4. Research Questions
1. When relational data is exposed as RDF, how can we ensure
the original access control policies are applied to the RDF
data?
2. Beyond triple level access control, what rules are necessary
to support existing access control models and to simplify
access control specification and maintenance?
3. What adjustments need to be made to SPARQL queries, to
ensure that only authorised data is returned?
4. What components are required to support the specification,
enforcement and administration of access control for the
Linked Data Web?
5. Access Control Entities
Users e.g. JBloggs, MRyan
Roles e.g. manager, supervisor
Groups e.g. humanResources, sales
Attributes e.g. (employer, NUIG), (policyNumber, 565656)
Create, Read, Update, Delete
Triples
The 28th International Conference on Logic Programming, ICLP 2012.
The 2nd Joint International Semantic Technology Conference, JIST 2012.
6. Associating Permissions with RDF
Zimmermann, A., Lopes, N., Polleres, A., Straccia, U. 2012.
A general framework for representing, reasoning and
querying with annotated semantic web data.
Allows domain specific meta data to be attached to triples
Fuzzy
:joeBloggs :worksFor :westportCars [ 0.5 ]
Temporal
:joeBloggs :worksFor :westportCars [ 2010, 2012 ]
Provenance
:joeBloggs :worksFor :westportCars [ :employeeDetails ]
Access Control
:joeBloggs :worksFor :westportCars [ [Read] [Update] [Delete] ]
Supports both merging and inference
domain operator = disjunction
⊗ domain operator = conjunction
The 28th International Conference on Logic Programming, ICLP 2012.
The 2nd Joint International Semantic Technology Conference, JIST 2012.
7. Lifting both Data and Policies
Employee Permissions
EmployeeID Name Salary
JBloggs Joe Bloggs 60000
ID Type Entity Access
HR Role Employee Read
PermissionsForEmployee
Use RDB2RDF to Extract details of all employees and the roles that can
access their data
prefix :<http://urq.deri.org/enterprise#>
:JBloggs rdf:type foaf:Person [ [HR] [] [] ];
foaf:name "Joe Bloggs" [ [HR] [] [] ];
:salary 60000 [ [HR] [] [] ].
prefix :<http://urq.deri.org/enterprise#>
FOR Id, Name, Salary, Role
FROM PermissionsForEmployee
CONSTRUCT {
:{ $Id } a foaf:Person [{ $Role }][][]] ;
foaf:name "{ $Name } " [{ $Role }][][]];
:salary { $Salary } [{ $Role }][][]].
}
EmployeeID Name Salary RoleID
JBloggs Joe Bloggs 60000 HR
The 28th International Conference on Logic Programming, ICLP 2012.
The 2nd Joint International Semantic Technology Conference, JIST 2012.
8. Evaluating Triple Based Access Control
Objective
Examine the performance overhead associated with access control
Dataset
Enterprise Software Applications
Document Management System
Timesheet System
Datasets of increasing size
푫푺ퟏ 푫푺ퟐ 푫푺ퟑ 푫푺ퟒ
Records 9990 17692 33098 63909
Triples 62296 123920 247160 493648
File size(MB) 7.6 14.9 29.9 59.6
The 28th International Conference on Logic Programming, ICLP 2012.
The 2nd Joint International Semantic Technology Conference, JIST 2012.
9. Evaluation Results and Limitations
Overhead associated
with access control
Performance Improvement
for 2+ Triple Patterns
The 28th International Conference on Logic Programming, ICLP 2012.
The 2nd Joint International Semantic Technology Conference, JIST 2012.
11. Research Questions
1. When relational data is exposed as RDF, how can we ensure
the original access control policies are applied to the RDF
data?
2. Beyond triple level access control, what rules are necessary
to support existing access control models and to simplify
access control specification and maintenance?
3. What adjustments need to be made to SPARQL queries, to
ensure that only authorised data is returned?
4. What components are required to support the specification,
enforcement and administration of access control for the
Linked Data Web?
12. What rules are necessary for access
control over RDF data?
Discretionary Access Control (DAC)
• Central access control policy
• Users are allowed to override the central policy
• Users can pass their access rights on to others (known as delegation)
28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013.
12th International Semantic Web Conference, ISWC 2013.
13. DAC for the RDF Data Model
Ability to delegate access rights to others
grant/revoke
Data and Schema based authorisations
triple(s), subject, object, property, named graph – RDF Quad Pattern
RDFS/OWL, Authorisation hierarchies
Access Rights tightly coupled with operations
select, construct, ask, describe
insert, delete, insert/delete
drop, create, copy, move, add
Conflict Resolution
denial takes precedence
explicit over implicit
exploit hierarchies
Integrity Constrains
ensure the create, copy, move, add permissions are assigned to named graphs
28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013.
12th International Semantic Web Conference, ISWC 2013.
14. Access Control Entities
Users e.g. joeBloggs, johnSmith
Roles e.g. manager, supervisor
Groups e.g. humanResources, sales
Attributes e.g. (employer, NUIG), (policyNumber, 565656)
Create, Read, Update, Delete
Select, Construct, Ask, Describe,
Insert, Delete,
Delete/Insert
Create, Copy, Move, Add, Drop
Triple
RDF Quad Patterns
Redundant
Redundant
28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013.
12th International Semantic Web Conference, ISWC 2013.
15. What rules are necessary to support DAC over RDF data?
Jajodia, S., Samarati, P., Sapino, M. L., Subrahmanian, V. S.
Flexible support for multiple access control policies. 2001.
Hierarchical Data
System Components
28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013.
12th International Semantic Web Conference, ISWC 2013.
16. Hierarchical Data System Components
Jajodia, S., Samarati, P., Sapino, M. L., Subrahmanian, V. S.
Flexible support for multiple access control policies. 2001.
Users/Groups Roles
Access Rights Resources
28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013.
12th International Semantic Web Conference, ISWC 2013.
17. What rules are necessary to support DAC over RDF data?
Jajodia, S., Samarati, P., Sapino, M. L., Subrahmanian, V. S.
Flexible support for multiple access control policies. 2001.
Graph Based Data
System Components
28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013.
12th International Semantic Web Conference, ISWC 2013.
18. Graph Based Data System Components
28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013.
12th International Semantic Web Conference, ISWC 2013.
Subjects
Access Rights Resources
19. What rules are necessary to support DAC over RDF data?
Jajodia, S., Samarati, P., Sapino, M. L., Subrahmanian, V. S.
Flexible support for multiple access control policies. 2001.
Authorisations
<Sub, AR, Sign, Res, Type, By>
Propagation Rules
Authx ← Authy ᴧ GraphPattern
Conflict Resolution Policies
Authx ← Authx > Authy
Integrity Constraints
Error ← Authx
28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013.
12th International Semantic Web Conference, ISWC 2013.
20. Evaluating Graph Based Access Control
Objective
Overhead associated with access control over increasing:
• datasets
• authorisations
Dataset
Berlin SPARQL Benchmark Dataset
Query and authorisation generator
Datasets of increasing size
푫푺ퟏ 푫푺ퟐ 푫푺ퟑ 푫푺ퟒ 푫푺ퟓ
Quads 250223 500258 1000109 2000164 4000936
File size(MB) 24.5 49 98 195 391
푨푺ퟏ 푨푺ퟐ 푨푺ퟑ 푨푺ퟒ 푨푺ퟓ
Authorisation sets of increasing size
Quads 60000 120000 240000 480000 960000
File size(MB) 6.5 13 26 53 105
21. Evaluation Results and Limitations
Rules over increasing
authorisations 60000 – 960000
Select queries over increasing
triples 250223 – 4000936
• all quads (?S ?P ?O ?G)
• a particular graph (?S ?P ?O G1)
• all quads of type (?S rdf:type bsbm:Offer ?G)
• all classes (?S rdf:type rdf:Class)
• all properties (?S rdf:type rdf:Property)
• Classes to all instances of that class
• Properties to all instances of that property
• Instance to properties associated with that
instance
28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013.
12th International Semantic Web Conference, ISWC 2013.
22. Known Limitations
• Need access to all quad patterns to execute the query
• Access Control correctness an open issue
23. Research Questions
1. When relational data is exposed as RDF, how can we ensure
the original access control policies are applied to the RDF
data?
2. Beyond triple level access control, what rules are necessary
to support existing access control models and to simplify
access control specification and maintenance?
3. What adjustments need to be made to SPARQL queries, to
ensure that only authorised data is returned?
4. What components are required to support the specification,
enforcement and administration of access control for the
Linked Data Web?
24. SPARQL 1.1 Query Categories
SPARQL Queries
• Basic graph patterns and aggregates
• Negation and subqueries
SPARQL Updates
• Insert/delete
• Insert and Delete
• Graph based update operations
27. Rewriting SPARQL Update Queries
DELETE/INSERT
• Apply SELECT query rewriting strategy
DELETE DATA and INSERT DATA.
• Remove unauthorised quads from the query
CLEAR and DROP.
• DELETE from target graph
ADD and LOAD.
• INSERT into target graph
COPY.
• DELETE from the destination graph
• INSERT into destination graph
MOVE.
• DELETE from the destination graph
• INSERT into destination graph
• DELETE from the source graph
28. Access Control Correctness
Correctness criteria for fine-grained access control in
relational databases. 2007.
Wang, Q., Yu, T., Li, N., Lobo, J., Bertino, E., Irwin, K., Byun, J.-W.
Secure - does not return information which has not been authorised
Sound - does not return invalid results
Maximum - returns as much information as possible without violating the
secure and sound constraints
State 1
State 2
30. Evaluating Query Rewriting Correctness
Objective
Compare the results returned by our query rewriting algorithm to the results
returned by a standard SPARQL query over a filtered dataset
• Basic graph patterns and aggregates
• Negation and subqueries
• Insert/delete
• Insert and delete
• Graph based update operations
Dataset
Automatically generate a set of authorisations from all 2^4 possible
combinations (of constants and variables) for each quad in the BSBM dataset
Systematically generate queries for each of the 19104 RDF quad patterns
As SPARQL queries are based on basic graph pattern matching, if we
can prove correctness for all possible authorisations over the different
query types, the data itself is irrelevant
31. Evaluating Query Rewriting Correctness
Results
The proposed query rewriting algorithm is secure, sound and maximum
for:
• Basic graph patterns and aggregates
• Negation and subqueries
• Insert/delete
• Insert and delete
• Graph based update operations
Exception
In the case of property paths the query rewriting algorithm is not maximum
Example
FILTER NOT EXISTS {
GRAPH ?g { ?employee :worksFor+ ?manager
FILTER ( ?employee = :MRyan ) } }
32. Performance Evaluation
Triple Updates Graph Updates
Queries Negation
Time in milliseconds
Time in milliseconds
Time in milliseconds
Time in milliseconds
34. Research Questions
1. When relational data is exposed as RDF, how can we ensure
the original access control policies are applied to the RDF
data?
2. Beyond triple level access control, what rules are necessary
to support existing access control models and to simplify
access control specification and maintenance?
3. What adjustments need to be made to SPARQL queries, to
ensure that only authorised data is returned?
4. What components are required to support the specification,
enforcement and administration of access control for the
LDW?
37. Enforce access
control policies
Extract both data
and permissions
Source the
individual PDFs
38. Conclusions
1. When relational data is exposed as RDF, how can we ensure
the original access control policies are applied to the RDF
data?
Use RDB2RDF to extract and associate permissions with
triples
2. Beyond triple level access control, what rules are necessary to
support existing access control models and to simplify access
control specification and maintenance?
The graph based authorisation flexible framework
• Authorisations
• Propagation rules
• Conflict resolution policies
• Integrity constraints
39. Conclusions
3. What adjustments need to be made to SPARQL queries, to
ensure that only authorised data is returned?
Query rewriting strategy
• FILTER NOT EXISTS expressions
• Remove triples from insert and delete data queries
• Rewrite update queries as INSERT/DELETE queries
4. What components are required to support the specification,
enforcement and administration of access control for the
LDW?
The Linked Data Authorisation Architecture includes:
• Authorisation Interface
• Query Engine
• Authorisation Framework
40. Linked Data with Access Control
Next Steps
Privacy
• Reasoning over privacy policies
Context Awareness
• Reasoning over contextual data
• Efficient reasoning over streaming data
Usability & Understandability
• Graph based data clustering and visualisation techniques
o examine the interplay between authorisations and rules
o determine the impact of new authorisations
Explanations & Negotiation
• Potential security impact associated with explanations
Notes de l'éditeur
Seevl music discovery and personalisation
BBC integration of large amounts of content online, as text, audio and video. Search engines.
Talis Aspire resource management solutions and services for universities, learners and educators.
Marbles browser
Sindice Search Engine , Sigma browser
Swoogle search engine
7.5 MB – 15 MB – 30 MB – 60 MB
60000 T – 120000 T – 24000 T – 48000 T