Databases Reference
In-Depth Information
The lattice-based inference control method can be implemented based on
the three-tier inference control model given in Section 4. The authorization
object computed through the above iterative process comprises the data tier.
The complement of the object is the aggregation tier since it does not cause
any inferences to the data tier. The first property of the three-tier model is
satisfied because the number of cuboids is constant compared to the number
of cells, and hence the size of the aggregation tier must be polynomial in the
size of the data tier. Because the aggregation tier is a collection of descendant
closures of single cuboids, the aggregation tier naturally forms a partition on
the data tier, satisfying the second property. The aggregation tier apparently
satisfies the last property.
6 Conclusion
This chapter has discussed the security requirements of OLAP systems and
data warehouses. We have argued that the most challenging security threat
lies in that sensitive data stored in a data warehouse may be disclosed through
seemingly innocent OLAP queries. We then described three methods specif-
ically proposed for securing OLAP data cubes. The first two methods have
been inspired by existing inference control methods in statistical databases.
We have shown that better results can be obtained by exploring the unique
structures of data cube queries, although both methods also inherit limita-
tions from their counterparts in statistical databases. Finally, the lattice-based
method aimed to remove many limitations of previous methods. The method
adopted a preventing-then-removing approach to avoid the infeasible task of
detecting m-d inferences. The method also based itself upon algebraic prop-
erties instead of on specific models of inferences, which helped to broaden the
scope of inference control. All the proposed methods could be implemented
on the basis of a three-tier inference control architecture that is especially
suitable for OLAP systems.
Acknowledgements
This material is based upon work supported by National Science Founda-
tion under grants CT-0627493, IIS-0242237, and IIS-0430402; and by Natu-
ral Sciences and Engineering Research Council of Canada under Discovery
Grant N01035. Any opinions, findings, and conclusions or recommendations
expressed in this material are those of the authors and do not necessarily
reflect the views of the sponsoring organizations.
References
1. N.R. Adam and J.C. Wortmann. Security-control methods for statistical
databases: a comparative study.
ACM Computing Surveys
, 21(4):515-556, 1989.
