690 likes | 1.92k Views
Data Warehouse Security. Sajjad safir. Content. Introduction Data Warehouse & Security Security Restrictions Security Requirements Legal Requirements Audit Requirements Network Requirements Security Models Data Filtration and Encryption Prior to Data Warehouse Classical Security Model
E N D
Data Warehouse Security Sajjadsafir
Content • Introduction • Data Warehouse & Security • Security Restrictions • Security Requirements • Legal Requirements • Audit Requirements • Network Requirements • Security Models • Data Filtration and Encryption Prior to Data Warehouse • Classical Security Model • Hybrid • View Based • References
Introduction • The implementation of data warehouses (DWs) for the huge databases has become one of the major needs of the current times. Large organizations having different small databases need a proper integration of their small databases and development of data warehouses. • Data warehouse is a one of the newest technologies that gives access to diverse and remote information source enhancing the decision making capabilities of the organization. • so far, a lot of work has been done towards the development of data warehouses, but not much attention has been given towards improved and optimal implementation of security measures in data warehouses
Data Warehouse & Security • A data warehouse is a collection of integrated databases designed to support managerial decision-making and problem-solving functions. It contains both highly detailed and summarised historical data relating to various categories, subjects, or areas.
Data Warehouse & Security • The security requirements of the data warehouse environment are similar to those of other distributed computing systems [3]. Thus, having an internal control mechanism to ensure the confidentiality, integrity and availability of data in a distributed environment is of paramount importance
Data Warehouse & Security • A data warehouse by nature is an open, accessible system. The aim of a data warehouse generally is to make large amounts of data easily accessible to users, thereby enabling them to extract information about the business as a whole. Any security restrictions can be seen as obstacle to that goal, and they become constraints on the design of the warehouse. • Checking security restrictions will of course have it price by affecting the performance of the data warehouse environment, because further security checks require additional CPU cycles and time to perform.
Security Requirements • Security requirements describe all security conditions that have to be considered in the data warehouse environment. • The first step for the definition of security requirements is to classify the security objects and security subjects of the data warehouse environment. • security objects :classifications would be classification by sensitivity (public, confidential, top secret) or according to job functions (accounting data, personnel data) • security subject :We can follow a top-down company view, with users classified by department , section, group, and so on. Another possible classification is role based, with people grouped across departments based on their role
Legal Requirements • It is vital to consider all legal requirements on the data being stored in the data warehouse. • Which arrangements have to be made for being allowed to hold legally sensitive data? • Which data are subjected to legal restrictions? • Which separate handling does this data require concerning storage, access and maintenance? • Which analyses may be performed on this data? • If data held online is used for trend analysis, and is therefore held in summarised rather than detailed form, do any legal restrictions apply? • Which data may be used only for the companies own purposes and which data may be passed on third parties? • Can the analysis of legally sensitive data be limited in a way that no legal restrictions apply?
Audit Requirements • Resulting audit information is the basis for further reviews and examinations in order to test the adequacy of system controls and to recommend any changes in the security policy. • Basically the following activities are interesting for auditing • Connections • Disconnections • Access to data • Change of data • Deletion of Data
Network Requirements • Network Requirements. Network requirements are a further important part of security requirements. For the transfer of data from the source system (usually an operational system) into a data warehouse they must mostly be transmitted over a network. For such a data transfer precautions must be taken, in order to retain the confidentiality and integrity of the data
Security Model • Data Filtration and Encryption Prior to Data Warehouse • Classical Security Model • Hybrid • View Based
Data Filtration and Encryption Prior to Data Warehouse • The first security technique is elaborated where the filtration of data is being implemented previous to data warehouse. This filter basically encrypts the collected data from different small transactional data sources and then passes it to the data warehouse. The encrypted data is further stored in data warehouse.
Classic Security Model • That starts from Requirement Analysis to the Physical Schema. During all this process flow, security measures have been applied so that the proper and secure data warehouse schema can be developed. In a security model (classical security model) is introduced that is fruitful if it is implemented in transactional databases, but as far as data warehouse is concerned this model may be unsuitable
Hybrid Model • Encryption Filter • Data Ware house Internal Security • User Levels
Meta Data Based Model • One of the most important parts of data warehouse are its metadata. Metadata influence all levels of a data warehouse, but exist and act in another way as the rest of warehouse data • Structural metadata • Access metadata
Meta Data Based Model • System structure:Its structure consists of three layers : extraction layer, R-OLAP layer and presentation layer . The two last layers are particularly important for the realisation of the security in our information system
Meta Data Based Model • The R-OLAP layer: the R-OLAP layer includes the description data (metadata) of our data warehouse. • The presentation layer: general access rights in the information system • decoding of encoded queries • encoding of results of a queries, which are notcontained in cache • syntactic analysis of queries received from the Internet • registration and definition of user and user groups as well as their administration • View definition and its administration
M-View • The Security Manager • The Secure Query Management Layer (SQML)
References • Till Haselmann, Jens Lechtenb¨orger, Gottfried Vossen, Data Warehouse Detective: Schema Design Made Easy, in the proceedings of BTW 2007, Aachen, Germany • Diego Calvanese, Data Integration in Data Warehousing, International Journal of Cooperative Information Systems Vol. 10, No. 3 (2001) 237–271 • StefenoRizzi et. al, Research in Data Warehouse Modeling and Design: Dear or Alive?, DOLAP’06, Nov 10, 2006, ACM 1-59593-530-4/06/0011 • Smith, J. Eloff, “Security in Health-care Information Systems, Current Trends”, International Journal of Medical Informatics, Volume 54, Issue 1, April 1999, pp. 39–54 • R. Kirkgöze, N. Katic, M. Stolda, and A. M. Tjoa, "A Security Concept for OLAP. (DEXA'97)," Toulouse, Fcance • Rosenthal and E. Sciore, "View Security as the Basic for DW Security," (DMDW'00), Sweden, 2000 • Emilio Soler, Juan Trujillo, Eduardo Fernández-Medinaand Mario Piattini, “A Framework for the Development of Secure Data Warehouses based on MDA and QVT” Second International Conference on Availability, Reliability and Security (ARES'07) 0-7695-2775-2/07 (2007), IEEE • Doshi, V., Jajoda, S., Rosenthal, A.: A Pragmatic Approach to Access Control in Data Warehouses. Via private communication, 1999 • Katic, N., Quirchmayr, G., Schiefer, J., Stolba, M., Tjoa, A.M.: A Prototype Model for Data Warehouse Security Based on Metadata. In Proc. DEXA 98, Ninth International Workshop on DEXA; Vienna, Austria, August 26-28, 1998 • Kurz, A.: Data Warehousing Enabling Technology. MITPVerlag Bonn, 1999 • TorstenPriebe, GüntherPernul, Towards OLAP Security Design – Survey and Research Issues, European Union through INCO-Copernicus grant no. 977091 (project GOAL Geographic Information Online Analysis).