Showing the Benefits of Applying a Model Driven Architecture for Developing Secure OLAP Applications

Data Warehouses (DW) manage enterprise information that is queried for decision making purposes by using On-Line Analytical Processing (OLAP) tools. The establishment of security constraints in all development stages and operations of the DW is highly important since otherwise, unauthorized users may discover vital business information. The final users of OLAP tools access and analyze the information from the corporate DW by using specific views or cubes based on the multidimensional modelling containing the facts and dimensions (with the corresponding classification hierarchies) that a decision maker or group of decision makers are interested in. Thus, it is important that security constraints will be also established over this metadata layer that connects the DW's repository with the decision makers, that is, directly over the multidimensional structures that final users manage. In doing so, we will not have to define specific security constraints for every particular user, thereby reducing the developing time and costs for secure OLAP applications. In order to achieve this goal, a model driven architecture to automatically develop secure OLAP applications from models has been defined. This paper shows the benefits of this architecture by applying it to a case study in which an OLAP application for an airport DW is automatically developed from models. The architecture is composed of: (1) the secure conceptual modelling by using a UML profile; (2) the secure logical modelling for OLAP applications by using an extension of CWM; (3) the secure implementation into a specific OLAP tool, SQL Server Analysis Services (SSAS); and (4) the transformations needed to automatically generate logical models from conceptual models and the final secure implementation.This research is part of the following projects: SERENIDAD (PEII11- 037-7035) financed by the ”Viceconsejería de Ciencia y Tecnología de la Junta de Comunidades de Castilla-La Mancha” (Spain) and FEDER, and SIGMA-CC (TIN2012-36904) and GEODAS (TIN2012-37493-C03-01) financed by the ”Ministerio de Economía y Competitividad” (Spain)

An MDA approach for developing Secure OLAP applications: metamodels and transformations

Decision makers query enterprise information stored in Data Warehouses (DW) by using tools (such as On-Line Analytical Processing (OLAP) tools) which employ specific views or cubes from the corporate DW or Data Marts, based on multidimensional modelling. Since the information managed is critical, security constraints have to be correctly established in order to avoid unauthorized access. In previous work we defined a Model-Driven based approach for developing a secure DW repository by following a relational approach. Nevertheless, it is also important to define security constraints in the metadata layer that connects the DW repository with the OLAP tools; that is, over the same multidimensional structures that end users manage. This paper incorporates a proposal for developing secure OLAP applications within our previous approach: it improves a UML profile for conceptual modelling; it defines a logical metamodel for OLAP applications; and it defines and implements transformations from conceptual to logical models, as well as from logical models to secure implementation in a specific OLAP tool (SQL Server Analysis Services).This research is part of the following projects: SIGMA-CC (TIN2012-36904), GEODAS-BC (TIN2012-37493-C01) and GEODAS-BI (TIN2012-37493-C03) funded by the Ministerio de Economía y Competitividad and Fondo Europeo de Desarrollo Regional FEDER. SERENIDAD (PEII11-037-7035) and MOTERO (PEII11- 0399-9449) funded by the Consejería de Educación, Ciencia y Cultura de la Junta de Comunidades de Castilla La Mancha, and Fondo Europeo de Desarrollo Regional FEDER

Showing the Benefits of Applying a Model Driven Architecture for

Data Warehouses (DW) manage enterprise information that is queried for decision making purposes by using On-Line Analytical Processing (OLAP) tools. The establishment of security constraints in all development stages and operations of the DW is highly important since otherwise, unauthorized users may discover vital business information. The final users of OLAP tools access and analyze the information from the corporate DW by using specific views or cubes based on the multidimensional modelling containing the facts and dimensions (with the corresponding classification hierarchies) that a decision maker or group of decision makers are interested in. Thus, it is important that security constraints will be also established over this metadata layer that connects the DW's repository with the decision makers, that is, directly over the multidimensional structures that final users manage. In doing so, we will not have to define specific security constraints for every particular user, thereby reducing the developing time and costs for secure OLAP applications. In order to achieve this goal, a model driven architecture to automatically develop secure OLAP applications from models has been defined. This paper shows the benefits of this architecture by applying it to a case study in which an OLAP application for an airport DW is automatically developed from models. The architecture is composed of: (1) the secure conceptual modelling by using a UML profile; (2) the secure logical modelling for OLAP applications by using an extension of CWM; (3) the secure implementation into a specific OLAP tool, SQL Server Analysis Services (SSAS); and (4) the transformations needed to automatically generate logical models from conceptual models and the final secure implementation.This research is part of the following projects: SERENIDAD (PEII11- 037-7035) financed by the ”Viceconsejería de Ciencia y Tecnología de la Junta de Comunidades de Castilla-La Mancha” (Spain) and FEDER, and SIGMA-CC (TIN2012-36904) and GEODAS (TIN2012-37493-C03-01) financed by the ”Ministerio de Economía y Competitividad” (Spain)

Extended RBAC -Based Design and Implementation for a Secure Data Warehouse

Abstrac

Context Sensitive Access Control Model TI for Business Processes

Kontrola pristupa odnosno autorizacija, u širem smislu, razmatra na koji način korisnici mogu pristupiti resursima računarskog sistema i na koji način ih koristiti. Ova disertacija se bavi problemima kontrole pristupa u poslovnim sistemima. Tema disertacije je formalna specifkacija modela kontekstno zavisne kontrole pristupa u poslovnim sistemima koji je baziran na RBAC modelu kontrole pristupa. Uvođenjem kontekstno zavisne kontrole pristupa omogućeno je defnisanje složenijih prava pristupa koje u postojećim modelima kontrole pristupa za poslovne sisteme nije bilo moguće realizovati ili bi njihova realizacija bila komplikovana. Dati model primenljiv je u različitim poslovnim sistemima, a podržava defnisanje prava pristupa kako za jednostavne tako i za slo·zene poslovne tokove. Sistem je verifkovan na dva realna poslovna procesa pomoću razvijenog prototipa. Prikazana prototipska implementacija koja ispunjava ciljeve u pogledu funkcionalnosti postavljene pred sistem predstavlja potvrdu praktične vrednosti predloženog modela.Access control is concerned with the way in which users can access to resources in the computer system. This dissertation focuses on problems of access control for business processes. The subject of the dissertation is a formal specification of the RBAC-based context sensitive access control model for business processes. By using a context-sensitive access control it is possible to define more complex access control policies whose implementation in existing access control models for business processes is not possible or is very complicated. The given model is applicable in diferent business systems, and supports the definition of access control policies for both simple and complex business processes. The model's prototype is verified by two case studies on real business processes. The presented prototype implementation represents a proof of the proposed model's practical value