Representing security and audit rules for data warehouses at the logical level by using the Common Warehouse Metamodel Emilio ~oler', Rodolfo villarroe12,Juan ~ r u j i l l o ~ , Eduardo ~erniindez-~edina* and Mario piattini4 (1) Departamento de Infonitica. Universidad de Matanzas (Cuba) Autopista de Varadero km 3. Matanzas. Cuba. emilio.soler@umcc.cu (2) Departamento de Computaci6n e Informiitica. Universidad Cat6lica del Maule (Chile) Avenida San Miguel3605 Talca (Chile) rvillar@spock.ucm.cl (3) Departamento de Lenguajes y Sistemas Informiiticos. Universidad de Alicante (Spain) C/ San Vicente SIN 03690 Alicante (Spain) jtrujillo@dlsi.ua.es (4) Departamento de Informhtica. Universidad de Castilla-La Mancha (Spain) Paeso de la Universidad, 4- 1307 1 Ciudad Real (Spain) (mario.piattini, eduardo.fdzmedina)@uclm.es Abstract Data warehouses (DWs) contained high sensitive data, and therefore, it is essential to specljj security measures 1. Introduction fiom the early stages of the DW design and enforce them. Access control models for transactional (relational) databases, based on tables, columns and rows, are not appropriate for DWs. Instead, security and audit rules defined for DWs must be specij?ed based on the multidimensional (MD) modeling used to design data warehouses. So far, very few approaches represent security measures in the conceptual modeling of data warehousesform the early stages of a DW project. Moreover, these security measures cannot be directly represented in the relational model for data warehouses, thereby having a semantic gap between the conceptual and logical schemas. In this paper, we present an extension of the relational model to consider security and audit measures represented in the conceptual modeling. To accomplish this, we based on the Relational Package of the Common Warehouse Metamodel (CWM) and extend it to properly represent all security and audit rules defined in the conceptual modelling of data warehouses. Finally, to show the benefit of our approach, we apply our proposal to a health care case study. Data Warehouses @W), Multidimensional (MD) Databases, and On-Line Analytical Processing (OLAP) applications are used in conjunction to form a highly powerful mechanism for discovering crucial business information in strategic decision-making processes. MD modeling is the foundation of DWs, MD databases and OLAP applications. Sometimes MD models also store information regarding private or personal aspects of individuals, such as identification data, medical data or even religious beliefs or ideologies. In the past few years, various approaches have been proposed for representing the main multidimensional (MD) properties at the conceptual level [3,4,7, 8, 17, 181. Nevertheless, these models do not consider the design of secure MD models for DW. Actually, the Unified Modeling Language (UML) [5] has been widely accepted as the standard object- oriented ( 0 0 ) modeling language for modeling various aspects of s o h a r e systems. In 161 the authors presented an approach, based on the UML, to represent main access control and audit rules in the conceptual modeling of data warehouses fi-om the very early stages of a data warehouse project and enforce them in the fbrther design steps. The standard OMG (Object Management Group) [15] promotes the theory and practice of object- Proceedings of the First International Conference on Availability, Reliability and Security (ARES'O6) 0-7695-2567-9106 $20.00 o 2006 IEEE CGPUT SOCIETY