Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sabrina Kirrane INSIGHT Viva Presentation

869 views

Published on

Sabrina Kirrane INSIGHT Viva Presentation

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Sabrina Kirrane INSIGHT Viva Presentation

  1. 1. Linked Data with Access Control PhD Viva Sabrina Kirrane
  2. 2. Background & Problem Statement 1.1
  3. 3. Publishing and Consuming Linked Data RDB2RDF RDB2RDF RDB2RDF Interface
  4. 4. Research Questions 1. When relational data is exposed as RDF, how can we ensure the original access control policies are applied to the RDF data? 2. Beyond triple level access control, what rules are necessary to support existing access control models and to simplify access control specification and maintenance? 3. What adjustments need to be made to SPARQL queries, to ensure that only authorised data is returned? 4. What components are required to support the specification, enforcement and administration of access control for the Linked Data Web?
  5. 5. Access Control Entities Users e.g. JBloggs, MRyan Roles e.g. manager, supervisor Groups e.g. humanResources, sales Attributes e.g. (employer, NUIG), (policyNumber, 565656) Create, Read, Update, Delete Triples The 28th International Conference on Logic Programming, ICLP 2012. The 2nd Joint International Semantic Technology Conference, JIST 2012.
  6. 6. Associating Permissions with RDF Zimmermann, A., Lopes, N., Polleres, A., Straccia, U. 2012. A general framework for representing, reasoning and querying with annotated semantic web data. Allows domain specific meta data to be attached to triples Fuzzy :joeBloggs :worksFor :westportCars [ 0.5 ] Temporal :joeBloggs :worksFor :westportCars [ 2010, 2012 ] Provenance :joeBloggs :worksFor :westportCars [ :employeeDetails ] Access Control :joeBloggs :worksFor :westportCars [ [Read] [Update] [Delete] ] Supports both merging and inference  domain operator = disjunction ⊗ domain operator = conjunction The 28th International Conference on Logic Programming, ICLP 2012. The 2nd Joint International Semantic Technology Conference, JIST 2012.
  7. 7. Lifting both Data and Policies Employee Permissions EmployeeID Name Salary JBloggs Joe Bloggs 60000 ID Type Entity Access HR Role Employee Read PermissionsForEmployee Use RDB2RDF to Extract details of all employees and the roles that can access their data prefix :<http://urq.deri.org/enterprise#> :JBloggs rdf:type foaf:Person [ [HR] [] [] ]; foaf:name "Joe Bloggs" [ [HR] [] [] ]; :salary 60000 [ [HR] [] [] ]. prefix :<http://urq.deri.org/enterprise#> FOR Id, Name, Salary, Role FROM PermissionsForEmployee CONSTRUCT { :{ $Id } a foaf:Person [{ $Role }][][]] ; foaf:name "{ $Name } " [{ $Role }][][]]; :salary { $Salary } [{ $Role }][][]]. } EmployeeID Name Salary RoleID JBloggs Joe Bloggs 60000 HR The 28th International Conference on Logic Programming, ICLP 2012. The 2nd Joint International Semantic Technology Conference, JIST 2012.
  8. 8. Evaluating Triple Based Access Control Objective Examine the performance overhead associated with access control Dataset Enterprise Software Applications Document Management System Timesheet System Datasets of increasing size 푫푺ퟏ 푫푺ퟐ 푫푺ퟑ 푫푺ퟒ Records 9990 17692 33098 63909 Triples 62296 123920 247160 493648 File size(MB) 7.6 14.9 29.9 59.6 The 28th International Conference on Logic Programming, ICLP 2012. The 2nd Joint International Semantic Technology Conference, JIST 2012.
  9. 9. Evaluation Results and Limitations Overhead associated with access control Performance Improvement for 2+ Triple Patterns The 28th International Conference on Logic Programming, ICLP 2012. The 2nd Joint International Semantic Technology Conference, JIST 2012.
  10. 10. Known Limitations
  11. 11. Research Questions 1. When relational data is exposed as RDF, how can we ensure the original access control policies are applied to the RDF data? 2. Beyond triple level access control, what rules are necessary to support existing access control models and to simplify access control specification and maintenance? 3. What adjustments need to be made to SPARQL queries, to ensure that only authorised data is returned? 4. What components are required to support the specification, enforcement and administration of access control for the Linked Data Web?
  12. 12. What rules are necessary for access control over RDF data? Discretionary Access Control (DAC) • Central access control policy • Users are allowed to override the central policy • Users can pass their access rights on to others (known as delegation) 28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013. 12th International Semantic Web Conference, ISWC 2013.
  13. 13. DAC for the RDF Data Model Ability to delegate access rights to others grant/revoke Data and Schema based authorisations triple(s), subject, object, property, named graph – RDF Quad Pattern RDFS/OWL, Authorisation hierarchies Access Rights tightly coupled with operations select, construct, ask, describe insert, delete, insert/delete drop, create, copy, move, add Conflict Resolution denial takes precedence explicit over implicit exploit hierarchies Integrity Constrains ensure the create, copy, move, add permissions are assigned to named graphs 28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013. 12th International Semantic Web Conference, ISWC 2013.
  14. 14. Access Control Entities Users e.g. joeBloggs, johnSmith Roles e.g. manager, supervisor Groups e.g. humanResources, sales Attributes e.g. (employer, NUIG), (policyNumber, 565656) Create, Read, Update, Delete Select, Construct, Ask, Describe, Insert, Delete, Delete/Insert Create, Copy, Move, Add, Drop Triple RDF Quad Patterns Redundant Redundant 28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013. 12th International Semantic Web Conference, ISWC 2013.
  15. 15. What rules are necessary to support DAC over RDF data? Jajodia, S., Samarati, P., Sapino, M. L., Subrahmanian, V. S. Flexible support for multiple access control policies. 2001. Hierarchical Data System Components 28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013. 12th International Semantic Web Conference, ISWC 2013.
  16. 16. Hierarchical Data System Components Jajodia, S., Samarati, P., Sapino, M. L., Subrahmanian, V. S. Flexible support for multiple access control policies. 2001. Users/Groups Roles Access Rights Resources 28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013. 12th International Semantic Web Conference, ISWC 2013.
  17. 17. What rules are necessary to support DAC over RDF data? Jajodia, S., Samarati, P., Sapino, M. L., Subrahmanian, V. S. Flexible support for multiple access control policies. 2001. Graph Based Data System Components 28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013. 12th International Semantic Web Conference, ISWC 2013.
  18. 18. Graph Based Data System Components 28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013. 12th International Semantic Web Conference, ISWC 2013. Subjects Access Rights Resources
  19. 19. What rules are necessary to support DAC over RDF data? Jajodia, S., Samarati, P., Sapino, M. L., Subrahmanian, V. S. Flexible support for multiple access control policies. 2001. Authorisations <Sub, AR, Sign, Res, Type, By> Propagation Rules Authx ← Authy ᴧ GraphPattern Conflict Resolution Policies Authx ← Authx > Authy Integrity Constraints Error ← Authx 28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013. 12th International Semantic Web Conference, ISWC 2013.
  20. 20. Evaluating Graph Based Access Control Objective Overhead associated with access control over increasing: • datasets • authorisations Dataset Berlin SPARQL Benchmark Dataset Query and authorisation generator Datasets of increasing size 푫푺ퟏ 푫푺ퟐ 푫푺ퟑ 푫푺ퟒ 푫푺ퟓ Quads 250223 500258 1000109 2000164 4000936 File size(MB) 24.5 49 98 195 391 푨푺ퟏ 푨푺ퟐ 푨푺ퟑ 푨푺ퟒ 푨푺ퟓ Authorisation sets of increasing size Quads 60000 120000 240000 480000 960000 File size(MB) 6.5 13 26 53 105
  21. 21. Evaluation Results and Limitations Rules over increasing authorisations 60000 – 960000 Select queries over increasing triples 250223 – 4000936 • all quads (?S ?P ?O ?G) • a particular graph (?S ?P ?O G1) • all quads of type (?S rdf:type bsbm:Offer ?G) • all classes (?S rdf:type rdf:Class) • all properties (?S rdf:type rdf:Property) • Classes to all instances of that class • Properties to all instances of that property • Instance to properties associated with that instance 28th IFIP TC-11 International Information Security and Privacy Conference, SEC 2013. 12th International Semantic Web Conference, ISWC 2013.
  22. 22. Known Limitations • Need access to all quad patterns to execute the query • Access Control correctness an open issue
  23. 23. Research Questions 1. When relational data is exposed as RDF, how can we ensure the original access control policies are applied to the RDF data? 2. Beyond triple level access control, what rules are necessary to support existing access control models and to simplify access control specification and maintenance? 3. What adjustments need to be made to SPARQL queries, to ensure that only authorised data is returned? 4. What components are required to support the specification, enforcement and administration of access control for the Linked Data Web?
  24. 24. SPARQL 1.1 Query Categories SPARQL Queries • Basic graph patterns and aggregates • Negation and subqueries SPARQL Updates • Insert/delete • Insert and Delete • Graph based update operations
  25. 25. Rewriting SPARQL BGPs & Aggregates :MRyan :salary ?o :Employee SELECT ?id ?name ?salary WHERE { GRAPH ?g { ?id foaf:name ?name . ?id :salary ?salary } } SELECT ?id ?name ?salary WHERE { GRAPH ?g { ?id foaf:name ?name . ?id :salary ?salary FILTER NOT EXISTS { GRAPH :Employee { ?id foaf:name ?name . ?id :salary ?salary FILTER(?id = :MRyan) } } } }
  26. 26. Rewriting SPARQL Subqueries and Filters :MRyan :worksFor ?o :OrgStructure SELECT DISTINCT ?employee ?manager WHERE { GRAPH ?g { ?x foaf:name ?employee . ?y foaf:name ?manager { SELECT ?x ?y WHERE { GRAPH :OrgStructure { ?x :worksFor ?y } } } } } SELECT DISTINCT ?employee ?manager WHERE { GRAPH ?g { ?x foaf:name ?employee . ?y foaf:name ?manager { SELECT ?x ?y WHERE { GRAPH :OrgStructure { ?x :worksFor ?y FILTER NOT EXISTS { GRAPH :OrgStructure { ?x :worksFor ?y FILTER ( ?x = :MRyan ) } } } } } } }
  27. 27. Rewriting SPARQL Update Queries DELETE/INSERT • Apply SELECT query rewriting strategy DELETE DATA and INSERT DATA. • Remove unauthorised quads from the query CLEAR and DROP. • DELETE from target graph ADD and LOAD. • INSERT into target graph COPY. • DELETE from the destination graph • INSERT into destination graph MOVE. • DELETE from the destination graph • INSERT into destination graph • DELETE from the source graph
  28. 28. Access Control Correctness Correctness criteria for fine-grained access control in relational databases. 2007. Wang, Q., Yu, T., Li, N., Lobo, J., Bertino, E., Irwin, K., Byun, J.-W. Secure - does not return information which has not been authorised Sound - does not return invalid results Maximum - returns as much information as possible without violating the secure and sound constraints State 1 State 2
  29. 29. Access Control Correctness
  30. 30. Evaluating Query Rewriting Correctness Objective Compare the results returned by our query rewriting algorithm to the results returned by a standard SPARQL query over a filtered dataset • Basic graph patterns and aggregates • Negation and subqueries • Insert/delete • Insert and delete • Graph based update operations Dataset  Automatically generate a set of authorisations from all 2^4 possible combinations (of constants and variables) for each quad in the BSBM dataset  Systematically generate queries for each of the 19104 RDF quad patterns As SPARQL queries are based on basic graph pattern matching, if we can prove correctness for all possible authorisations over the different query types, the data itself is irrelevant
  31. 31. Evaluating Query Rewriting Correctness Results The proposed query rewriting algorithm is secure, sound and maximum for: • Basic graph patterns and aggregates • Negation and subqueries • Insert/delete • Insert and delete • Graph based update operations Exception In the case of property paths the query rewriting algorithm is not maximum Example FILTER NOT EXISTS { GRAPH ?g { ?employee :worksFor+ ?manager FILTER ( ?employee = :MRyan ) } }
  32. 32. Performance Evaluation Triple Updates Graph Updates Queries Negation Time in milliseconds Time in milliseconds Time in milliseconds Time in milliseconds
  33. 33. Known Limitations
  34. 34. Research Questions 1. When relational data is exposed as RDF, how can we ensure the original access control policies are applied to the RDF data? 2. Beyond triple level access control, what rules are necessary to support existing access control models and to simplify access control specification and maintenance? 3. What adjustments need to be made to SPARQL queries, to ensure that only authorised data is returned? 4. What components are required to support the specification, enforcement and administration of access control for the LDW?
  35. 35. Publishing and Consuming Linked Data RDB2RDF RDB2RDF
  36. 36. Linked Data Authorisation Architecture RDB2RDF RDB2RDF
  37. 37. Enforce access control policies Extract both data and permissions Source the individual PDFs
  38. 38. Conclusions 1. When relational data is exposed as RDF, how can we ensure the original access control policies are applied to the RDF data? Use RDB2RDF to extract and associate permissions with triples 2. Beyond triple level access control, what rules are necessary to support existing access control models and to simplify access control specification and maintenance? The graph based authorisation flexible framework • Authorisations • Propagation rules • Conflict resolution policies • Integrity constraints
  39. 39. Conclusions 3. What adjustments need to be made to SPARQL queries, to ensure that only authorised data is returned? Query rewriting strategy • FILTER NOT EXISTS expressions • Remove triples from insert and delete data queries • Rewrite update queries as INSERT/DELETE queries 4. What components are required to support the specification, enforcement and administration of access control for the LDW? The Linked Data Authorisation Architecture includes: • Authorisation Interface • Query Engine • Authorisation Framework
  40. 40. Linked Data with Access Control Next Steps Privacy • Reasoning over privacy policies Context Awareness • Reasoning over contextual data • Efficient reasoning over streaming data Usability & Understandability • Graph based data clustering and visualisation techniques o examine the interplay between authorisations and rules o determine the impact of new authorisations Explanations & Negotiation • Potential security impact associated with explanations

×