Published on

  • Be the first to comment

  • Be the first to like this


  1. 1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #17 Secure Data Warehousing March 14, 2007
  2. 2. Outline <ul><li>Background on Data Warehousing </li></ul><ul><ul><li>What is a Data Warehouse? </li></ul></ul><ul><ul><li>Data Warehousing Technologies </li></ul></ul><ul><ul><li>Data Warehouse Design </li></ul></ul><ul><ul><li>Distributing the Data Warehouse </li></ul></ul><ul><ul><li>Data Modeling </li></ul></ul><ul><ul><li>Indexing </li></ul></ul><ul><li>Security Issues for Data Warehousing </li></ul>
  3. 3. What is a Data Warehouse? <ul><li>A Data Warehouse is a: </li></ul><ul><ul><li>Subject-oriented </li></ul></ul><ul><ul><li>Integrated </li></ul></ul><ul><ul><li>Nonvolatile </li></ul></ul><ul><ul><li>Time variant </li></ul></ul><ul><ul><li>Collection of data in support of management’s decisions </li></ul></ul><ul><ul><li>From: Building the Data Warehouse by W. H. Inmon, John Wiley and Sons </li></ul></ul><ul><li>Integration of heterogeneous data sources into a repository </li></ul><ul><li>Summary reports, aggregate functions, etc. </li></ul>
  4. 4. Example Data Warehouse Oracle DBMS for Employees Sybase DBMS for Projects Informix DBMS for Medical Data Warehouse: Data correlating Employees With Medical Benefits and Projects Could be any DBMS; Usually based on the relational data model Users Query the Warehouse
  5. 5. Some Data Warehousing Technologies <ul><li>Heterogeneous Database Integration </li></ul><ul><li>Statistical Databases </li></ul><ul><li>Data Modeling </li></ul><ul><li>Metadata </li></ul><ul><li>Access Methods and Indexing </li></ul><ul><li>Language Interface </li></ul><ul><li>Database Administration </li></ul><ul><li>Parallel Database Management </li></ul>
  6. 6. Data Warehouse Design <ul><li>Appropriate Data Model is key to designing the Warehouse </li></ul><ul><li>Higher Level Model in stages </li></ul><ul><ul><li>Stage 1: Corporate data model </li></ul></ul><ul><ul><li>Stage 2: Enterprise data model </li></ul></ul><ul><ul><li>Stage 3: Warehouse data model </li></ul></ul><ul><li>Middle-level data model </li></ul><ul><ul><li>A model for possibly for each subject area in the higher level model </li></ul></ul><ul><li>Physical data model </li></ul><ul><ul><li>Include features such as keys in the middle-level model </li></ul></ul><ul><li>Need to determine appropriate levels of granularity of data in order to build a good data warehouse </li></ul>
  7. 7. Distributing the Data Warehouse <ul><li>Issues similar to distributed database systems </li></ul>Distributed Warehouse Central Bank Branch A Branch B Central Warehouse Central Bank Branch A Branch B Central Warehouse Branch B Warehouse Branch A Warehouse Non-distributed Warehouse
  8. 8. Multidimensional Data Model
  9. 9. Indexing for Data Warehousing <ul><li>Bit-Maps </li></ul><ul><li>Multi-level indexing </li></ul><ul><li>Storing parts or all of the index files in main memory </li></ul><ul><li>Dynamic indexing </li></ul>
  10. 10. Metadata Mappings
  11. 11. Data Warehousing and Security <ul><li>Security for integrating the heterogeneous data sources into the repository </li></ul><ul><ul><li>e.g., Heterogeneity Database System Security, Statistical Database Security </li></ul></ul><ul><li>Security for maintaining the warehouse </li></ul><ul><ul><li>Query, Updates, Auditing, Administration, Metadata </li></ul></ul><ul><li>Multilevel Security </li></ul><ul><ul><li>Multilevel Data Models, Trusted Components </li></ul></ul>
  12. 12. Example Secure Data Warehouse
  13. 13. Secure Data Warehouse Technologies
  14. 14. Security for Integrating Heterogeneous Data Sources <ul><li>Integrating multiple security policies into a single policy for the warehouse </li></ul><ul><ul><li>Apply techniques for federated database security? </li></ul></ul><ul><ul><li>Need to transform the access control rules </li></ul></ul><ul><li>Security impact on schema integration and metadata </li></ul><ul><ul><li>Maintaining transformations and mappings </li></ul></ul><ul><li>Statistical database security </li></ul><ul><ul><li>Inference and aggregation </li></ul></ul><ul><ul><li>e.g., Average salary in the warehouse could be unclassified while the individual salaries in the databases could be classified </li></ul></ul><ul><li>Administration and auditing </li></ul>
  15. 15. Security Policy for the Warehouse Federated policies become warehouse policies? Component Policy for Component A Component Policy for Component B Component Policy for Component C Generic Policy for Component A Generic Policy for Component B Generic policy for Component C Export Policy for Component A Export Policy for Component B Export Policy for Component C Federated Policy for Federation F1 Federated Policy for Federation F2 Export Policy for Component B Security Policy Integration and Transformation
  16. 16. Security Policy for the Warehouse - II
  17. 17. Secure Data Warehouse Model
  18. 18. Methodology for Developing a Secure Data Warehouse
  19. 19. Multi-Tier Architecture Tier 1:Secure Data Sources Tier 2: Builds on Tier 1 Tier N: Data Warehouse Builds on Tier N - 1 * * Tier 1:Secure Data Sources Tier 2: Builds on Tier 1 Tier N: Secure Data Warehouse Builds on Tier N - 1 * * Each layer builds on the Previous Layer Schemas/Metadata/Policies
  20. 20. Administration <ul><li>Roles of Database Administrators, Warehouse Administrators, Database System Security officers, and Warehouse System Security Officers? </li></ul><ul><li>When databases are updated, can trigger mechanism be used to automatically update the warehouse? </li></ul><ul><ul><li>i.e., Will the individual database administrators permit such mechanism? </li></ul></ul>
  21. 21. Auditing <ul><li>Should the Warehouse be audited? </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>Keep up-to-date information on access to the warehouse </li></ul></ul></ul><ul><ul><li>Disadvantages </li></ul></ul><ul><ul><ul><li>May need to keep unnecessary data in the warehouse </li></ul></ul></ul><ul><ul><ul><li>May need a lower level granularity of data </li></ul></ul></ul><ul><ul><ul><li>May cause changes to the timing of data entry to the warehouse as well as backup and recovery restrictions </li></ul></ul></ul><ul><li>Need to determine the relationships between auditing the warehouse and auditing the databases </li></ul>
  22. 22. Multilevel Security <ul><li>Multilevel data models </li></ul><ul><ul><li>Extensions to the data warehouse model to support classification levels </li></ul></ul><ul><li>Trusted Components </li></ul><ul><ul><li>How much of the warehouse should be trusted? </li></ul></ul><ul><ul><li>Should the transformations be trusted? </li></ul></ul><ul><li>Covert channels, inference problem </li></ul>
  23. 23. Inference Controller
  24. 24. Status and Directions <ul><li>Commercial data warehouse vendors are incorporating role-based security (e.g., Oracle) </li></ul><ul><li>Many topics need further investigation </li></ul><ul><ul><li>Building a secure data warehouse </li></ul></ul><ul><ul><li>Policy integration </li></ul></ul><ul><ul><li>Secure data model </li></ul></ul><ul><ul><li>Inference control </li></ul></ul>