Secure ETL Process Model: An Assessment of Security in Different Phases of ETL

Generally, in the software development process, security is added as an afterthought, which may not assure the complete security of the system. It is also required to add security as part of software development process. This is possible with the quantified values for the parameters under assessment for assuring security. Hence, we suggest having quantified values for the security metrics too. In this paper, a security analysis has been carried out for ETL(Extraction, Transformation and Loading)process and the security metrics are quantified. A framework for secure ETL processes has been suggested and a methodology for assessing the security of the system in the early stages. The framework can be applied for any phase in the ETL process. We validate the framework firstly, using the static model of data extraction process in ETL and later for dynamic model using the simulation. We considered two securitymetrics; vulnerability index and security index. A simulation tool SeQuanT,which quantifies security of the system, in a general context of security, has been developed and discussed. We have also carried out sensitivity analysis also for the security metrics. The results show the level of security in the system and the number of security requirements to be considered to achieve the required level of security.