Databases Reference
In-Depth Information
8
Security in Data Warehouses and OLAP
Systems
Lingyu Wang
1
and Sushil Jajodia
2
1
Concordia Institute for Information Systems Engineering
Concordia University
Montreal, QC H3G 1M8, Canada
wang@ciise.concordia.ca
2
Center for Secure Information Systems
George Mason University
Fairfax, VA 22030-4444, USA
jajodia@gmu.edu
Summary.
Unlike in operational databases, aggregation and derivation play a ma-
jor role in on-line analytical processing (OLAP) systems and data warehouses. Un-
fortunately, the process of aggregation and derivation can also pose challenging
security problems. Aggregated and derived data usually look innocent to traditional
security mechanisms, such as access control, and yet such data may carry enough
sensitive information to cause security breaches. This chapter first demonstrates the
security threat from aggregated and derived data in OLAP systems and warehouses.
The chapter then reviews a series of methods for removing such a threat. Two efforts
in extending existing inference control methods to the special setting of OLAP sys-
tems and warehouses are discussed. Both methods are not fully satisfactory due to
limitations inherited from their counter parts in statistical databases. The chapter
then reviews another solution based on a novel preventing-then-removing approach,
which shows a promising direction towards securing OLAP systems and data ware-
houses.
1 Introduction
With rapid advancements in computer and network technology, it becomes a
common practice for organizations to collect, store, and analyze vast amounts
of data quickly and e
ciently. On-line analytical processing (OLAP) systems
and data warehouses of today are used to store and analyze everything - vi-
tal or not - to an organization. The security of data warehouses and OLAP
systems is crucial to the interest of both organizations and individuals. Stolen
organizational secrets may cause serious and immediate damages to an orga-
nization. Indiscriminate collection and retention of data represents an extraor-
dinary intrusion on privacy of individuals. Security breaches in governmental
