Home // International Journal On Advances in Security, volume 5, numbers 3 and 4, 2012 // View article

Securing Access to Data in Business Intelligence Domains

Authors:
Ahmad Altamimi
Todd Eavis

Keywords: Data warehouses; Data security; Query processing

Abstract:
Online Analytical Processing (OLAP) has become an increasingly important and prevalent component of Decision Support Systems. OLAP is associated with a data model known as a cube, a multi-dimensional representation of the core measures and relationships within the associated organization. While numerous cube generation and processing algorithms have been presented in the literature, little effort has been made to address the unique security and authorization requirements of the model. In particular, the hierarchical nature of the cube allows users to bypass - either intentionally or unintentionally - partial constraints defined at alternate aggregation levels. In this paper, we present an authorization framework that builds upon an algebra designed specifically for OLAP domains. It is Object-Oriented in nature and uses query re-writing rules to ensure consistent data access across all levels of the conceptual model. For the most part, the process is largely transparent to the user. We demonstrate the scope of our framework with a series of common OLAP query case studies, as well as an experimental performance analysis using a common OLAP benchmark. The end result is an intuitive but powerful approach to database authorization that is uniquely tailored to the OLAP domain.

Pages: 94 to 111

Copyright: Copyright (c) to authors, 2012. Used with permission.

Publication date: December 31, 2012

Published in: journal

ISSN: 1942-2636