Your SlideShare is downloading. ×
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply



Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #17 Secure Data Warehousing March 14, 2007
  • 2. Outline
    • Background on Data Warehousing
      • What is a Data Warehouse?
      • Data Warehousing Technologies
      • Data Warehouse Design
      • Distributing the Data Warehouse
      • Data Modeling
      • Indexing
    • Security Issues for Data Warehousing
  • 3. What is a Data Warehouse?
    • A Data Warehouse is a:
      • Subject-oriented
      • Integrated
      • Nonvolatile
      • Time variant
      • Collection of data in support of management’s decisions
      • From: Building the Data Warehouse by W. H. Inmon, John Wiley and Sons
    • Integration of heterogeneous data sources into a repository
    • Summary reports, aggregate functions, etc.
  • 4. Example Data Warehouse Oracle DBMS for Employees Sybase DBMS for Projects Informix DBMS for Medical Data Warehouse: Data correlating Employees With Medical Benefits and Projects Could be any DBMS; Usually based on the relational data model Users Query the Warehouse
  • 5. Some Data Warehousing Technologies
    • Heterogeneous Database Integration
    • Statistical Databases
    • Data Modeling
    • Metadata
    • Access Methods and Indexing
    • Language Interface
    • Database Administration
    • Parallel Database Management
  • 6. Data Warehouse Design
    • Appropriate Data Model is key to designing the Warehouse
    • Higher Level Model in stages
      • Stage 1: Corporate data model
      • Stage 2: Enterprise data model
      • Stage 3: Warehouse data model
    • Middle-level data model
      • A model for possibly for each subject area in the higher level model
    • Physical data model
      • Include features such as keys in the middle-level model
    • Need to determine appropriate levels of granularity of data in order to build a good data warehouse
  • 7. Distributing the Data Warehouse
    • Issues similar to distributed database systems
    Distributed Warehouse Central Bank Branch A Branch B Central Warehouse Central Bank Branch A Branch B Central Warehouse Branch B Warehouse Branch A Warehouse Non-distributed Warehouse
  • 8. Multidimensional Data Model
  • 9. Indexing for Data Warehousing
    • Bit-Maps
    • Multi-level indexing
    • Storing parts or all of the index files in main memory
    • Dynamic indexing
  • 10. Metadata Mappings
  • 11. Data Warehousing and Security
    • Security for integrating the heterogeneous data sources into the repository
      • e.g., Heterogeneity Database System Security, Statistical Database Security
    • Security for maintaining the warehouse
      • Query, Updates, Auditing, Administration, Metadata
    • Multilevel Security
      • Multilevel Data Models, Trusted Components
  • 12. Example Secure Data Warehouse
  • 13. Secure Data Warehouse Technologies
  • 14. Security for Integrating Heterogeneous Data Sources
    • Integrating multiple security policies into a single policy for the warehouse
      • Apply techniques for federated database security?
      • Need to transform the access control rules
    • Security impact on schema integration and metadata
      • Maintaining transformations and mappings
    • Statistical database security
      • Inference and aggregation
      • e.g., Average salary in the warehouse could be unclassified while the individual salaries in the databases could be classified
    • Administration and auditing
  • 15. Security Policy for the Warehouse Federated policies become warehouse policies? Component Policy for Component A Component Policy for Component B Component Policy for Component C Generic Policy for Component A Generic Policy for Component B Generic policy for Component C Export Policy for Component A Export Policy for Component B Export Policy for Component C Federated Policy for Federation F1 Federated Policy for Federation F2 Export Policy for Component B Security Policy Integration and Transformation
  • 16. Security Policy for the Warehouse - II
  • 17. Secure Data Warehouse Model
  • 18. Methodology for Developing a Secure Data Warehouse
  • 19. Multi-Tier Architecture Tier 1:Secure Data Sources Tier 2: Builds on Tier 1 Tier N: Data Warehouse Builds on Tier N - 1 * * Tier 1:Secure Data Sources Tier 2: Builds on Tier 1 Tier N: Secure Data Warehouse Builds on Tier N - 1 * * Each layer builds on the Previous Layer Schemas/Metadata/Policies
  • 20. Administration
    • Roles of Database Administrators, Warehouse Administrators, Database System Security officers, and Warehouse System Security Officers?
    • When databases are updated, can trigger mechanism be used to automatically update the warehouse?
      • i.e., Will the individual database administrators permit such mechanism?
  • 21. Auditing
    • Should the Warehouse be audited?
      • Advantages
        • Keep up-to-date information on access to the warehouse
      • Disadvantages
        • May need to keep unnecessary data in the warehouse
        • May need a lower level granularity of data
        • May cause changes to the timing of data entry to the warehouse as well as backup and recovery restrictions
    • Need to determine the relationships between auditing the warehouse and auditing the databases
  • 22. Multilevel Security
    • Multilevel data models
      • Extensions to the data warehouse model to support classification levels
    • Trusted Components
      • How much of the warehouse should be trusted?
      • Should the transformations be trusted?
    • Covert channels, inference problem
  • 23. Inference Controller
  • 24. Status and Directions
    • Commercial data warehouse vendors are incorporating role-based security (e.g., Oracle)
    • Many topics need further investigation
      • Building a secure data warehouse
      • Policy integration
      • Secure data model
      • Inference control