TY - JOUR
T1 - Access control and audit model for the multidimensional modeling of data warehouses
AU - Fernández-Medina, Eduardo
AU - Trujillo, Juan
AU - Villarroel, Rodolfo
AU - Piattini, Mario
N1 - Funding Information:
This research is part of the RETISTIC (TIC2002-12487-E) and the METASIGN (TIN2004-00779) projects, supported by the Dirección General de Investigación of the Ministerio de Ciencia y Tecnología, the MESSENGER project, supported by the Consejería de Ciencia y Tecnlogía of the Junta de Comunidades de Castilla-La Mancha (PCC-03-003-1), and the DADAMESCA project (GV 05/220) supported by the Consellería de Empresa, Universidad y Ciencia de la Generalitat Valenciana. We would also like to thank the reviewers for their valuable comments, which have helped us improve this paper.
PY - 2006/12
Y1 - 2006/12
N2 - Due to the sensitive data contained in Data Warehouses (DW), it is essential to specify security measures from the early stages of the DW design and enforce them. Traditional access control models for transactional (relational) databases, based on tables, columns and rows, are not appropriate for DWs. Instead, security and audit rules defined for DWs must be specified based on the multidimensional (MD) modeling used to design data warehouses. Current approaches for the conceptual modeling of DWs do not allow us to specify security and confidentiality constraints in the conceptual modeling phase. In this paper, we propose an Access Control and Audit (ACA) model for DWs by specifying security rules in the conceptual MD modeling. Thus, we define authorization rules for users and objects and we assign sensitive information rules and authorization rules to the main elements of a MD model (e.g., facts or dimensions). Moreover, we also specify certain audit rules allowing us to analyze user behaviors. To be able to include and use our ACA model in the conceptual MD modeling, we extend the Unified Modeling Language (UML) with our ACA model, thereby allowing us to design secure MD models. Finally, to show the benefit of our approach, we apply our approach to a health care case study.
AB - Due to the sensitive data contained in Data Warehouses (DW), it is essential to specify security measures from the early stages of the DW design and enforce them. Traditional access control models for transactional (relational) databases, based on tables, columns and rows, are not appropriate for DWs. Instead, security and audit rules defined for DWs must be specified based on the multidimensional (MD) modeling used to design data warehouses. Current approaches for the conceptual modeling of DWs do not allow us to specify security and confidentiality constraints in the conceptual modeling phase. In this paper, we propose an Access Control and Audit (ACA) model for DWs by specifying security rules in the conceptual MD modeling. Thus, we define authorization rules for users and objects and we assign sensitive information rules and authorization rules to the main elements of a MD model (e.g., facts or dimensions). Moreover, we also specify certain audit rules allowing us to analyze user behaviors. To be able to include and use our ACA model in the conceptual MD modeling, we extend the Unified Modeling Language (UML) with our ACA model, thereby allowing us to design secure MD models. Finally, to show the benefit of our approach, we apply our approach to a health care case study.
KW - Access control
KW - Audit
KW - Data warehouses
KW - Secure multidimensional modeling
KW - UML
UR - http://www.scopus.com/inward/record.url?scp=33749603462&partnerID=8YFLogxK
U2 - 10.1016/j.dss.2005.10.008
DO - 10.1016/j.dss.2005.10.008
M3 - Article
AN - SCOPUS:33749603462
SN - 0167-9236
VL - 42
SP - 1270
EP - 1289
JO - Decision Support Systems
JF - Decision Support Systems
IS - 3
ER -