Transcript of Sajjad safir Data Warehouse Security. Content Introduction Data Warehouse & Security Security...
- Slide 1
- Sajjad safir Data Warehouse Security
- Slide 2
- Content Introduction Data Warehouse & Security Security
Restrictions Security Requirements Legal Requirements Audit
Requirements Network Requirements Security Models Data Filtration
and Encryption Prior to Data Warehouse Classical Security Model
Hybrid View Based References
- Slide 3
- Introduction The implementation of data warehouses (DWs) for
the huge databases has become one of the major needs of the current
times. Large organizations having different small databases need a
proper integration of their small databases and development of data
warehouses. Data warehouse is a one of the newest technologies that
gives access to diverse and remote information source enhancing the
decision making capabilities of the organization. so far, a lot of
work has been done towards the development of data warehouses, but
not much attention has been given towards improved and optimal
implementation of security measures in data warehouses
- Slide 4
- Data Warehouse & Security A data warehouse is a collection
of integrated databases designed to support managerial
decision-making and problem-solving functions. It contains both
highly detailed and summarised historical data relating to various
categories, subjects, or areas.
- Slide 5
- Data Warehouse & Security The security requirements of the
data warehouse environment are similar to those of other
distributed computing systems [3]. Thus, having an internal control
mechanism to ensure the confidentiality, integrity and availability
of data in a distributed environment is of paramount
importance
- Slide 6
- Data Warehouse & Security A data warehouse by nature is an
open, accessible system. The aim of a data warehouse generally is
to make large amounts of data easily accessible to users, thereby
enabling them to extract information about the business as a whole.
Any security restrictions can be seen as obstacle to that goal, and
they become constraints on the design of the warehouse. Checking
security restrictions will of course have it price by affecting the
performance of the data warehouse environment, because further
security checks require additional CPU cycles and time to
perform.
- Slide 7
- Security Requirements Security requirements describe all
security conditions that have to be considered in the data
warehouse environment. The first step for the definition of
security requirements is to classify the security objects and
security subjects of the data warehouse environment. security
objects :classifications would be classification by sensitivity
(public, confidential, top secret) or according to job functions
(accounting data, personnel data) security subject :We can follow a
top-down company view, with users classified by department,
section, group, and so on. Another possible classification is role
based, with people grouped across departments based on their
role
- Slide 8
- Legal Requirements It is vital to consider all legal
requirements on the data being stored in the data warehouse. Which
arrangements have to be made for being allowed to hold legally
sensitive data? Which data are subjected to legal restrictions?
Which separate handling does this data require concerning storage,
access and maintenance? Which analyses may be performed on this
data? If data held online is used for trend analysis, and is
therefore held in summarised rather than detailed form, do any
legal restrictions apply? Which data may be used only for the
companies own purposes and which data may be passed on third
parties? Can the analysis of legally sensitive data be limited in a
way that no legal restrictions apply?
- Slide 9
- Audit Requirements Resulting audit information is the basis for
further reviews and examinations in order to test the adequacy of
system controls and to recommend any changes in the security
policy. Basically the following activities are interesting for
auditing Connections Disconnections Access to data Change of data
Deletion of Data
- Slide 10
- Network Requirements Network Requirements. Network requirements
are a further important part of security requirements. For the
transfer of data from the source system (usually an operational
system) into a data warehouse they must mostly be transmitted over
a network. For such a data transfer precautions must be taken, in
order to retain the confidentiality and integrity of the data
- Slide 11
- Security Model Data Filtration and Encryption Prior to Data
Warehouse Classical Security Model Hybrid View Based
- Slide 12
- Data Filtration and Encryption Prior to Data Warehouse The
first security technique is elaborated where the filtration of data
is being implemented previous to data warehouse. This filter
basically encrypts the collected data from different small
transactional data sources and then passes it to the data
warehouse. The encrypted data is further stored in data
warehouse.
- Slide 13
- Classic Security Model That starts from Requirement Analysis to
the Physical Schema. During all this process flow, security
measures have been applied so that the proper and secure data
warehouse schema can be developed. In a security model (classical
security model) is introduced that is fruitful if it is implemented
in transactional databases, but as far as data warehouse is
concerned this model may be unsuitable
- Slide 14
- Hybrid Model Encryption Filter Data Ware house Internal
Security User Levels
- Slide 15
- Meta Data Based Model One of the most important parts of data
warehouse are its metadata. Metadata influence all levels of a data
warehouse, but exist and act in another way as the rest of
warehouse data Structural metadata Access metadata
- Slide 16
- Meta Data Based Model System structure:Its structure consists
of three layers : extraction layer, R-OLAP layer and presentation
layer. The two last layers are particularly important for the
realisation of the security in our information system
- Slide 17
- Meta Data Based Model The R-OLAP layer: the R-OLAP layer
includes the description data (metadata) of our data warehouse. The
presentation layer: general access rights in the information system
decoding of encoded queries encoding of results of a queries, which
are notcontained in cache syntactic analysis of queries received
from the Internet registration and definition of user and user
groups as well as their administration View definition and its
administration
- Slide 18
- M-View The Security Manager The Secure Query Management Layer
(SQML)
- Slide 19
- References 1. Till Haselmann, Jens Lechtenborger, Gottfried
Vossen, Data Warehouse Detective: Schema Design Made Easy, in the
proceedings of BTW 2007, Aachen, Germany 2. Diego Calvanese, Data
Integration in Data Warehousing, International Journal of
Cooperative Information Systems Vol. 10, No. 3 (2001) 237271 3.
Stefeno Rizzi et. al, Research in Data Warehouse Modeling and
Design: Dear or Alive?, DOLAP06, Nov 10, 2006, ACM 1-
59593-530-4/06/0011 4. Smith, J. Eloff, Security in Health-care
Information Systems, Current Trends, International Journal of
Medical Informatics, Volume 54, Issue 1, April 1999, pp. 3954 5. R.
Kirkgze, N. Katic, M. Stolda, and A. M. Tjoa, "A Security Concept
for OLAP. (DEXA'97)," Toulouse, Fcance 6. Rosenthal and E. Sciore,
"View Security as the Basic for DW Security," (DMDW'00), Sweden,
2000 7. Emilio Soler, Juan Trujillo, Eduardo Fernndez-Medina and
Mario Piattini, A Framework for the Development of Secure Data
Warehouses based on MDA and QVT Second International Conference on
Availability, Reliability and Security (ARES'07) 0- 7695-2775-2/07
(2007), IEEE 8. Doshi, V., Jajoda, S., Rosenthal, A.: A Pragmatic
Approach to Access Control in Data Warehouses. Via private
communication, 1999 9. Katic, N., Quirchmayr, G., Schiefer, J.,
Stolba, M., Tjoa, A.M.: A Prototype Model for Data Warehouse
Security Based on Metadata. In Proc. DEXA 98, Ninth International
Workshop on DEXA; Vienna, Austria, August 26-28, 1998 10. Kurz, A.:
Data Warehousing Enabling Technology. MITPVerlag Bonn, 1999 11.
Torsten Priebe, Gnther Pernul, Towards OLAP Security Design Survey
and Research Issues, European Union through INCO- Copernicus grant
no. 977091 (project GOAL Geographic Information Online
Analysis).