Abstract
This paper proposes the design and development of Role- based Access Control (RBAC) model for the Single Sign-On (SSO) Web-OLAP query spanning over multiple data warehouses (DWs). The model is based on PKI Authentication and Privilege Management Infrastructure (PMI); it presents a binding model of RBAC authorization based on dimension privilege specified in attribute certificate (AC) and user identification. Particularly, the way of attribute mapping between DW user authentication and privilege of dimensional access is illustrated. In our approach, we apply the multi-agent system to automate flexible and effective management of user authentication, role delegation as well as system accountability. Finally, the paper culminates in the prototype system A-COLD (Access Control of web-OLAP over multiple DWs) that incorporates the OLAP features and authentication and authorization enforcement in the multi-user and multi-data warehouse environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
N. Katic, G. Quirchmayr, J. Schiefer, M. Stolba, A. Min Tjoa, A prototype model for data warehouse security based on metadata, In Proceedings of 9th International Workshop on Database and Expert Systems Applications (DEXA’98). IEEE Computer Society, 8, Vienna, Austria, 1998. pp. 300–308.
A. Rosenthal, E. Sciore, View security as the basic for data warehouse security, In Proceedings of 2nd International Workshop on Design and Management of Data Warehouse, 28, Sweden, 2000, pp. 8.1–8.8.
Eduardo Fernández-Medina, Juan Trujillo, Rodolfo Villarroel, Mario Piattini: Developing secure data warehouses with a UML extension. Inf. Syst. 32(6): 826–856 (2007).
T. Priebe, G. Pernul, Towards OLAP security design-survey and research issues, In Proceedings of 3rd ACM International Workshop on Data Warehousing and OLAP (DOLAP’00), Washington, DC, USA, 2000, pp. 33–40.
T. Priebe, G. Pernul, A pragmatic approach to conceptual modeling of OLAP security, In Proceedings of 20th Int. Conference on Conceptual Modeling, Springer, LNCS 2224, Yokohama, Japan, 2001, pp. 311–324.
L. Wang, S. Jajodia, D. Wijesekera, Securing OLAP data cubes against privacy breaches, In Proceedings of IEEE Symposium on Security and Privacy, Berkeley, CA, 2004. pp. 161–178.
J. L. Mitrpanont, S. Fugkeaw: Multi-Version and Evolution Support for Multidimensional Database Schema. Databases and Applications 2005 (DBA 2005), Innsbruck, Austria, 2005.
L. Pearlman, V. Welch, I. Foster, K. Kesselman and S. Tuecke, “A Community Authorization Service for Group Collaboration”, IEEE Workshop on Policies for Distributed Systems and Networks, 2002.
G. Zhao, S. Otenko, D. W. Chadwick, Distributed Key Management for Secure Role based Messaging, pp. 132–137, Proc. of International Conference of Advanced Information Networking and Applications (AINA 2006), Vienna, Austria, April, 2006.
X. Wang, G. Zhao, X. Zhang, Beihong Jin, An Agent-Based Model For Web Services Transaction Processing, Proc. of International Conference on e-Technology, e-Commerce and e-Service (EEE’05), Beijing, China, March 2005.
W. Thompson, W. Johnston, S. Mudumbai, G. Hoo, K. Jackson, and A. Essiari, “Certificate-based access control for widely distributed resources”. Proc. of the 8th USENIX Security Symposium, Washington DC, August, 1999.
ITU-T Rec. X.509 (2000) ISO/IEC 9594–8 The Directory: Authentication Framework.
D.W. Chadwick, A. Otenko, and E. Ball, “Implementing role based access controls using X.509 attribute certificates”, IEEE Internet Computing, March 2003.
A. Otenko, D.W. Chadwick. “The PERMIS X.509 Role Based Privilege Management Infrastructure”, In Proc 7th ACM Symposium On Access Control Models And Technologies (SACMAT 2002), Monterey, CA, USA, pp. 135–140, June 2002.
A. Balmin et al. Hypothetical Queries in an OLAP Environment. VLDB (2000), pp. 220–231.
R.S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. Youman.: Role based access control models, IEEE Computer, pp. 38–47 (1996).
S. Fugkeaw, P. Manpanpanich, and S. Juntrapremjitt, A Development of Multi-SSO Authentication and RBAC Model in the Distributed Systems, Proceedings of 2nd IEEE International Conference on Digital Information Management (ICDIM 2007), October 2007, Lyon, France, 2007.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag London Limited
About this chapter
Cite this chapter
Fugkeaw, S., Mitrpanont, J.L., Manpanpanich, P., Juntapremjitt, S. (2010). Developing Access Control Model of Web OLAP over Trusted and Collaborative Data Warehouses. In: Chbeir, R., Badr, Y., Abraham, A., Hassanien, AE. (eds) Emergent Web Intelligence: Advanced Information Retrieval. Advanced Information and Knowledge Processing. Springer, London. https://doi.org/10.1007/978-1-84996-074-8_15
Download citation
DOI: https://doi.org/10.1007/978-1-84996-074-8_15
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-84996-073-1
Online ISBN: 978-1-84996-074-8
eBook Packages: Computer ScienceComputer Science (R0)