• Like
Upcoming SlideShare
Loading in...5
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #17 Secure Data Warehousing March 14, 2007
  • 2. Outline
    • Background on Data Warehousing
      • What is a Data Warehouse?
      • Data Warehousing Technologies
      • Data Warehouse Design
      • Distributing the Data Warehouse
      • Data Modeling
      • Indexing
    • Security Issues for Data Warehousing
  • 3. What is a Data Warehouse?
    • A Data Warehouse is a:
      • Subject-oriented
      • Integrated
      • Nonvolatile
      • Time variant
      • Collection of data in support of management’s decisions
      • From: Building the Data Warehouse by W. H. Inmon, John Wiley and Sons
    • Integration of heterogeneous data sources into a repository
    • Summary reports, aggregate functions, etc.
  • 4. Example Data Warehouse Oracle DBMS for Employees Sybase DBMS for Projects Informix DBMS for Medical Data Warehouse: Data correlating Employees With Medical Benefits and Projects Could be any DBMS; Usually based on the relational data model Users Query the Warehouse
  • 5. Some Data Warehousing Technologies
    • Heterogeneous Database Integration
    • Statistical Databases
    • Data Modeling
    • Metadata
    • Access Methods and Indexing
    • Language Interface
    • Database Administration
    • Parallel Database Management
  • 6. Data Warehouse Design
    • Appropriate Data Model is key to designing the Warehouse
    • Higher Level Model in stages
      • Stage 1: Corporate data model
      • Stage 2: Enterprise data model
      • Stage 3: Warehouse data model
    • Middle-level data model
      • A model for possibly for each subject area in the higher level model
    • Physical data model
      • Include features such as keys in the middle-level model
    • Need to determine appropriate levels of granularity of data in order to build a good data warehouse
  • 7. Distributing the Data Warehouse
    • Issues similar to distributed database systems
    Distributed Warehouse Central Bank Branch A Branch B Central Warehouse Central Bank Branch A Branch B Central Warehouse Branch B Warehouse Branch A Warehouse Non-distributed Warehouse
  • 8. Multidimensional Data Model
  • 9. Indexing for Data Warehousing
    • Bit-Maps
    • Multi-level indexing
    • Storing parts or all of the index files in main memory
    • Dynamic indexing
  • 10. Metadata Mappings
  • 11. Data Warehousing and Security
    • Security for integrating the heterogeneous data sources into the repository
      • e.g., Heterogeneity Database System Security, Statistical Database Security
    • Security for maintaining the warehouse
      • Query, Updates, Auditing, Administration, Metadata
    • Multilevel Security
      • Multilevel Data Models, Trusted Components
  • 12. Example Secure Data Warehouse
  • 13. Secure Data Warehouse Technologies
  • 14. Security for Integrating Heterogeneous Data Sources
    • Integrating multiple security policies into a single policy for the warehouse
      • Apply techniques for federated database security?
      • Need to transform the access control rules
    • Security impact on schema integration and metadata
      • Maintaining transformations and mappings
    • Statistical database security
      • Inference and aggregation
      • e.g., Average salary in the warehouse could be unclassified while the individual salaries in the databases could be classified
    • Administration and auditing
  • 15. Security Policy for the Warehouse Federated policies become warehouse policies? Component Policy for Component A Component Policy for Component B Component Policy for Component C Generic Policy for Component A Generic Policy for Component B Generic policy for Component C Export Policy for Component A Export Policy for Component B Export Policy for Component C Federated Policy for Federation F1 Federated Policy for Federation F2 Export Policy for Component B Security Policy Integration and Transformation
  • 16. Security Policy for the Warehouse - II
  • 17. Secure Data Warehouse Model
  • 18. Methodology for Developing a Secure Data Warehouse
  • 19. Multi-Tier Architecture Tier 1:Secure Data Sources Tier 2: Builds on Tier 1 Tier N: Data Warehouse Builds on Tier N - 1 * * Tier 1:Secure Data Sources Tier 2: Builds on Tier 1 Tier N: Secure Data Warehouse Builds on Tier N - 1 * * Each layer builds on the Previous Layer Schemas/Metadata/Policies
  • 20. Administration
    • Roles of Database Administrators, Warehouse Administrators, Database System Security officers, and Warehouse System Security Officers?
    • When databases are updated, can trigger mechanism be used to automatically update the warehouse?
      • i.e., Will the individual database administrators permit such mechanism?
  • 21. Auditing
    • Should the Warehouse be audited?
      • Advantages
        • Keep up-to-date information on access to the warehouse
      • Disadvantages
        • May need to keep unnecessary data in the warehouse
        • May need a lower level granularity of data
        • May cause changes to the timing of data entry to the warehouse as well as backup and recovery restrictions
    • Need to determine the relationships between auditing the warehouse and auditing the databases
  • 22. Multilevel Security
    • Multilevel data models
      • Extensions to the data warehouse model to support classification levels
    • Trusted Components
      • How much of the warehouse should be trusted?
      • Should the transformations be trusted?
    • Covert channels, inference problem
  • 23. Inference Controller
  • 24. Status and Directions
    • Commercial data warehouse vendors are incorporating role-based security (e.g., Oracle)
    • Many topics need further investigation
      • Building a secure data warehouse
      • Policy integration
      • Secure data model
      • Inference control