OSSM: The OLAP Security Specification Model

  • Ahmad Altamimi
  • Todd Eavis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8506)


Security policies in Online Analytical Processing (OLAP) systems are designed to protect sensitive data from unauthorized access while, at the same time, ensuring that legitimate requests can be consistently satisfied. Ultimately, such policies allow administrators to define a series of restrictions and/or exceptions that can be associated with the components of the OLAP data model, including elements such as dimensions, cells, and aggregation hierarchies. A primary limitation of many current systems is that security policies are generally constructed on top of very granular privilege models that can produce complex and error prone mappings to the elements of the OLAP domain. In this paper, we present an Object Oriented Security Model (OSSM) that has been specifically designed for the specification of security policies within OLAP environments. In addition to explicit support for components of the conceptual data model, the OSSM can be used by the associated security policy engine to transparently and consistently propagate constraints across all relevant levels of dimension hierarchies. We discuss the core elements of the OSSM, as well as the integration with the policy engine that supports the language interfaces.


OLAP Security Languages Authorization policy 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Altamimi, A., Eavis, T.: Securing Access to Data in Business Intelligence Domains. J. International Journal on Advances in Security 5, 94–111 (2012)Google Scholar
  2. 2.
    Khajaria, K., Kumar, M.: Modeling of security requirements for decision information systems. J. SIGSOFT Softw. Eng. Notes 36, 1–4 (2011)CrossRefGoogle Scholar
  3. 3.
    Dell’Amico, M., Serme, G., Idrees, M.S., Santana de Olivera, A., Roudier, Y.: HiPoLDS: A security policy language for distributed systems. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds.) WISTP 2012. LNCS, vol. 7322, pp. 97–112. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Becker, M., Fournet, C., Gordon, A.: SecPAL: Design and semantics of a decentralized authorization language. J. Comput. Secur. 18, 619–665 (2010)Google Scholar
  5. 5.
    Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Twidle, K., Dulay, N., Lupu, E., Sloman, M.: Ponder2: A Policy System for Autonomous Pervasive Environments. In: IEEE Workshop on Policies for Distributed Systems and Networks, pp. 330–335. IEEE Computer Society, Washington (2009)Google Scholar
  7. 7.
    Alam, M., Breu, R., Hafner, M.: Model-Driven Security Engineering for Trust Management in SECTET. J. Journal of Software 2, 47–59 (2007)Google Scholar
  8. 8.
    Halvard, S., Hamid, M., Boualem, B., Fabio, C.: Modeling Trust Negotiation for Web Services. J. Journal of Computer 42, 54–61 (2009)CrossRefGoogle Scholar
  9. 9.
    Corcoran, B., Swamy, N., Hicks, M.: Cross-tier, label-based security enforcement for web applications. In: ACM SIGMOD, pp. 269–282. ACM, New York (2009)CrossRefGoogle Scholar
  10. 10.
    Jacobi, I., Kagal, L., Khandelwal, A.: Rule-Based Trust Assessment on the Semantic Web. In: Bassiliades, N., Governatori, G., Paschke, A. (eds.) RuleML 2011 - Europe. LNCS, vol. 6826, pp. 227–241. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Felt, A., Finifter, M., Weinberger, J., Wagner, D.: Diesel: applying privilege separation to database access. In: 6th ACM Symposium on Information, Computer and Communications Security, pp. 416–422. ACM, New York (2011)Google Scholar
  12. 12.
    Van Staden, W., Olivier, M.: SQL’s revoke with a view on privacy. In: South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries, pp. 181–188. ACM, New York (2007)Google Scholar
  13. 13.
    Leighton, G.: Preserving SQL access control policies over published XML data. In: EDBT/ICDT Workshops, pp. 185–192. ACM, New York (2009)CrossRefGoogle Scholar
  14. 14.
    Soler, E., Trujillo, J., Fernandez-Medina, E., Piattini, M.: Application of QVT for the Development of Secure Data Warehouses: A case study. In: Int. Conference on Availability, Reliability and Security, pp. 829–836 (2007)Google Scholar
  15. 15.
    Singh, I., Kumar, M.: Evaluation of approaches for designing secure data warehouse. In: Int. Conference on Advances in Computing, Communications and Informatics, pp. 69–73. ACM, New York (2012)Google Scholar
  16. 16.
    Jim, G., Adam, B., Andrew, L., Don, R., Hamid, P.: Data cube: A relational aggregation operator generalizing group-by, cross-tab, and sub-totals. J. Data Mining and Knowledge Discovery. 1, 29–53 (1997)CrossRefGoogle Scholar
  17. 17.
    Harinarayan, V., Rajaraman, A., Ullman, J.: Implementing data cubes efficiently. In: ACM SIGMOD, pp. 205–216. ACM, New York (1996)Google Scholar
  18. 18.
    Mondrian. Pentaho Analysis Services,
  19. 19.
    Linwood, J., Minter, D.: Beginning Hibernate, 2nd edn. Apress (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Ahmad Altamimi
    • 1
  • Todd Eavis
    • 1
  1. 1.Concordia UniversityMontrealCanada

Personalised recommendations