Simulating Secure Data Extraction in Extraction Transformation Loading (ETL) Processes

As the data warehouse contains the sensitive information, which is used for decision making process, it is necessary to take precautionary measures in the data warehouse building process itself. Current approaches for the conceptual modeling of ETL do not address the security aspects in the conceptual modeling phase. In this paper, we propose a simulation model for Secure Data Extraction in ETL processes. Simulating these types of scenarios with security constraints is crucial in producing quality software. The scenario is more complicated in case of ETL processes due to its heterogeneity and distributed nature. ETL stands for Extraction, Transformation and Loading. These are the tools used to extract the data from heterogeneous distributed databases, clean it, transform it and load into data warehouses. We exploit mitigation use cases which are used for implementing security policies of the system. A tool has been developed for the model and the features of the tool are explained and validated with a case study.

[1]  Mario Piattini,et al.  Extending UML for Designing Secure Data Warehouses , 2004, ER.

[2]  Alkis Simitsis,et al.  Mapping conceptual to logical models for ETL processes , 2005, DOLAP '05.

[3]  Panos Vassiliadis,et al.  Conceptual modeling for ETL processes , 2002, DOLAP '02.

[4]  Alberto Abelló,et al.  Research in data warehouse modeling and design: dead or alive? , 2006, DOLAP '06.

[5]  Juan Trujillo,et al.  A UML Based Approach for Modeling ETL Processes in Data Warehouses , 2003, ER.

[6]  Mokrane Bouzeghoub,et al.  Modeling the Data Warehouse Refreshment Process as a Workflow Application , 1999, DMDW.

[7]  Gio Wiederhold,et al.  Mediators in the architecture of future information systems , 1992, Computer.

[8]  Panos Vassiliadis,et al.  Deciding the physical implementation of ETL workflows , 2007, DOLAP '07.

[9]  Panos Vassiliadis,et al.  Modeling ETL activities as graphs , 2002, DMDW.

[10]  Panos Vassiliadis,et al.  On the Logical Modeling of ETL Processes , 2002, CAiSE.

[11]  I. Alexander,et al.  Misuse cases help to elicit non-functional requirements , 2003 .

[12]  Alkis Simitsis,et al.  Modeling and managing ETL processes , 2003, VLDB PhD Workshop.

[13]  Ian F. Alexander,et al.  Modelling the Interplay of Conflicting Goals with Use and Misuse Cases , 2002, GBPM.

[14]  A Min Tjoa,et al.  A security concept for OLAP , 1997, Database and Expert Systems Applications. 8th International Conference, DEXA '97. Proceedings.

[15]  Francesco Parisi-Presicce,et al.  Formal access control analysis in the software development process , 2003, FMSE '03.

[16]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[17]  Andreas L. Opdahl,et al.  Templates for Misuse Case Description , 2001 .

[18]  Tim Kelly,et al.  Deriving safety requirements using scenarios , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[19]  David W. Embley,et al.  Conceptual-Model-Based Data Extraction from Multiple-Record Web Pages , 1999, Data Knowl. Eng..

[20]  Timos K. Sellis,et al.  Optimizing ETL processes in data warehouses , 2005, 21st International Conference on Data Engineering (ICDE'05).

[21]  Zhong-Xian Chi,et al.  Applying DP to ETL of spatial data warehouse , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[22]  M. Mrunalini,et al.  Modeling of secure data extraction in ETL processes using UML 2.0 , 2007 .

[23]  Diego Calvanese,et al.  Information integration: conceptual modeling and reasoning support , 1998, Proceedings. 3rd IFCIS International Conference on Cooperative Information Systems (Cat. No.98EX122).

[24]  Sushil Jajodia,et al.  Securing OLAP data cubes against privacy breaches , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[25]  Panos Vassiliadis,et al.  A generic and customizable framework for the design of ETL scenarios , 2005, Inf. Syst..

[26]  Dianxiang Xu,et al.  Integrating functional and security requirements with use case decomposition , 2006, 11th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'06).

[27]  Günther Pernul,et al.  A Pragmatic Approach to Conceptual Modeling of OLAP Security , 2001, ER.

[28]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..