OSSM: The OLAP Security Specification Model
Security policies in Online Analytical Processing (OLAP) systems are designed to protect sensitive data from unauthorized access while, at the same time, ensuring that legitimate requests can be consistently satisfied. Ultimately, such policies allow administrators to define a series of restrictions and/or exceptions that can be associated with the components of the OLAP data model, including elements such as dimensions, cells, and aggregation hierarchies. A primary limitation of many current systems is that security policies are generally constructed on top of very granular privilege models that can produce complex and error prone mappings to the elements of the OLAP domain. In this paper, we present an Object Oriented Security Model (OSSM) that has been specifically designed for the specification of security policies within OLAP environments. In addition to explicit support for components of the conceptual data model, the OSSM can be used by the associated security policy engine to transparently and consistently propagate constraints across all relevant levels of dimension hierarchies. We discuss the core elements of the OSSM, as well as the integration with the policy engine that supports the language interfaces.
KeywordsOLAP Security Languages Authorization policy
Unable to display preview. Download preview PDF.
- 1.Altamimi, A., Eavis, T.: Securing Access to Data in Business Intelligence Domains. J. International Journal on Advances in Security 5, 94–111 (2012)Google Scholar
- 4.Becker, M., Fournet, C., Gordon, A.: SecPAL: Design and semantics of a decentralized authorization language. J. Comput. Secur. 18, 619–665 (2010)Google Scholar
- 6.Twidle, K., Dulay, N., Lupu, E., Sloman, M.: Ponder2: A Policy System for Autonomous Pervasive Environments. In: IEEE Workshop on Policies for Distributed Systems and Networks, pp. 330–335. IEEE Computer Society, Washington (2009)Google Scholar
- 7.Alam, M., Breu, R., Hafner, M.: Model-Driven Security Engineering for Trust Management in SECTET. J. Journal of Software 2, 47–59 (2007)Google Scholar
- 11.Felt, A., Finifter, M., Weinberger, J., Wagner, D.: Diesel: applying privilege separation to database access. In: 6th ACM Symposium on Information, Computer and Communications Security, pp. 416–422. ACM, New York (2011)Google Scholar
- 12.Van Staden, W., Olivier, M.: SQL’s revoke with a view on privacy. In: South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries, pp. 181–188. ACM, New York (2007)Google Scholar
- 14.Soler, E., Trujillo, J., Fernandez-Medina, E., Piattini, M.: Application of QVT for the Development of Secure Data Warehouses: A case study. In: Int. Conference on Availability, Reliability and Security, pp. 829–836 (2007)Google Scholar
- 15.Singh, I., Kumar, M.: Evaluation of approaches for designing secure data warehouse. In: Int. Conference on Advances in Computing, Communications and Informatics, pp. 69–73. ACM, New York (2012)Google Scholar
- 17.Harinarayan, V., Rajaraman, A., Ullman, J.: Implementing data cubes efficiently. In: ACM SIGMOD, pp. 205–216. ACM, New York (1996)Google Scholar
- 18.Mondrian. Pentaho Analysis Services, http://mondrian.pentaho.com
- 19.Linwood, J., Minter, D.: Beginning Hibernate, 2nd edn. Apress (2010)Google Scholar