A Comprehensive Data Security Framework for OLAP Domains
Online Analytical Processing (OLAP) has become an increasingly important and prevalent component of enterprise Decision Support Systems. OLAP is associated with a data model known as a Cube, a multi-dimensional representation that allows for the extraction and intuitive visualization of broad patter...
Main Author: | |
---|---|
Format: | Others |
Published: |
2014
|
Online Access: | http://spectrum.library.concordia.ca/978232/1/Altamimi_PhD_S2014.pdf Altamimi, Ahmad <http://spectrum.library.concordia.ca/view/creators/Altamimi=3AAhmad=3A=3A.html> (2014) A Comprehensive Data Security Framework for OLAP Domains. PhD thesis, Concordia University. |
id |
ndltd-LACETR-oai-collectionscanada.gc.ca-QMG.978232 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-LACETR-oai-collectionscanada.gc.ca-QMG.9782322014-07-04T04:41:59Z A Comprehensive Data Security Framework for OLAP Domains Altamimi, Ahmad Online Analytical Processing (OLAP) has become an increasingly important and prevalent component of enterprise Decision Support Systems. OLAP is associated with a data model known as a Cube, a multi-dimensional representation that allows for the extraction and intuitive visualization of broad patterns and trends that would otherwise not be obvious to the user. One must note, however, that not all of the collected data should be universally accessible. Specifically, DW/OLAP systems almost always house confidential and sensitive data — identification information, medical data, or even religious beliefs and ideologies — that must, by definition, be restricted to authorized users. In this thesis, we provide models and algorithms for protecting the data in multi-dimensional data cube spaces. To this end, the thesis addresses three distinct but related themes. In the opening part of this study, we propose an authentication and authorization framework that builds upon an algebra designed specifically for OLAP domains. It relies on robust query re-writing rules to ensure consistent data access across all levels of the conceptual data cube model. In the second part, we present a framework for controlling malicious inferences caused by unprotected access to coarser level aggregations. Our framework prevents complicated inferences through a combination of initial query restrictions and the removal of the remaining inferences. In the final part, we enhance the core framework with an object-oriented security design model and client side language extensions that collectively produce a more intuitive and usable infrastructure. The purpose of this study is to design a comprehensive end-to-end framework for OLAP security that is flexible, intuitive, and powerful. In short, the framework allows administrators to associate security policies with an intuitive conceptual model that maps directly to the model that users see. Restrictions then can be propagated transparently from users to all the hierarchical data. Moreover, the framework provides an automatic form of inference control that is fast enough in practice to not affect query time. To ground our conceptual work, we have integrated our research themes on the top of an OLAP-specific DBMS server (Sidera). Sidera gives us the opportunity to explore performance and correctness issues that would not be possible without such direct access to a DBMS. In addition, we have evaluated its efficiency with a pair of common industrial DBMS, a row-based DBMS (PostgreSQL) and a column-store DBMS (MonetDB). The evaluation is done using two common benchmarks (e.g., SSB and APB). The results show the ratio of checking time to execution time varies considerable, depending on the specification of the underlying query. These times are acceptable, particularly given that checking costs do not grow with data set size. 2014-01-16 Thesis NonPeerReviewed application/pdf http://spectrum.library.concordia.ca/978232/1/Altamimi_PhD_S2014.pdf Altamimi, Ahmad <http://spectrum.library.concordia.ca/view/creators/Altamimi=3AAhmad=3A=3A.html> (2014) A Comprehensive Data Security Framework for OLAP Domains. PhD thesis, Concordia University. http://spectrum.library.concordia.ca/978232/ |
collection |
NDLTD |
format |
Others
|
sources |
NDLTD |
description |
Online Analytical Processing (OLAP) has become an increasingly important and prevalent component of enterprise Decision Support Systems. OLAP is associated with a data model known as a Cube, a multi-dimensional representation that allows for the extraction and intuitive visualization of broad patterns and trends that would
otherwise not be obvious to the user. One must note, however, that not all of the collected data should be universally accessible. Specifically, DW/OLAP systems
almost always house confidential and sensitive data — identification information, medical data, or even religious beliefs and ideologies — that must, by definition, be
restricted to authorized users. In this thesis, we provide models and algorithms for protecting the data in multi-dimensional data cube spaces.
To this end, the thesis addresses three distinct but related themes. In the opening part of this study, we propose an authentication and authorization framework
that builds upon an algebra designed specifically for OLAP domains. It relies on robust query re-writing rules to ensure consistent data access across all levels of
the conceptual data cube model. In the second part, we present a framework for controlling malicious inferences caused by unprotected access to coarser level aggregations.
Our framework prevents complicated inferences through a combination of initial query restrictions and the removal of the remaining inferences. In the final part,
we enhance the core framework with an object-oriented security design model and client side language extensions that collectively produce a more intuitive and usable
infrastructure.
The purpose of this study is to design a comprehensive end-to-end framework for OLAP security that is flexible, intuitive, and powerful. In short, the framework allows
administrators to associate security policies with an intuitive conceptual model that maps directly to the model that users see. Restrictions then can be propagated
transparently from users to all the hierarchical data. Moreover, the framework provides an automatic form of inference control that is fast enough in practice to
not affect query time.
To ground our conceptual work, we have integrated our research themes on the top of an OLAP-specific DBMS server (Sidera). Sidera gives us the opportunity to
explore performance and correctness issues that would not be possible without such direct access to a DBMS. In addition, we have evaluated its efficiency with a pair
of common industrial DBMS, a row-based DBMS (PostgreSQL) and a column-store DBMS (MonetDB). The evaluation is done using two common benchmarks (e.g., SSB and APB). The results show the ratio of checking time to execution time varies considerable, depending on the specification of the underlying query. These times are acceptable, particularly given that checking costs do not grow with data set size. |
author |
Altamimi, Ahmad |
spellingShingle |
Altamimi, Ahmad A Comprehensive Data Security Framework for OLAP Domains |
author_facet |
Altamimi, Ahmad |
author_sort |
Altamimi, Ahmad |
title |
A Comprehensive Data Security Framework for OLAP Domains |
title_short |
A Comprehensive Data Security Framework for OLAP Domains |
title_full |
A Comprehensive Data Security Framework for OLAP Domains |
title_fullStr |
A Comprehensive Data Security Framework for OLAP Domains |
title_full_unstemmed |
A Comprehensive Data Security Framework for OLAP Domains |
title_sort |
comprehensive data security framework for olap domains |
publishDate |
2014 |
url |
http://spectrum.library.concordia.ca/978232/1/Altamimi_PhD_S2014.pdf Altamimi, Ahmad <http://spectrum.library.concordia.ca/view/creators/Altamimi=3AAhmad=3A=3A.html> (2014) A Comprehensive Data Security Framework for OLAP Domains. PhD thesis, Concordia University. |
work_keys_str_mv |
AT altamimiahmad acomprehensivedatasecurityframeworkforolapdomains AT altamimiahmad comprehensivedatasecurityframeworkforolapdomains |
_version_ |
1716706348303908864 |