Middleware non-repudiation service for the data warehouse

• Autorzy: Księżopolski B. , Kotulski Z.
• Języki publikacji: EN

Abstrakty

EN

Nowadays, storing the information is fundamental for the correct functioning of any organization. The critical factor is to guarantee the security of the stored data. In the traditional database systems the security requirements are limited to confidentiality, integrity, availability of the data and user authorization. The criticality of the database system and data repositories for modern business with the new requirements of law and governments, makes the development of new system architecture necessary which ensures sophisticated set of security services. In this paper we propose the database architecture that ensures the non-repudiation of the user queries and data warehouse actions. These security services are accomplished by means of the middleware layer in the data warehouse architecture.

Słowa kluczowe

EN

data warehouse; data repository; security services

• Wydawca: Wydawnictwo UMCS
• Czasopismo: Annales Universitatis Mariae Curie-Skłodowska. Sectio AI, Informatica
• Rocznik: 2010
• Tom: Vol. 10, no. 1
• Strony: 131--144
• Opis fizyczny: Bibliogr. 25 poz., rys., tab.

Twórcy

autor

Księżopolski B.

• Institute of Computer Science, Maria Curie-Sklodowska University, pl. M. Curie-Sklodowskiej 5, 20-031 Lublin, Poland

autor

Kotulski Z.

• Institute of Fundamental Technological Research of PAS, Swietokrzyska 21, 00-049 Warsaw, Poland
• Institute of Telecommunications of WUT, Nowowiejska 15/19, 00-665 Warsaw, Poland.

Bibliografia

• [1] Humm B., Wietek F., Architektur von data warehouses und business intelligence systemem, Informatyk-Spektrum 28 (2005): 3–14.
• [2] Jarke M., Jeusfeld M.A., Quix Ch., Vassiliadis P., Architecture and quality in data warehouses: an extended repository approach, Information Systems 24 (1999): 229–253.
• [3] Missier P., Lalk G., Verykios V.S., Grillo F., Lorusso T., Angeletti P., Improving data quality in practice: a case study in the italian public administration, Distributed and Parallel Databases 13(2) (2003): 135–160.
• [4] Mont C. M., Pearson S., An adaptive privacy management system for data repositories, Lecture Notes in Computer Science 3592 (2005): 236–245.
• [5] Prakash N., Gosain A., An approach to engineering the requirements of data warehouses, Requirements Engineering, 13(1) (2008): 49–72.
• [6] Villarroel R., Fernandez-Medina E., Piattini M., Secure information systems development – a survey and comparison, Computer & Security 24 (2005): 308–321.
• [7] Bertino E., Sandhu R., Database security – concepts, aproaches, and challenges, IEEE Transactions on Dependable and Security Computing 2(1) (2005): 2–19.
• [8] Bertino E., Jajodia S., Samarat P., Database security: research and practice, Information Systems 20(7) (1995): 537–556.
• [9] Cui Y., Widom J., Lineage tracing for general data warehouse transformations, VLDB Journal 12(1) (2003): 41–58.
• [10] B. Ksiezopolski, Z. Kotulski, Adaptable security mechanism for the dynamic environments, Computers & Security 26(3) (2007): 246–255.
• [11] C. Lambrinoudakis, Gritzalis S., Dridi F., Pernul G., Security requirements for e-government services: a methodological approach for developing a common pkibased security policy, Computer Communication 26 (2003): 1873–1883.
• [12] ISO/IEC19790, Security Techniques Security Requirements for Cryptographic Modules (2006).
• [13] E. Fernandez-Medina and M. Piattini, Designinig secure databases, Information and Software Technology 47 (2005): 463–477.
• [14] Devanbu P., Gertz M., Martel C., Stubblebine S., Authentic third-party data publication, Fourteenth IFIP Working Conference on Database Security (2000).
• [15] SSSWG, Official web page of Storage System Standards Working Group (2002), http://www.ssswg.org/.
• [16] Lothian P., Wenham P., Database security in a web environment, Information Security Technical Report 6(2) (2001): 12–20.
• [17] Kaufman C., Perlman R., Speciner M., Database Security – Concepts, Aproaches, and Challenges (Prentice-Hall, 2002).
• [18] ISO/IEC15408, Information Technology. Security Techniques Evaluation Criteria for IT Security (2003).
• [19] ISO/IEC17799, Information Technology – Code of Practice for Information Security Management (2005).
• [20] Levinger J., Oracle Label Security, Administrator’s Guide (relase 2) (9.2) (2002).
• [21] Samarati P., Vimercati S., Access control: policies models, and mechanisms, Foundations of Security Analysis and Design (2000).
• [22] RFC2560, X.509 Internet Public Key Infrastructure, Online Certificate Status Protocol – OCSP (1999).
• [23] ETSI101903, XML Advanced Electronic Signatures (XAdES) (2004).
• [24] Ng H. S., Sim M.L., Tan C. M., Security issues of wireless sensor networks in healthcare applications h s. BT Technology Journal 24(2) (2006): 138–144.
• [25] Thuraisingham B., Security and privacy for multimedia database management systems, Multimedia Tools Application 33 (2007): 13–29.