[27]  Pierangela Samarati,et al.  Authentication, Access Controls, and Intrusion Detection , 1997, The Computer Science and Engineering Handbook.

[28]  W. H. Inmon,et al.  Building the data warehouse , 1992 .

[29]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[30]  Nectaria Tryfona,et al.  starER: a conceptual model for data warehouse design , 1999, DOLAP '99.

[31]  Efraim Turban,et al.  Integrating knowledge management into enterprise environments for the next generation decision support , 2002, Decis. Support Syst..

[32]  Charles Ashbacher,et al.  The Object Constraint Language Second Edition, Getting Your Models Ready for MDA, by Jos Warmer and Anneke Kleppe. , 2003 .

[33]  José Samos,et al.  YAM/sup 2/ (yet another multidimensional model): an extension of UML , 2002, Proceedings International Database Engineering and Applications Symposium.

[34]  Barbara Dinter,et al.  Finding your way through multidimensional data models , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).

[35]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[36]  Joaquín Nicolás,et al.  Requirements Reuse for Improving Information Systems Security: A Practitioner’s Approach , 2002, Requirements Engineering.

[37]  Sushil Jajodia,et al.  Towards a Multilevel Secure Relational Data Model , 1991, SIGMOD Conference.

[38]  Pierangela Samarati,et al.  An Access Control System for SVG Documents , 2002 .

[40]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[41]  Günther Pernul,et al.  A Pragmatic Approach to Conceptual Modeling of OLAP Security , 2001, ER.

[42]  Il-Yeol Song,et al.  Multidimensional Modeling with UML Package Diagrams , 2002, ER.

[43]  Barbara Dinter,et al.  Extending the E/R Model for the Multidimensional Paradigm , 1998, ER Workshops.

[44]  Sushil Jajodia,et al.  Securing OLAP data cubes against privacy breaches , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[45]  Anneke Kleppe,et al.  The Object Constraint Language: Getting Your Models Ready for MDA , 2003 .

[46]  Vijayalakshmi Atluri,et al.  Uniform Indexing for Geospatial Data and Authorizations , 2002, DBSec.

[47]  Gottfried Vossen,et al.  Conceptual Data Warehouse Design , 2000 .

[48]  A Min Tjoa,et al.  A security concept for OLAP , 1997, Database and Expert Systems Applications. 8th International Conference, DEXA '97. Proceedings.

[49]  Elisa Bertino,et al.  An Authorization Model for a Distributed Hypertext System , 1996, IEEE Trans. Knowl. Data Eng..

[50]  Arnon Rosenthal,et al.  View security as the basis for data warehouse security , 2000, DMDW.

[51]  Lakshmi S. Iyer,et al.  Knowledge Warehouse : An Architectural Integration of Knowledge Management , Decision Support , Data Mining and Data Warehousing , 1999 .

[52]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[53]  Vijayalakshmi Atluri,et al.  An Authorization Model for Workflows , 1996, ESORICS.

[54]  朱莉,et al.  Oracle Label Security技术研究及其实现 , 2006 .

[55]  Sergio Luján-Mora,et al.  Extending the UML for Multidimensional Modeling , 2002, UML.