Summary
Unlike in operational databases, aggregation and derivation play a major role in on-line analytical processing (OLAP) systems and data warehouses. Unfortunately, the process of aggregation and derivation can also pose challenging security problems. Aggregated and derived data usually look innocent to traditional security mechanisms, such as access control, and yet such data may carry enough sensitive information to cause security breaches. This chapter ?rst demonstrates the security threat from aggregated and derived data in OLAP systems and warehouses. The chapter then reviews a series of methods for removing such a threat. Two efforts in extending existing inference control methods to the special setting of OLAP systems and warehouses are discussed. Both methods are not fully satisfactory due to limitations inherited from their counter parts in statistical databases. The chapter then reviews another solution based on a novel preventing-then-removing approach, which shows a promising direction towards securing OLAP systems and data warehouses.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
N.R. Adam and J.C. Wortmann. Security-control methods for statistical databases: a comparative study. ACM Computing Surveys, 21(4):515–556, 1989.
R. Agrawal and R. Srikant. Privacy-preserving data mining. In Proceedings of the Nineteenth ACM SIGMOD Conference on Management of Data (SIGMOD’00), pages 439–450, 2000.
R. Agrawal, R. Srikant, and D. Thomas. Privacy-preserving olap. In Proceedings of the Twenty-fourth ACM SIGMOD Conference on Management of Data (SIGMOD’05), pages 251–262, 2005.
L.L. Beck. A security mechanism for statistical databases. ACM Trans. on Database Systems, 5(3):316–338, 1980.
B. Bhargava. Security in data warehousing (invited talk). In Proceedings of the 3rd Data Warehousing and Knowledge Discovery (DaWak’00), 2000.
F.Y. Chin. Security problems on inference control for sum, max, and min queries. Journal of the Association for Computing Machinery, 33(3):451–464, 1986.
F.Y. Chin and G. Ozsoyoglu. Statistical database design. ACM Trans. on Database Systems, 6(1):113–139, 1981.
F.Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Trans. on Software Engineering, 8(6):574–582, 1982.
E.F. Codd, S.B. Codd, and C.T. Salley. Providing olap to user-analysts: An IT mandate. White Paper, 1993. E.F. Codd Associates.
L.H. Cox. On properties of multi-dimensional statistical tables. Journal of Statistical Planning and Inference, 117(2):251–273, 2003.
D.E. Denning. Cryptography and data security. Addison-Wesley, Reading, Massachusetts, 1982.
D.E. Denning and J. Schlorer. Inference controls for statistical databases. IEEE Computer, 16(7):69–82, 1983.
D. Dobkin, A.K. Jones, and R.J. Lipton. Secure databases: protection against user influence. ACM Trans. on Database Systems, 4(1):97–106, 1979.
W. Du and Z. Zhan. Building decision tree classifier on private data. In Proceedings of the 2002 IEEE International Conference on Data Mining (ICDM’02), 2002.
J. Gray, A. Bosworth, A. Bosworth, A. Layman, D. Reichart, M. Venkatrao, F. Pellow, and H. Pirahesh. Data cube: A relational aggregation operator generalizing group-by, cross-tab, and sub-totals. Data Mining and Knowledge Discovery, 1(1):29–53, 1997.
P. Griffiths and B.W. Wade. An authorization mechanism for a relational database system. ACM Transactions on Database Systems, 1(3):242–255, September 1976.
J. Han. OLAP mining: Integration of OLAP with data mining. In IFIP Conf. on Data Semantics, pages 1–11, 1997.
V. Harinarayan, A. Rajaraman, and J.D. Ullman. Implementing data cubes efficiently. In Proceedings of the Fifteenth ACM SIGMOD international conference on Management of data (SIGMOD’96), pages 205–227, 1996.
K. Hoffman. Linear Algebra. Prentice-Hall, Englewood Cliffs, New Jersey, 1961.
S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian. Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26(4):1–57, dec 2001.
J.M. Mateo-Sanz and J. Domingo-Ferrer. A method for data-oriented multivariate microaggregation. In Proceedings of the Conference on Statistical Data Protection’98, pages 89–99, 1998.
G. Miklau and D. Suciu. A formal analysis of information disclosure in data exchange. In Proceedings of the 23th ACM SIGMOD Conference on Management of Data (SIGMOD’04), 2004.
N. Pendse. The olap report - what is olap. OLAP Report Technical Report, 2001. http:// www.olapreport.com / fasmi.htm.
P. Samarati. Protecting respondents’ identities in microdata release. IEEE Transactions on Knowledge and Data Engineering, 13(6):1 010–1027, 2001.
R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-based access control models. IEEE Computer, 29(2):38–47, 1996.
J. Schlörer. Security of statistical databases: multidimensional transformation. ACM Trans. on Database Systems, 6(1):95–112, 1981.
A. Shoshani. OLAP and statistical databases: Similarities and differences. In Proceedings of the Sixteenth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS’97), pages 185–196, 1997.
G. Pernul T. Priebe. Towards olap security design - survey and research issues. In Proceedings of 3rd ACM International Workshop on Data Warehousing and OLAP (DOLAP’00), pages 114–121, 2000.
Pedersen T.B. and Jense C.S. Multidimensional database technology. IEEE Computer, 34(12):40–46, 2001.
J.F. Traub, Y. Yemini, and H. Woźniakowski. The statistical security of a statistical database. ACM Trans. on Database Systems, 9(4):672–679, 1984.
J. Vaidya and C. Clifton. Privacy preserving association rule mining in vertically partitioned data. In Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining (KDD’02), pages 639–644, 2002.
L. Wang, S. Jajodia, and D. Wijesekera. Securing OLAP data cubes against privacy breaches. In Proceedings of the 2004 IEEE Symposium on Security and Privacy (S & P’04), pages 161–175, 2004.
L. Wang, Y.J. Li, D. Wijesekera, and S. Jajodia. Precisely answering multi-dimensional range queries without privacy breaches. In Proceedings of the Eighth European Symposium on Research in Computer Security (ESORICS’03), pages 100–115, 2003.
L. Wang, D. Wijesekera, and S. Jajodia. Cardinality-based inference control in data cubes. Journal of Computer Security, 12(5):655–692, 2004.
L. Willenborg and T. de Walal. Statistical disclosure control in practice. Springer Verlag, New York, 1996.
C. Yao, X. Wang, and S. Jajodia. Checking for k-anonymity violation by views. In Proceedings of the Thirty-first Conference on Very Large Data Base (VLDB’05), 2005.
C.T. Yu and F.Y. Chin. A study on the protection of statistical data bases. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD’77), pages 169–181, 1977.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media, LLC.
About this chapter
Cite this chapter
Wang, L., Jajodia, S. (2008). Security in Data Warehouses and OLAP Systems. In: Gertz, M., Jajodia, S. (eds) Handbook of Database Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-48533-1_8
Download citation
DOI: https://doi.org/10.1007/978-0-387-48533-1_8
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-48532-4
Online ISBN: 978-0-387-48533-1
eBook Packages: Computer ScienceComputer Science (R0)