Abstract
Data Warehouses (DW), Multidimensional (MD) Databases, and On-Line Analytical Processing Applications are used as a very powerful mechanism for discovering crucial business information. Considering the extreme importance of the information managed by these kinds of applications, it is essential to specify security measures from early stages of the DW design in the MD modeling process, and enforce them. In the past years, there have been some proposals for representing main MD modeling properties at the conceptual level. Nevertheless, none of these proposals considers security measures as an important element in their models, so they do not allow us to specify confidentiality constraints to be enforced by the applications that will use these MD models. In this paper, we discuss the confidentiality problems regarding DW’s and we present an extension of the Unified Modeling Language (UML) that allows us to specify main security aspects in the conceptual MD modeling, thereby allowing us to design secure DW’s. Then, we show the benefit of our approach by applying this extension to a case study. Finally, we also sketch how to implement the security aspects considered in our conceptual modeling approach in a commercial DBMS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abelló, A., Samos, J., Saltor, F.: A Framework for the Classification and Description of Multidimensional Data Models. In: Mayr, H.C., Lazanský, J., Quirchmayr, G., Vogel, P. (eds.) DEXA 2001. LNCS, vol. 2113, pp. 668–677. Springer, Heidelberg (2001)
Chung, L., Nixon, B., Yu, E., Mylopoulos, J.: Non-functional requirements in software engineering. Kluwer Academic Publishers, Dordrecht (2000)
Cota, S.: For Certain Eyes Only. DB2 Magazine 9(1), 40–45 (2004)
Devanbu, P., Stubblebine, S.: Software engineering for security: a roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, pp. 227–239. ACM Press, New York (2000)
Fernández-Medina, E., Piattini, M.: Designing Secure Database for OLS. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, pp. 886–895. Springer, Heidelberg (2003)
Ferrari, E., Thuraisingham, B.: Secure Database Systems. In: Piattini, M., Díaz, O. (eds.) Advanced Databases: Technology Design, Artech House, London (2000)
Gogolla, M., Henderson-Sellers, B.: Analysis of UML Stereotypes within the UML Metamodel. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 84–99. Springer, Heidelberg (2002)
Hall, A., Chapman, R.: Correctness by Construction: Developing a Commercial Secure System. IEEE Software 19(1), 18–25 (2002)
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Kimball, R.: The data warehousing toolkit, 2nd edn. John Wiley, Chichester (1996)
Levinger, J.: Oracle label security. Administrator’s guide. Release 2 (9.2) (2002), http://www.csis.gvsu.edu/GeneralInfo/Oracle/network.920/a96578.pdf
Luján-Mora, S., Trujillo, J., Song, I.Y.: Extending the UML for Multidimensional Modeling. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 290–304. Springer, Heidelberg (2002)
OMG, Object Management Group: Unified Modeling Language Specification 1.5 (2004)
Piattini, M., Fernández-Medina, E.: Specification of Security Constraint in UML. In: 35th Annual 2001 IEEE Intl. Carnahan Conf.on Security Technology, London, pp. 163–171 (2001)
Priebe, T., Pernul, G.: Towards OLAP Security Design - Survey and Research Issues. In: 3rd ACM International Workshop on Data Warehousing and OLAP (DOLAP 2000), Washington DC, USA, pp. 33–40 (2000)
Rosenthal, A., Sciore, E.: View Security as the Basic for Data Warehouse Security. In: 2nd International Workshop on Design and Management of Data Warehouse (DMDW 2000), Sweden, pp. 8.1-8.8 (2000)
Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) Foundations of Security Analysis and Design, pp. 137–196. Springer, Bertinoro (2000)
Trujillo, J., Palomar, M., Gómez, J., Song, I.Y.: Designing Data Warehouses with OO Conceptual Models. IEEE Computer, special issue on DWs (34), 66–75 (2001)
Warmer, J., Kleppe, A.: The Object Constraint Language, 2nd edn. Getting Your Models Ready for MDA. Addison Wesley, Reading (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fernández-Medina, E., Trujillo, J., Villarroel, R., Piattini, M. (2004). Extending UML for Designing Secure Data Warehouses. In: Atzeni, P., Chu, W., Lu, H., Zhou, S., Ling, TW. (eds) Conceptual Modeling – ER 2004. ER 2004. Lecture Notes in Computer Science, vol 3288. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30464-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-30464-7_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23723-5
Online ISBN: 978-3-540-30464-7
eBook Packages: Springer Book Archive