Databases Reference
In-Depth Information
proved performance is obtained by exploring unique characteristics of OLAP
queries, both methods are not fully satisfactory due to limitations inherited
from their counter parts in statistical databases. The chapter then reviews
another solution, which adopts a
preventing-then-removing
approach. This
latter solution can thwart both unauthorized accesses and indirect inferences
of sensitive data, and the solution can potentially be applied to a broach range
of settings in terms of aggregation types and sensitivity criteria. The solution
thus shows a promising direction towards security OLAP systems and data
warehouses.
The rest of the chapter is organized as follows. Section 2 reviews back-
ground knowledge and related work. Section 3 discusses the threat of infer-
ences and the security requirements. Section 4 outlines a three-tier security
architecture for OLAP systems. Section 5 then reviews methods for controlling
inferences in such systems. Finally, Section 6 concludes the chapter.
2 Background
In this section, we first review background knowledge such as data warehouses
and OLAP systems. We then review other research efforts relevant to our
discussions in this chapter.
2.1 Data Warehouses and OLAP Systems
A centralized data warehouse is usually used to store enterprise data. The
data are organized based on a
star schema
, which usually has a
fact table
with
part of the attributes called
dimensions
and the rest called
measures
.Each
dimension is associated with a
dimension table
indicating a dimension hierar-
chy. The dimension tables may contain redundancy, which can be removed by
splitting each dimension table into multiple tables, one per attribute in the
dimension table. The result is called a
snowflake schema
. A data warehouse
usually stores data collected from multiple data sources, such as transactional
databases throughout an organization. The data are cleaned and transformed
to a common consistent format before they are stored in the data warehouse.
Subsets of the data in a data warehouse can be extracted as data marts to
meet the specific requirements of an organizational division. Unlike in transac-
tional databases where data are constantly updated, typically the data stored
in a data warehouse are refreshed from data sources only periodically.
Coined by Codd et. al in 1993 [9], OLAP stands for On-Line Analyti-
cal Processing. The concept has its root in earlier products such as the IRI
Express, the Comshare system, and the Essbase system [29]. Unlike statis-
tical databases which usually store census data and economic data, OLAP
is mainly used for analyzing business data collected from daily transactions,
such as sales data and health care data [27]. The main purpose of an OLAP
system is to enable analysts to construct a mental image about the underlying
