SECDW Profile
A UML profile that allows to specify confidentiality constraints in the conceptual multidimensional modeling.
Specurity Aspects
Name
Description
Define sensitivity information for each element in the multidimensional model over a multilevel security policy.
Permit or deny access to certain objects.
Ensure that authorized users do not misuse their privileges.
Specification Elements
Name
Description
Represents the items of interest for a given business in the model.
Represents the context in which facts have to be analyzed in the model.
Represents the dimension hierarchy levels in a model.
Attributes of this stereotype represent object identifier (OID) attributes of Facts, Dimension, or Base classes.
Attributes of this stereotype represent attributes of Fact classes.
Attributes of this stereotype represent descriptor attributes of Dimension or Base classes.
Attributes of this stereotype represent attributes of Dimension or Base classes.
Associations of this stereotype represent the completeness of an association between Dimension class and a Base class or between two Base classes.
Classes of this stereotype contain all the properties that the system manages from users.
An ordered enumeration of all security levels that have to be considered.
Level instances will be those adopted by the attributes' lower level and upper level that are instances of Level.
Represents the hierarchy of user roles that can be defined for the organization.
An enumeration composed by all user compartments that have been considered for the organization.
An ordered enumeration of composed of all the different privileges that have been considered (typically, read, insert, delete, update, all).
An ordered enumeration composed of all different acceess attempts that have been considered (typically, none, all, frustratedAttempt, seccessfullAccess).
Security Aspects
Sensitive Information Assignment Rules (SIAR)
Define sensitivity information for each element in the multidimensional model over a multilevel security policy.- Specification Elements:
- Level
- Levels
- UserProfile
- Descriptor
- Role
- Privilege
- Fact
- FactAttributes
- Dimension
- Base
- Threats:
- Information Disclosure
Authorization Rules (AUR)
Permit or deny access to certain objects.- Specification Elements:
- Fact
- Dimension
- Base
- Privilege
- Role
- Compartment
- UserProfile
- DimensionAttribute
- FactAttributes
- OID
- Level
- Levels
- Threats:
- Information Disclosure
- Tampering with Data
- Elevation of Privileges
Audit Rules (AR)
Ensure that authorized users do not misuse their privileges.- Threats:
- Repudiation
Specification Elements
Fact
Represents the items of interest for a given business in the model.Dimension
Represents the context in which facts have to be analyzed in the model.- Applies to:
- Entity
Base
Represents the dimension hierarchy levels in a model.- Applies to:
OID
Attributes of this stereotype represent object identifier (OID) attributes of Facts, Dimension, or Base classes.- Applies to:
- Data
FactAttributes
Attributes of this stereotype represent attributes of Fact classes.- Applies to:
- Data
Descriptor
Attributes of this stereotype represent descriptor attributes of Dimension or Base classes.- Applies to:
- Data
DimensionAttribute
Attributes of this stereotype represent attributes of Dimension or Base classes.- Applies to:
- Data
Completeness
Associations of this stereotype represent the completeness of an association between Dimension class and a Base class or between two Base classes.- Applies to:
- Entity
UserProfile
Classes of this stereotype contain all the properties that the system manages from users.- Applies to:
- Entity
Level
An ordered enumeration of all security levels that have to be considered.- Applies to:
Levels
Level instances will be those adopted by the attributes' lower level and upper level that are instances of Level.- Applies to:
- Data
Role
Represents the hierarchy of user roles that can be defined for the organization.- Applies to:
- State
Compartment
An enumeration composed by all user compartments that have been considered for the organization.- Applies to:
- State
Privilege
An ordered enumeration of composed of all the different privileges that have been considered (typically, read, insert, delete, update, all).- Applies to:
- State
Attempt
An ordered enumeration composed of all different acceess attempts that have been considered (typically, none, all, frustratedAttempt, seccessfullAccess).- Applies to:
- State