Emilio Soler

Towards Comprehensive Requirement Analysis for Data Warehouses: Considering Security Requirements

Data warehouse (DW) systems integrate data from heterogeneous sources and are used by decision makers to analyze the status and the development of an organization. Traditionally, requirement analysis approaches for DWs have focused purely on information needs of decision makers, without considering other kinds of requirements such as security or performance. But modeling these issues in the early stages of the development is a cornerstone for building a DW that satisfies user expectations. In this paper, we define the two kinds of requirements for data warehousing as information and quality-of-service requirements and combine them in a comprehensive approach based on MDA (model driven architecture). This allows a separation of concerns to model requirements without losing the connection between information and quality-of-service, also in the following conceptual or logical design stages. Finally, in this paper, we introduce a security requirement model for data warehousing, and a three-step process for modeling security requirements, thus illustrating the applicability of our approach with an example.

A set of QVT relations to transform PIM to PSM in the Design of Secure Data Warehouses

Security represents a crucial aspect in the development of data warehouses (DWs), since they contain confidential data. It becomes therefore necessary to specify security and audit requirements for the multidimensional modelling, that cannot be directly transferred to the relational model of the DW. The standard framework for software development model driven architecture (MDA) allows us to define transformations between models by proposing query/view/transformations (QVT). This proposal allows the definition of formal, elegant and unequivocal transformations between platform independent model (PIM) and platform specific model (PSM). This paper employs QVT to establish a set of relations that allows us to transform security information embedded in the DWs multidimensional conceptual model to a relational logical scheme

Designing secure data warehouses by using MDA and QVT

This work has been partially supported by the METASIGN project (TIN2004-00779) from the Spanish Ministry of Education and Science, of the Regional Government of Valencia, and by the QUASIMODO and MISTICO projects of the Regional Science and Technology Ministry of Castilla-La Mancha (Spain).

Representing security and audit rules for data warehouses at the logical level by using the common warehouse metamodel

Data warehouses (DWs) contained high sensitive data, and therefore, it is essential to specify security measures from the early stages of the DW design and enforce them. Access control models for transactional (relational) databases, based on tables, columns and rows, are not appropriate for DWs. Instead, security and audit rules defined for DWs must be specified based on the multidimensional (MD) modeling used to design data warehouses. So far, very few approaches represent security measures in the conceptual modeling of data warehouses form the early stages of a DW project. Moreover these security measures cannot be directly represented in the relational model for data warehouses, thereby having a semantic gap between the conceptual and logical schemas. In this paper, we present an extension of the relational model to consider security and audit measures represented in the conceptual modeling. To accomplish this, we based on the relational package of the common warehouse metamodel (CWM) and extend it to properly represent all security and audit rules defined in the conceptual modelling of data warehouses. Finally, to show the benefit of our approach, we apply our proposal to a health care case study.

A Framework for the Development of Secure Data Warehouses based on MDA and QVT

Data warehouses (DWs) store historical and aggregated information, extracted from multiple heterogeneous, autonomous and distributed sources of information, therefore it is essential to specify security measures from early stages of DW design and to enforce them. Several proposals on DW development have arisen in the last couple of years. However, few approaches represent security measures in the DW conceptual model starting from early stages of development of a DW project. In addition, these security measures cannot be automatically represented at logical level, so heuristic design guides for such transformations have appeared. This paper presents a framework based on model driven architecture (MDA) for the development of secure data warehouses that covers all the phases of design (conceptual, logical and physical) and embeds security measures in all of them. Moreover, transformations between models are clearly and formally established by using query/view/transformation (QVT), to obtain consequently a traceability of the security rules from the early stages of development to the final implementation

Application of QVT for the Development of Secure Data Warehouses: A case study

Security is a crucial aspect for the development of data warehouses (DW) because they contain sensitive information. The application of the model driven architecture (MDA) in the secure modeling of DWs allows obtaining the secure logical scheme from the conceptual model. In this paper, we apply the query/view/transformations (QVT) language to the development of a secure DW by means of a case study. First, we introduce the case study related to a typical sanitary system. Afterwards, with the application of a set of QVT relations, we transform all the captured security and audit requirements from the multidimensional conceptual model of the DW, to the logical level, by means of the construction of a snowflake model. From this scheme it turns out easier to obtain code for a specific platform that implements security and audit aspects

Using UML packages for designing secure data warehouses

Due to the sensitive data contained in Data Warehouses (DWs), it is essential to specify security measures from the early stages of the DWs design and enforce them. In this paper, we will present a UML profile to represent multidimensional and security aspects of our conceptual modeling. Our approach proposes the use of UML packages in order to group classes together into higher level units creating different levels of abstraction, and therefore, simplifying the final model. Furthermore, we present an extension of the relational model to consider security and audit measures represented in the conceptual modeling. To accomplish this, we based on the Relational Package of the Common Warehouse Metamodel (CWM) and extend it to properly represent all security and audit rules defined in the conceptual modeling of DWs. Finally, we will show an example to illustrate the applicability of our proposal.

JISBD2007-07: An extension of the Relational Metamodel of CWM to represent Secure Data Warehouses at the Logical Level

Generally, security and audit measures for Data Warehouses (DWs) are defined in the final implementation on top of commercial systems because there is not a standard for the exchange and the operability of metadata. The Common Warehouse Metamodel (CWM) proposal is broadly accepted as the standard for the interchange and the interoperability of metadata. Nevertheless, it does not allow us to specify security measures. In this paper, we make use of the extension mechanisms provided by the CWM to extend the relational package to specify, at the logical level, the security and audit rules captured during the conceptual modeling phase of the DWs design. Moreover, in order to show the benefits of our extension, we apply it to a case study related to the management of the pharmacies consortium businesses.

Representing levels of abstraction to facilitate the secure multidimensional modeling

In most real world data warehouses (DWs) projects, security aspects are issues that usually rely on DBMS administrators. We argue that the design of security aspects should be considered together with the conceptual modeling of DWs from the early stages of a DW project, and being able to attach user security information to the basic structures of a multidimensional (MD) model (e.g. dimensions, facts, attributes, and so on). In this way, we would be able to generate this information in a semi or automatic way into a target platform and the final DW will better suit user security requirements. In this paper, we will present an extension of the Unified Modeling Language (UML) using a UML profile to represent multidimensional and security aspects of our conceptual modeling. Our approach proposes the use of UML packages in order to group classes together into higher level units creating different levels of abstraction, and therefore, simplifying the final model. In this way, when modeling complex and large DWs systems, the designer is not restricted to use flat UML class diagrams. Finally, we would show an example to illustrate the applicability of our proposal.

IDEAS07: An approach based on i* for security requirement analysis in data warehouses

Requirement analysis approaches for data warehouse (DW) systems are only focused on information needs of decision makers, without considering other kind of requirement such as security or performance. However, modeling these issues in the early stages of the development is a cornerstone for building a DW that satisfies user expectations. In this paper, we define the two kinds of requirements for DWing as information and quality-of-service requirements. These requirements are defined within the MDA (Model Driven Architecture) framework, which allows their traceability towards the subsequent conceptual and logical design phases. It is worth mentioning that this paper focuses on proposing a requirement model for security (as a concrete kind of quality-of-service requirement), and a three-step process for modeling together information and security requirements.