Login | Register

A Comprehensive Data Security Framework for OLAP Domains


A Comprehensive Data Security Framework for OLAP Domains

Altamimi, Ahmad (2014) A Comprehensive Data Security Framework for OLAP Domains. PhD thesis, Concordia University.

[thumbnail of Altamimi_PhD_S2014.pdf]
Text (application/pdf)
Altamimi_PhD_S2014.pdf - Accepted Version


Online Analytical Processing (OLAP) has become an increasingly important and prevalent component of enterprise Decision Support Systems. OLAP is associated with a data model known as a Cube, a multi-dimensional representation that allows for the extraction and intuitive visualization of broad patterns and trends that would
otherwise not be obvious to the user. One must note, however, that not all of the collected data should be universally accessible. Specifically, DW/OLAP systems
almost always house confidential and sensitive data — identification information, medical data, or even religious beliefs and ideologies — that must, by definition, be
restricted to authorized users. In this thesis, we provide models and algorithms for protecting the data in multi-dimensional data cube spaces.
To this end, the thesis addresses three distinct but related themes. In the opening part of this study, we propose an authentication and authorization framework
that builds upon an algebra designed specifically for OLAP domains. It relies on robust query re-writing rules to ensure consistent data access across all levels of
the conceptual data cube model. In the second part, we present a framework for controlling malicious inferences caused by unprotected access to coarser level aggregations.
Our framework prevents complicated inferences through a combination of initial query restrictions and the removal of the remaining inferences. In the final part,
we enhance the core framework with an object-oriented security design model and client side language extensions that collectively produce a more intuitive and usable
The purpose of this study is to design a comprehensive end-to-end framework for OLAP security that is flexible, intuitive, and powerful. In short, the framework allows
administrators to associate security policies with an intuitive conceptual model that maps directly to the model that users see. Restrictions then can be propagated
transparently from users to all the hierarchical data. Moreover, the framework provides an automatic form of inference control that is fast enough in practice to
not affect query time.
To ground our conceptual work, we have integrated our research themes on the top of an OLAP-specific DBMS server (Sidera). Sidera gives us the opportunity to
explore performance and correctness issues that would not be possible without such direct access to a DBMS. In addition, we have evaluated its efficiency with a pair
of common industrial DBMS, a row-based DBMS (PostgreSQL) and a column-store DBMS (MonetDB). The evaluation is done using two common benchmarks (e.g., SSB and APB). The results show the ratio of checking time to execution time varies considerable, depending on the specification of the underlying query. These times are acceptable, particularly given that checking costs do not grow with data set size.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Computer Science and Software Engineering
Item Type:Thesis (PhD)
Authors:Altamimi, Ahmad
Institution:Concordia University
Degree Name:Ph. D.
Program:Computer Science
Date:16 January 2014
Thesis Supervisor(s):Eavis, Todd
ID Code:978232
Deposited On:16 Jun 2014 13:14
Last Modified:18 Jan 2018 17:46
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top