research-article

Modeling of security requirements for decision information systems

Authors:

Krishna Khajaria,

Manoj KumarAuthors Info & Claims

ACM SIGSOFT Software Engineering Notes, Volume 36, Issue 5

Pages 1 - 4

https://doi.org/10.1145/2020976.2020989

Published: 30 September 2011 Publication History

Abstract

Data Warehouse (DW) is a decision information system that facilitates decision makers for the fulfillment of strategic decisions (decision making needs) by extracting and integrating data from heterogeneous sources. Due to sensitivity of the information to be maintained in the DW, it becomes important to capture information security goal as a quality goal of the stakeholders for their organization from early stages of DW life cycle. Various requirements engineering techniques have been proposed in the DW literature without paying much attention on security aspect. Recently, AGDI (agent-goal-decision-information) model was proposed to capture decision making needs of the stakeholders for their organization to build a DW, but security issue was not addressed. In this paper, we propose an extension to the AGDI model to capture security aspect (i.e. security goals of the stakeholders) right from the beginning of requirements modeling in order to prevent illegitimate attempts of accessing DW. The application of the proposed extension in the AGDI model has been demonstrated through a CASE study of a University.

References

[1]

Inmon, W.H. 1996. Building the data warehouse. Wiley, New York.

Digital Library

[2]

Ballard, C., Herreman, D., Schau, D., Bell, R.,Kim,E. and Valencic, A. 1998. Data modeling techniques for data warehousing, http://redbooks.ibm.com.

Digital Library

[3]

Jarke, M., Jeusfeld, A., Quix, C. and Vassiliadis P. 1998. Architecture and quality in data warehouses. In Proceedings of 10th CAiSE'98 Conference, ed. Pernici B, Thanos C, Springer, Heidelberg, 93--113.

Digital Library

[4]

Yu, E.S.K. 1997. Towards modeling and Reasoning Support for Early-Phase Requirements Engineering. In proceedings of IEEE International Symposium on Requirements Engineering, 226--235.

Digital Library

[5]

Yu, E., Mylopoulos, J. 1994. Understanding Why in Requirements Engineering with an example. In Workshop on System Requirements: Analysis, Management, and Exploitation.

[6]

Bresciani P., Giorgini P., Myopoulous J. and Perini A. 2004. TROPOS: An Agent-Oriented Software Development Methodology. In Autonomous Agent and Multi-Agent Systems, 8, 203--236.

Digital Library

[7]

Yu, E.S.K. 1997. Why Agent Oriented Requirements Engineering. In Proceedings of Third Workshop on Requirements Engineering, Barcelona, Catalonia.

[8]

Giorgini, P., Rizzi, S. and Garzetti, M. 2008. GRAnD: A goaloriented approach to requirements analysis in data warehouses. In Elsevier Science Direct, Decision Support Systems, 45, 4--21.

Digital Library

[9]

Prakash, N. and Gosain, A. 2003. Requirements driven data warehouse development. In CAiSE'03, Short Paper Proceedings, 13--17.

[10]

Prakash, N. and Gosain, A. 2007. An approach to engineering the requirements of data warehouse. In Springer-Verlag, Requirements Engineering Journal.

Digital Library

[11]

Kumar, M., Gosain, A. and Singh, Y. 2009. Agent Oriented Requirements Engineering for a Data Warehouse. In ACM Sigsoft Software Engineering Notes, 34(5), 2009. DOI=http://doi.acm.org/10.1145/1598732.1598737

Digital Library

[12]

Thuraisingham, B., Kantarcioghi, M., et al. 2007. Extended RBAC-based design and implementation for a secure data warehouse. In International Journal of Business Intelligence and Data Mining (IJBIDM) 2(4), 367--382.

Digital Library

[13]

Chung, L. and Leite, J.C.S. 2007. On Non-Functional Requirements in Software Engineering, LNCS 5600. 363--379.

[14]

Jureta, I.J., Faulkner, S. and Schobbens, P.Y. 2007. Achieving, Satisficing and Excelling, ER Workshops, LNCS 4802. 286--295.

Digital Library

[15]

Landwehr, C.E. Computer security. 2001. In Int. Journal of Information Security 1(1), 13.

[16]

Soler, E., Stefanov, V. and Mazon, N.J. 2008. Towards Comprehensive Requirement Analysis for Data Warehouses: Considering Security Requirements. In IEEE, 104--111.

Digital Library

[17]

Weise J. and Martin, C.R. 2001. Developing a security policy, Sun Microsystems, http://www.sun.com/blueprints.

[18]

A guide to understanding Security Modeling in Trusted Systems by National Computer Security Center, 1992.

[19]

Weippl, E.R. Security in Data Warehouses.

[20]

Singh, Y., Gosain, A. and Kumar, M. 2009. From Early Requirements to Late Requirements Modeling for a Data Warehouse. In 5th International Joint Conference on INC, IMS and IDC. IEEE, DOI= 10.1109/NCM.2009.226

Digital Library

[21]

Devbandu, P. and Stubblebine, S. 2000. Software Engineering for Security: a roadmap. In Finkelstein, A. (ed.) The Future of Software Engineering, 227--239. ACM Press, New York.

Digital Library

[22]

Golfarelli, M. and Rizzi, S. 1998. A Methodological framework for Data Warehouse design. In Proceedings of the First International Workshop on Data Warehousing and OLAP.

Digital Library

[23]

Hyacinth, S.N. 1996. Software Agents: An overview, Knowledge Engineering Review, 11(3), 205--244.

[24]

Crook, R., Ince, D. and Nuseibeh, B. 2003. Modelling access policies using roles in requirements engineering, In Information and Software Technology, 45(14), 979--991.

[25]

BS799-1:1999 Information Security Management-Part-1: Code of Practice for Information Security, British Standards Institution, London.

[26]

Olson, I. and Abrams, M.: Information Security Policy.

[27]

Jarke, M., Lenzirini, M., Vassiliou Y. and Vassiliadis, P. 1999. Fundamentals of Data Warehouse, Springer-Verlag.

Digital Library

[28]

Kazmierczak, E.: ww2.cs.mu.oz.au/~dmwilm/downloads/641.pdf

[29]

Rosenthal, A. and Sciore, E. 2000. View Security as the basis for data warehouse security, In 2nd International Workshop on Design and Management of Data Warehouse, Swedan.

[30]

Moody, D.L. and Kortink, M.K. 2000. From Enterprise Models to Dimensional Models: A Methodology for Data Warehouse and Data Mart Design, In Proc. of 2nd Int. Workshop on Design and Management of Data Warehouses. CEUR-WS.org.

[31]

Bonifati, A., Cattaneo, A., Ceri, S., Fuggetta, A., and Paraboschi, S. 2001. Designing Data Marts for Data Warehouses. ACM Trans. Softw. Eng. Methodology., 10(4), 452--483.

Digital Library

[32]

S. Jajodia and D. Wijesekera.2004. Securing OLAP data cubes against privacy breaches. In Proc. IEEE Symp. on Security and Privacy, 161--178.

[33]

T. Priebe and G. Pernul. 2000. A pragmatic approach to conceptual modeling of OLAP security. In Proc. ER, 311--324.

Digital Library

[34]

Mora, S.R. and Trujillo, J. 2002. Extending UML for Multidimensional Modeling, In LNCS, vol. 2460, 265--276.

[35]

Medina, E.F., Trujillo, J., Villarroel, R. and Piattini, M. 2004. Extending UML for Designing secure Data Warehouses, In ER LNCS 3288,217--230.

[36]

E. Fernandez-Medina, J. Trujillo, R. Villaroel, and M. Piattini. 2006. Extending UML for designing secure data warehouses. In Decision Support Systems.

[37]

Blanco, C., Guzman, I.G.R., Medina, E.F., Trujillo, J. and Piattini, M. 2008. Automatic generation of secure Multidimensional Code for Data Warehouses: An MDA Approach, In OTM 2008, Part II, LNCS 5332, 1052--1068.

Digital Library

Cited By

Niazi MSaeed AAlshayeb MMahmood SZafar S(2020)A maturity model for secure requirements engineeringComputers & Security10.1016/j.cose.2020.10185295(101852)Online publication date: Aug-2020
https://doi.org/10.1016/j.cose.2020.101852
Subramanian GWang K(2017)Systems Dynamics-Based Modeling of Data Warehouse QualityJournal of Computer Information Systems10.1080/08874417.2017.138386359:4(384-391)Online publication date: 24-Oct-2017
https://doi.org/10.1080/08874417.2017.1383863
Altamimi AEavis T(2015)PICM: A practical inference control model for protecting OLAP cubes2015 2nd World Symposium on Web Applications and Networking (WSWAN)10.1109/WSWAN.2015.7210324(1-8)Online publication date: Mar-2015
https://doi.org/10.1109/WSWAN.2015.7210324
Show More Cited By

Index Terms

Modeling of security requirements for decision information systems
1. Information systems
  1. Data management systems
    1. Database administration
2. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Requirements analysis

Recommendations

Quality-oriented requirements engineering for a data warehouse

Due to the increasing complexity of Data Warehouses (DW), continuous attention must be paid for evaluation of their quality throughout their design and development. DW quality depends on the quality of all requirements, conceptual, logical and physical ...
From Early Requirements to Late Requirements Modeling for a Data Warehouse
NCM '09: Proceedings of the 2009 Fifth International Joint Conference on INC, IMS and IDC

In recent years, a number of requirements engineering (RE) proposals for a data warehouse (DW) systems have been made. In the traditional/operational systems, requirements engineering has been divided into two phases: early & late requirements ...
Agent oriented requirements engineering for a data warehouse

In recent years, a number of requirements engineering (RE) proposals for a data warehouse (DW) systems have been made. In the traditional/operational systems, requirements engineering has been divided into two phases: early & late requirements ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGSOFT Software Engineering Notes

ACM SIGSOFT Software Engineering Notes Volume 36, Issue 5

September 2011

160 pages

ISSN:0163-5948

DOI:10.1145/2020976

Issue’s Table of Contents

Copyright © 2011 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 September 2011

Published in SIGSOFT Volume 36, Issue 5

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
33
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Niazi MSaeed AAlshayeb MMahmood SZafar S(2020)A maturity model for secure requirements engineeringComputers & Security10.1016/j.cose.2020.10185295(101852)Online publication date: Aug-2020
https://doi.org/10.1016/j.cose.2020.101852
Subramanian GWang K(2017)Systems Dynamics-Based Modeling of Data Warehouse QualityJournal of Computer Information Systems10.1080/08874417.2017.138386359:4(384-391)Online publication date: 24-Oct-2017
https://doi.org/10.1080/08874417.2017.1383863
Altamimi AEavis T(2015)PICM: A practical inference control model for protecting OLAP cubes2015 2nd World Symposium on Web Applications and Networking (WSWAN)10.1109/WSWAN.2015.7210324(1-8)Online publication date: Mar-2015
https://doi.org/10.1109/WSWAN.2015.7210324
Altamimi AEavis T(2014)OSSM: The OLAP Security Specification ModelDatabases Theory and Applications10.1007/978-3-319-08608-8_3(26-37)Online publication date: 2014
https://doi.org/10.1007/978-3-319-08608-8_3

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents