Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Nicoletta Fornara and Fabio Marfia | Modeling and Enforcing Access Control Obligations for SPARQL-DL Queries

117 views

Published on

http://2016.semantics.cc/fabio-marfia

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Nicoletta Fornara and Fabio Marfia | Modeling and Enforcing Access Control Obligations for SPARQL-DL Queries

  1. 1. Nicoletta Fornara, Fabio Marfia Università della Svizzera italiana (USI) – http://www.usi.ch 13th September 2016 Modeling and Enforcing Access Control Obligations for SPARQL-DL queries
  2. 2. 13/09/2016 Page 2/27 Università della Svizzera italiana (USI) SPARQL-DL… hey, what? SPARQL-DL is a SPARQL-like query language for conjunctive ABox-RBox-TBox queries for OWL 2 DL ontologies It is thought to be as much similar as possible to SPARQL, while allowing complex queries on the knowledge that can be inferred from an OWL 2 ontology using standard DL reasoning algorithms A formal description can be found in E. Sirin and B. Parsia. SPARQL-DL: SPARQL Query for OWL-DL. Proceedings of the Third International Workshop on OWL: Experiences and Directions (OWLED '07). A Java prototype of a SPARQL-DL query interface for OWL 2 has been developed by the DERIVO company (2009)
  3. 3. 13/09/2016 Page 3/27 Università della Svizzera italiana (USI) Examples of SPARQL-DL queries Get all Classes: SELECT ?c WHERE { Class(?c) } Ask class A is a subclass of B: ASK { SubClassOf(ex:A, ex:B) } Get all transitive properties that have John as subject: SELECT ?p WHERE { PropertyValue(ex:john, ?p, ?o), Transitive(?p)}
  4. 4. 13/09/2016 Page 4/27 Università della Svizzera italiana (USI) AND, OR operands Conjunctive conditions are expressed with the use of a comma separator, as in the last example Disjunctive conditions can be expressed with the OR WHERE clause Get all transitive or symmetric properties that have John as subject: SELECT ?p WHERE { PropertyValue(ex:john, ?p, ?o), Transitive(?p)} OR WHERE { PropertyValue(ex:john, ?p, ?o), Symmetric(?p)}
  5. 5. 13/09/2016 Page 5/27 Università della Svizzera italiana (USI) SPARQL-DL syntax The SPARQL-DL query language allows the expression of composite conjunctions and disjunctions between 18 different atoms: Type(a,C) ProperyValue(a,p,v) SameAs(a,b) DifferentFrom(a,b) EquivalentClass(C1,C2) SubClassOf(C1,C2) DisjointWith(C1,C2) ComplementOf(C1,C2) EquivalentProperty(p1,p2) SubPropertyOf(p1,p2) InverseOf(p1,p2) ObjectProperty(p) DatatypeProperty(p) Functional(p) InverseFunctional(p) Transitive(p) Symmetric(p) Annotation(s,p,o)
  6. 6. 13/09/2016 Page 6/27 Università della Svizzera italiana (USI) Managing Access Control for DL Inferred Knowledge Different works specify techniques for managing high level and fine-grained access control for RDF graphs Such works do not rely on reasoning algorithms for protecting data. But using the specification of complex DL expressions for identifying the different pieces of data to be protected appears to represent an interesting approach, as already showed by Sacco et al. (2011), Masoumzadeh et al. (2011) This is the first time that such interesting approach is applied to a SPARQL-DL query interface
  7. 7. 13/09/2016 Page 7/27 Università della Svizzera italiana (USI) Why applying Access Control paradigms to a SPARQL-DL query interface? ? 1. It allows mixed ABox-RBox-TBox queries that can not be handled by other query languages 2. It has a clear syntax and semantics 3. The SPARQL-DL Java API released by the DERIVO company is available under LGPL license 4. The same reasoner instance that is used to obtain the results of a SPARQL-DL query can be used for inferring fine-grained access permissions
  8. 8. 13/09/2016 Page 8/27 Università della Svizzera italiana (USI) Our chosen Access Control approach: Formal Specification of Obligations We define the general form of an obligation O as a triple O = <D, A, C> Where D is a description of the requesting user, A is the activation condition of the obligation and C the content of the obligation The activation condition of the obligation is the formal specification of a set of condition according to which the obligation activates, in the form of a set of logical axioms The content of the policy is the set of actions that have to be performed as a consequence of the activation of the obligation
  9. 9. 13/09/2016 Page 9/27 Università della Svizzera italiana (USI) Obligation Definition Example (Hospital Use Case) When a user submits a query for statistical purposes, the ID of patients with a diabetic disease have to be anonymized In our O = <D, A, C> paradigm, D is a description of the requesting user, as, e.g., a statisticalPurposes attribute (we did not focus on such part) A can be a DL Class axiom identifying each patient with a diabetic disease: Class: AC01 SubClassOf: AC EquivalentTo: Patient and hasRecord some (hasInfoAbout value diabetes)
  10. 10. 13/09/2016 Page 10/27 Università della Svizzera italiana (USI) Obligation Definition Example (Hospital Use Case) C is a pre-defined function to be called passing as an argument p each piece of data identified by the class AC01: C = anonymize(p, someAnonimizationAlgorithm) We identified three main types of content functions in our experiments. Such list can be extended: Remove(p) Anonymize(p, someAnonimizationAlgorithm) WriteLogEvent(requestingUser, p, timestamp)
  11. 11. 13/09/2016 Page 11/27 Università della Svizzera italiana (USI) Obligation Enforcement Module: An Access Control Middle-Layer
  12. 12. 13/09/2016 Page 12/27 Università della Svizzera italiana (USI) Obligation Enforcement in 4 steps 1. When the Access Control Layer receives a SPARQL-DL query, it is rewritten before submitting it to the final endpoint, in order to retrieve the access control conditions also for each piece of returned data 2. The modified query is submitted to the SPARQL-DL endpoint and executed on both collections of original data and activation conditions 3. The result is returned to the Access Control Layer. Each piece of data on which an obligation is active, is changed according to each obligation content function. 4. The final result is returned to the Data Consumer
  13. 13. 13/09/2016 Page 13/27 Università della Svizzera italiana (USI) 1. SPARQL-DL Query Rewriting For each variable and individual in the query, information must be added in order to retrieve the conditions that are active for each piece of data Example query: identifying all people living in Oxford or Birmingham SELECT ?x WHERE {PropertyValue(?x, livesIn, oxford), Type(?x, Person)} OR WHERE {PropertyValue(?x, livesIn, birmingham), Type(?x, Person)}
  14. 14. 13/09/2016 Page 14/27 Università della Svizzera italiana (USI) 1. SPARQL-DL Query Rewriting For each variable in in each WHERE clause, another WHERE clause is added for identifying its activated conditions. Example: SELECT ?x WHERE {PropertyValue(?x, livesIn, oxford), Type(?x, Person)} OR WHERE {PropertyValue(?x, livesIn, birmingham), Type(?x, Person)}
  15. 15. 13/09/2016 Page 15/27 Università della Svizzera italiana (USI) 1. SPARQL-DL Query Rewriting For each variable in in each WHERE clause, another WHERE clause is added for identifying its activated conditions. Example: SELECT ?x, ?xAC WHERE {PropertyValue(?x, livesIn, oxford), Type(?x, Person)} OR WHERE {PropertyValue(?x, livesIn, birmingham), Type(?x, Person)} OR WHERE {PropertyValue(?x, livesIn, oxford), Type(?x, Person), SubClassOf(?xAC, AC), Type(?x, ?xAC)}
  16. 16. 13/09/2016 Page 16/27 Università della Svizzera italiana (USI) 1. SPARQL-DL Query Rewriting For each variable in in each WHERE clause, another WHERE clause is added for identifying its activated conditions. Example: SELECT ?x, ?xAC WHERE {PropertyValue(?x, livesIn, oxford), Type(?x, Person)} OR WHERE {PropertyValue(?x, livesIn, birmingham), Type(?x, Person)} […] OR WHERE {PropertyValue(?x, livesIn, birmingham), Type(?x, Person), SubClassOf(?xAC, AC), Type(?x, ?xAC)}
  17. 17. 13/09/2016 Page 17/27 Università della Svizzera italiana (USI) 1. SPARQL-DL Query Rewriting For each named individual, a WHERE clause is added for identifying its own activated conditions: SELECT ?x, ?xAC, ?oxfAC WHERE {PropertyValue(?x, livesIn, oxford), Type(?x, Person)} OR WHERE {PropertyValue(?x, livesIn, birmingham), Type(?x, Person)} […] OR WHERE {SubClassOf(?oxfAC, AC), Type(oxford, ?oxfAC)}
  18. 18. 13/09/2016 Page 18/27 Università della Svizzera italiana (USI) 1. SPARQL-DL Query Rewriting For each named individual, a WHERE clause is added for identifying its own activated conditions: SELECT ?x, ?xAC, ?oxfAC, ?birAC WHERE {PropertyValue(?x, livesIn, oxford), Type(?x, Person)} OR WHERE {PropertyValue(?x, livesIn, birmingham), Type(?x, Person)} […] OR WHERE {SubClassOf(?birAC, AC), Type(birmingham, ?birAC)}
  19. 19. 13/09/2016 Page 19/27 Università della Svizzera italiana (USI) 1. SPARQL-DL Query Rewriting For each named individual, a WHERE clause is added for identifying its own activated conditions: SELECT ?x, ?xAC, ?oxfAC, ?birAC, ?perAC WHERE {PropertyValue(?x, livesIn, oxford), Type(?x, Person)} OR WHERE {PropertyValue(?x, livesIn, birmingham), Type(?x, Person)} […] OR WHERE {SubClassOf(?perAC, AC), SubClassOf(Person, ?perAC)}
  20. 20. 13/09/2016 Page 20/27 Università della Svizzera italiana (USI) 2. Enhanced response The query rewriting process obtains a query having as results all the results of the original query, plus the information about the activated conditions on each piece of data Sample response for the presented original query ?x bob carl alice eleanor donald
  21. 21. 13/09/2016 Page 21/27 Università della Svizzera italiana (USI) 2. Enhanced response Sample enhanced response ?x ?xAC ?oxfAC ?birAC ?perAC bob carl alice eleanor donald bob AC01 bob AC02 carl AC02 eleanor AC01 AC03
  22. 22. 13/09/2016 Page 22/27 Università della Svizzera italiana (USI) 3. Obligation Enforcement The table is splitted into two sets ?x ?xAC ?oxfAC ?birAC ?perAC bob carl alice eleanor donald bob AC01 bob AC02 carl AC02 eleanor AC01 AC03 Standard Response Enforcement directives
  23. 23. 13/09/2016 Page 23/27 Università della Svizzera italiana (USI) 3. Obligation Enforcement Data is changed in the standard response according to obligations functions (e.g. bob is removed…) ?x ?xAC ?oxfAC ?birAC ?perAC bob carl alice anonym01 donald bob AC01 bob AC02 carl AC02 eleanor AC01 AC03 Standard Response Enforcement directives WriteLogAnonymize Remove
  24. 24. 13/09/2016 Page 24/27 Università della Svizzera italiana (USI) 3. Obligation Enforcement Data is changed in the standard response according to obligations functions (e.g. bob is removed…) ?x ?xAC ?oxfAC ?birAC ?perAC alice anonym01 donald bob AC01 bob AC02 carl AC02 eleanor AC01 AC03 Standard Response Enforcement directives
  25. 25. 13/09/2016 Page 25/27 Università della Svizzera italiana (USI) 4. Final Response Enforcement directives are removed ?x ?xAC ?oxfAC ?birAC ?perAC alice anonym01 donald Original variables Access Control Variables
  26. 26. 13/09/2016 Page 26/27 Università della Svizzera italiana (USI) 4. Final Response Access Control variables are removed ?x alice anonym01 donald That is our Final response
  27. 27. 13/09/2016 Page 27/27 Università della Svizzera italiana (USI) Performances
  28. 28. 13/09/2016 Page 28/27 Università della Svizzera italiana (USI) Conclusion and Future Work We presented an approach for defining and enforcing expressive data provider obligations for performing fine- grained protection on OWL 2 DL data A private-by-default environment can be chosen, permissions can be expressed at the same manner as the proposed obligations, and introducing a little change in the enforcement algorithm The concept of Institutional power for generating policies can be added, by studying its relationship with the proposed model DL policies can be transmitted as Sticky Policies
  29. 29. Nicoletta Fornara, Fabio Marfia Università della Svizzera italiana (USI) – http://www.usi.ch 13th September 2016 Modeling and Enforcing Access Control Obligations for SPARQL-DL queries
  30. 30. 13/09/2016 Page 30/27 Università della Svizzera italiana (USI) Citations E. Sirin and B. Parsia. SPARQL-DL: SPARQL Query for OWL-DL. Proceedings of the Third International Workshop on OWL: Experiences and Directions (OWLED '07) O. Sacco, A. Passant, and S. Decker: An access control framework for the web of data. In 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (2011) A. Masoumzadeh and J. Joshi: Ontology-based access control for social network systems. IJIPSI (2015) T. T. Nguyen, N. Fornara, and F.Marfia: Automatic policy enforcement on semantic social data. Multiagent and Grid Systems Journal (2015)

×