A Model Driven Approach for Automatically Improving OLAP Legacy Applications with Security

Carlos Blanco, Eduardo Fernández-Medina, Juan Trujillo

Abstract

The majority of the organizations store its historical business information in Data Warehouses (DW) which are queried to make strategic decisions by using On-Line Analytical Processing (OLAP) tools. This information has to be correctly assured for unauthorized accesses, but nevertheless there are a great amount of legacy OLAP applications that have been developed without considering security aspects or these have been incorporated once the system was implemented. This work defines a reverse engineering process that allows us to obtain the conceptual model corresponding to a legacy OLAP application, and also analyses and represents the security aspects that could have established. This process has been aligned with a model driven architecture for developing secure OLAP applications by defining the transformations needed to automatically apply it. Once the conceptual model has been extracted, it can be easily modified and improved with security, and automatically transformed to generate the new implementation.

References

  1. Aiken, P. H. (1998). "Reverse engineering of data." IBM Syst. J. 37(2): 246-269.
  2. Basin, D., J. Doser, et al. (2003). Model Driven Security for Process-oriented Systems. ACM Symposium on Access Control Models and Technologies. Como, Italy, ACM Press: 100-109.
  3. Basin, D., J. Doser, et al. (2006). "Model Driven Security: from UML Models to Access Control Infrastructures." ACM Transactions on Software Engineering and Methodology 15(1): 39-91.
  4. Blaha, M. (2001). A Retrospective on Industrial Database Reverse Engineering ProjectsPart 1. Proceedings of the 8th Working Conference on Reverse Engineering (WCRÓ01), Suttgart, Germany, IEEE Computer Society.
  5. Blanco, C., I. García Rodríguez de Guzmán, et al. (2010). "Defining and Transforming Security Rules in an MDA approach for DWs." Int. J. of Business Intelligence and Data Mining - IJBIDM 5(2).
  6. Canfora, G. and M. D. Penta (2007). New Frontiers of Reverse Engineering, IEEE Computer Society.
  7. Cohen, Y. and Y. A. Feldman (2003). "Automatic high-quality reengineering of database programs by abstraction, transformation and reimplementation." ACM Trans. Softw. Eng. Methodol. 12(3): 285-316.
  8. CWM, O. M. G. (2003). "Common Warehouse Metamodel (CWM)."
  9. Fernández-Medina, E., J. Jurjens, et al. (2009). "Model-Driven Development for secure information systems." Information and Software Technology 51(5): 809-814.
  10. Fernández-Medina, E., J. Trujillo, et al. (2007). "Model Driven Multidimensional Modeling of Secure Data Warehouses." European Journal of Information Systems 16(4): 374-389.
  11. Fernández-Medina, E., J. Trujillo, et al. (2006). "Access Control and Audit Model for the Multidimensional Modeling of Data Warehouses." Decision Support Systems 42: 1270- 1289.
  12. Fernández-Medina, E., J. Trujillo, et al. (2007). "Developing Secure Data Warehouses with a UML extension." Information Systems 32(6): 826-856.
  13. Hainaut, J.-L., V. Englebert, et al. (2004). Database reverse engineering: From requirements to CARE tools. Applied Categorical Structures. SpringerLink. 3.
  14. Jurjens, J. (2004). Secure Systems Development with UML, Springer-Verlag.
  15. Jurjens, J. and H. Schmidt (2011). UMLsec4UML2 - Adopting UMLsec to Support UML2. http://hdl.handle.net/2003/27602, Technical Reports in Computer Science. Technische Universitat Dortmund.
  16. MDA, O. M. G. (2003). "Model Driven Architecture Guide."
  17. Mouratidis, H. (2011). Software Engineering for Secure Systems: Industrial and Research Perspectives, IGI Global.
  18. Muller, H. A., J. H. Jahnke, et al. (2000). Reverse engineering: a roadmap.
  19. Priebe, T. and G. Pernul (2001). A Pragmatic Approach to Conceptual Modeling of OLAP Security. 20th International Conference on Conceptual Modeling (ER 2001). Yokohama, Japan, Springer-Verlag.
  20. Thuraisingham, B., M. Kantarcioglu, et al. (2007). "Extended RBAC-based design and implementation for a secure data warehouse." International Journal of Business Intelligence and Data Mining (IJBIDM) 2(4): 367-382.
  21. Trujillo, J., E. Soler, et al. (2009). "A UML 2.0 Profile to define Security Requirements for DataWarehouses." Computer Standards and Interfaces (CSI) 31(5): 969-983.
  22. Weippl, E., O.Mangisengi, et al. (2001). An Authorization Model for Data Warehouses and OLAP. Workshop on Security in Distributed Data Warehousing. New Orleans, Louisiana, USA.
  23. Yu, E.(1997). Towards modelling and reasoning support for early-phase requirements engineering. 3rd IEEE International Symposium on Requirements Engineering (RE'97), Washington, DC.
Download


Paper Citation


in Harvard Style

Blanco C., Fernández-Medina E. and Trujillo J. (2013). A Model Driven Approach for Automatically Improving OLAP Legacy Applications with Security . In Proceedings of the 10th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2013) ISBN 978-989-8565-64-8, pages 76-85. DOI: 10.5220/0004609300760085


in Bibtex Style

@conference{wosis13,
author={Carlos Blanco and Eduardo Fernández-Medina and Juan Trujillo},
title={A Model Driven Approach for Automatically Improving OLAP Legacy Applications with Security},
booktitle={Proceedings of the 10th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2013)},
year={2013},
pages={76-85},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004609300760085},
isbn={978-989-8565-64-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2013)
TI - A Model Driven Approach for Automatically Improving OLAP Legacy Applications with Security
SN - 978-989-8565-64-8
AU - Blanco C.
AU - Fernández-Medina E.
AU - Trujillo J.
PY - 2013
SP - 76
EP - 85
DO - 10.5220/0004609300760085