Context-Aware Access Control for RDF Graph Stores

S
Serena VillataReseacher at INRIA Sophia Antipolis
Context-Aware Access Control
   for RDF Graph Stores!



                                      SELECT … !
                                      WHERE {…}!


Luca	
  Costabello,	
  Serena	
  Villata,	
  Fabien	
  Gandon	
  
SPARQL	
  


       T	
  Berners-­‐Lee,	
  et	
  al.	
  On	
  Integra8on	
  Issues	
  of	
  Site-­‐Specific	
  APIs	
  into	
  the	
  Web	
  of	
  Data,	
  DERI	
  Tech.Rep.	
  2009	
  




2007                                          2009                                                                                                        2011
Background and SHI3LD Key Features!
     WAC [Berners-Lee], [Toninelli et al, ISWC-2006], !
     [Abel et al, ISWC-2007], [Finin et al.,SACMAT-2008], !
     [Flouris et al., FIS-2010], [Sacco and Passant, LDOW-2011]




      Semantic Web                                             Pluggable to
      languages only!                                          any RDF store!
       > No new Policy languages!                              > SPARQL 1.1!


      Granularity from                                        Mobile context in
      triples to whole graphs!                                the loop!
      > Named Graphs!                                         > Context Awareness!
                  [Carroll	
  et	
  al,	
  WWW2005]	
               [Schilit	
  and	
  Theimer,	
  94]	
  	
  
                                             RDF	
  1.1	
                                 [Dey,	
  01]	
  


                                                                                                            3	
  
How it Works – Initial Setup!

●  Named Graph Partitioning!




●  Access Policy Definition!
  !S4AC & PRISSMA Vocabularies!

                                  4	
  
SHI3LD Vocabularies!




                       5	
  
Example of Access Conditions!
ASK {?resource dcterms:creator ?provider .! ARE	
  YOU	
  A	
  FRIEND	
  OF	
  	
  
?provider rel:hasFriend ?consumer . }!      THE	
  DATA	
  PROVIDER	
  ?	
  


ASK {?resource dcterms:creator ?provider . ! ARE	
  YOU	
  A	
  COLLABORATOR	
  	
  
?provider rel:collaboratesWith ?consumer . }! THE	
  DATA	
  PROVIDER	
  ?	
  
                                             OF	
  


ASK {?resource dcterms:creator ?provider .! ARE	
  YOU	
  A	
  PARENT	
  OF	
  	
  
?provider rel:hasParent ?consumer . }!      THE	
  DATA	
  PROVIDER	
  ?	
  


 ASK{?resource dcterms:creator ?provider .!                  ARE	
  YOU	
  A	
  COLLEAGUE	
  OF	
  	
  
 ?provider rel:hasColleague ?consumer . }!                   THE	
  DATA	
  PROVIDER	
  ?	
  



                                                                                               6	
  
Example of Access Conditions!
ASK {?resource dcterms:creator ?provider .!              ARE	
  YOU	
  A	
  MEMBER	
  OF	
  	
  
     ?provider sioc:member_of ?group . !                 THE	
  SAME	
  GROUP	
  OF	
  	
  
     ?consumer sioc:member_of ?group . }!                THE	
  DATA	
  PROVIDER	
  ?	
  


ASK {?consumer a foaf:Person .!                                      ARE	
  YOU	
  JOHN	
  ?	
  
  ! FILTER(?consumer = <http://example#John>) }!                     IF	
  SO	
  

ASK {?consumer a foaf:Person .!                     ARE	
  YOU	
  JOHN	
  ?	
  
  ! FILTER(!(?consumer = <http://example#John>)) }! IF	
  SO	
  

                                                         DO	
  YOU	
  GET	
  A	
  NUMBER	
  	
  
ASK { FILTER(rand()>0.5) }!
                                                         BIGGER	
  THAN	
  0.5	
  ?	
  




                                                                                        7	
  
Example of Access Conditions!
ASK {?context a prissma:Context;!
              prissma:environment ?env.!
     ?env tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;!
   !      tl:duration "PT5H"^^xsd:duration.!
   ! ?env prissma:currentPOI ?poi.!
   ! ?poi prissma:poiLabel http://dbpedia.org/resource/Musee_du_Louvre. !
}!                                    ARE	
  YOU	
  LOCATED	
  IN	
  THE	
  LOUVRE	
  MUSEUM	
  	
  
ASK {?context a prissma:Context; !     AND	
  IS	
  IT	
  OCTOBER	
  26 ,	
  2012	
  AFTER	
  12	
  a.m.?	
  
                                                                                TH

   !          prissma:device ?dev;!
   !          prissma:user ?consumer;!
              prissma:environment ?env.!
     ?consumer a foaf:Person;!
               rel:employedBy <http://example#Bob>.!
     ?env prissma:currentPOI ?poi.!
   ! ?poi prissma:poiLabel <http://dbpedia.org/resource/Musee_du_Louvre>.!
     ?dev a prissma:Device;!            ARE	
  YOU	
  LOCATED	
  IN	
  THE	
  LOUVRE	
  MUSEUM,	
  	
  
          soft:deviceSoftware ?devsw.! ARE	
  YOU	
  EMPLOYED	
  BY	
  BOB,	
  AND	
  ARE	
  YOU	
  	
  
     ?devsw a soft:DeviceSoftware;!     USING	
  ANDROID?	
  
            soft:operatingSystem ?opsys.!
     ?opsys a soft:Operatingsystem;!
            common:name "Android".!
                                                                                                    8	
  
}!
Sample Access Policy!
                        Protected named graph




                            Conditions
                            to verify




                                         9	
  
How it Works!
1.  Query Contextualization ! !!



    INSERT DATA { !                SELECT … !
    GRAPH :ctx1{!

    [!    ,!   ,!        ]!
                    ,! , …!
                           +	
     WHERE {…}!

                                                :ctx1!
    }}!



                                                     10	
  
Example of User Context!
:sampleCtx a prissma:Context;!
   !prissma:user :sampleUsr; !
   !prissma:device :sampleDev;!
    prissma:environment :sampleEnv.!

:sampleUsr a prissma:User;!
    foaf:name "John Doe »;!
   !foaf:knows <http://example.org/people/alice/>.!

:sampleDev a prissma:device;!
   !soft:deviceSoftware [soft:operatingSystem[common:name "Android"]].!


:sampleEnv a prissma:Environment;!
    prissma:currentPOI [geo:lat "45.43463";!
       !  !   ! geo:lon "7.843435";!
       !  !   ! prissma:radius "500"];!
    tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;!



                                                                   11	
  
How it Works!
2.  Access Policy Evaluation!
  ASK {?context !
            a prissma:Context; !
            prissma:environment ?env.!
       ?env prissma:currentPOI ?poi. !
       ?poi prissma:radius "500";!
            foaf:based_near ?p. !
                                         =	
  
                                             "false"      	
  
       ?p geo:lat "43.615811";!
          geo:long "7.068532".} !
  BINDINGS ?context {(:ctx1)}!



                                                 12	
  
How it Works!
3.  Query Execution on !
   accessible Named Graphs!
                               :ng1 !   :ng2 !

             SELECT … !                 :ng3 !
             WHERE {…}!

             SELECT …!
             FROM :ng2,:ng3!
             WHERE {…}!
                                         13	
  
Response Time Evaluation!
RDF	
  store	
  and	
  SPARQL	
  1.1.	
  engine:	
  Corese-­‐KGRAM	
  with	
  Berlin	
  SPARQL	
  Benchmark	
  Dataset	
  3.1	
  



• Dataset size still predominant!



• Small fraction granted!
     Faster!



• More context updates, !
  More consumers!
     Slower!
                                                                                                                              14	
  
Future Work!

                                             Privacy!



           Context data                                            User-centered
         trustworthiness!                                           evaluation!

Luca	
  Costabello	
  |	
  Serena	
  Villata	
  	
  |	
  Fabien	
  Gandon	
  
@lukostaz !          !    @serena_villata @fabien_gandon!


tinyurl.com/shi3ld
1 of 15

Recommended

Search LIKE %SQL% - Mikhail Khludnev, EPAM by
Search LIKE %SQL% - Mikhail Khludnev, EPAMSearch LIKE %SQL% - Mikhail Khludnev, EPAM
Search LIKE %SQL% - Mikhail Khludnev, EPAMLucidworks
653 views72 slides
Real time data processing with spark & cassandra @ NoSQLMatters 2015 Paris by
Real time data processing with spark & cassandra @ NoSQLMatters 2015 ParisReal time data processing with spark & cassandra @ NoSQLMatters 2015 Paris
Real time data processing with spark & cassandra @ NoSQLMatters 2015 ParisDuyhai Doan
4.9K views49 slides
Juggling Chainsaws: Perl and MongoDB by
Juggling Chainsaws: Perl and MongoDBJuggling Chainsaws: Perl and MongoDB
Juggling Chainsaws: Perl and MongoDBDavid Golden
1.4K views119 slides
Yokohama Art Spot meets SPARQL by
Yokohama Art Spot meets SPARQLYokohama Art Spot meets SPARQL
Yokohama Art Spot meets SPARQLFuyuko Matsumura
3.6K views30 slides
IETF 90 Report – DNS, DHCP, IPv6 and DANE by
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEMen and Mice
1.1K views34 slides
Licenses Compatibility and Composition in the Web of Data by
Licenses Compatibility and Composition in the Web of DataLicenses Compatibility and Composition in the Web of Data
Licenses Compatibility and Composition in the Web of DataSerena Villata
2.8K views14 slides

More Related Content

Similar to Context-Aware Access Control for RDF Graph Stores

Linked Data Access Goes Mobile: Context Aware Authorization for Graph Stores by
Linked Data Access Goes Mobile: Context Aware Authorization for Graph StoresLinked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
Linked Data Access Goes Mobile: Context Aware Authorization for Graph StoresLuca Costabello
1.2K views9 slides
Evaluation of Web Processing Service Frameworks by
Evaluation of Web Processing Service FrameworksEvaluation of Web Processing Service Frameworks
Evaluation of Web Processing Service FrameworksEbrahim Poorazizi
703 views37 slides
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa... by
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...NoSQLmatters
1.7K views49 slides
Spark Summit EU talk by Debasish Das and Pramod Narasimha by
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit
1.1K views28 slides
Spark Summit EU talk by Debasish Das and Pramod Narasimha by
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit
618 views28 slides
Access Control for HTTP Operations on Linked Data by
Access Control for HTTP Operations on Linked DataAccess Control for HTTP Operations on Linked Data
Access Control for HTTP Operations on Linked DataLuca Costabello
1.8K views31 slides

Similar to Context-Aware Access Control for RDF Graph Stores(20)

Linked Data Access Goes Mobile: Context Aware Authorization for Graph Stores by Luca Costabello
Linked Data Access Goes Mobile: Context Aware Authorization for Graph StoresLinked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
Linked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
Luca Costabello1.2K views
Evaluation of Web Processing Service Frameworks by Ebrahim Poorazizi
Evaluation of Web Processing Service FrameworksEvaluation of Web Processing Service Frameworks
Evaluation of Web Processing Service Frameworks
Ebrahim Poorazizi703 views
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa... by NoSQLmatters
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...
NoSQLmatters1.7K views
Spark Summit EU talk by Debasish Das and Pramod Narasimha by Spark Summit
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit1.1K views
Spark Summit EU talk by Debasish Das and Pramod Narasimha by Spark Summit
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit618 views
Access Control for HTTP Operations on Linked Data by Luca Costabello
Access Control for HTTP Operations on Linked DataAccess Control for HTTP Operations on Linked Data
Access Control for HTTP Operations on Linked Data
Luca Costabello1.8K views
Cassandra Day SV 2014: Spark, Shark, and Apache Cassandra by DataStax Academy
Cassandra Day SV 2014: Spark, Shark, and Apache CassandraCassandra Day SV 2014: Spark, Shark, and Apache Cassandra
Cassandra Day SV 2014: Spark, Shark, and Apache Cassandra
DataStax Academy7K views
CliqueSquare processing by INRIA-OAK
CliqueSquare processingCliqueSquare processing
CliqueSquare processing
INRIA-OAK574 views
Finding knowledge, data and answers on the Semantic Web by ebiquity
Finding knowledge, data and answers on the Semantic WebFinding knowledge, data and answers on the Semantic Web
Finding knowledge, data and answers on the Semantic Web
ebiquity1.1K views
A DevOps Perspective: MongoDB & MMF by MapMyFitness
A DevOps Perspective: MongoDB & MMFA DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMF
MapMyFitness848 views
NASA SensorWeb Enterprise Services by Pat Cappelaere
NASA SensorWeb Enterprise ServicesNASA SensorWeb Enterprise Services
NASA SensorWeb Enterprise Services
Pat Cappelaere558 views
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi... by Databricks
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Databricks900 views
LODOP - Multi-Query Optimization for Linked Data Profiling Queries by Anja Jentzsch
LODOP - Multi-Query Optimization for Linked Data Profiling QueriesLODOP - Multi-Query Optimization for Linked Data Profiling Queries
LODOP - Multi-Query Optimization for Linked Data Profiling Queries
Anja Jentzsch892 views
RIPE 70 Report Webinar by Men and Mice
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
Men and Mice599 views
Spark after Dark by Chris Fregly of Databricks by Data Con LA
Spark after Dark by Chris Fregly of DatabricksSpark after Dark by Chris Fregly of Databricks
Spark after Dark by Chris Fregly of Databricks
Data Con LA4K views
Spark After Dark - LA Apache Spark Users Group - Feb 2015 by Chris Fregly
Spark After Dark - LA Apache Spark Users Group - Feb 2015Spark After Dark - LA Apache Spark Users Group - Feb 2015
Spark After Dark - LA Apache Spark Users Group - Feb 2015
Chris Fregly5.1K views
Sparkling Water 5 28-14 by Sri Ambati
Sparkling Water 5 28-14Sparkling Water 5 28-14
Sparkling Water 5 28-14
Sri Ambati6.4K views
Polyglot Graph Databases using OCL as pivot by Graph-TA
Polyglot Graph Databases using OCL as pivotPolyglot Graph Databases using OCL as pivot
Polyglot Graph Databases using OCL as pivot
Graph-TA 517 views

Context-Aware Access Control for RDF Graph Stores

  • 1. Context-Aware Access Control for RDF Graph Stores! SELECT … ! WHERE {…}! Luca  Costabello,  Serena  Villata,  Fabien  Gandon  
  • 2. SPARQL   T  Berners-­‐Lee,  et  al.  On  Integra8on  Issues  of  Site-­‐Specific  APIs  into  the  Web  of  Data,  DERI  Tech.Rep.  2009   2007 2009 2011
  • 3. Background and SHI3LD Key Features! WAC [Berners-Lee], [Toninelli et al, ISWC-2006], ! [Abel et al, ISWC-2007], [Finin et al.,SACMAT-2008], ! [Flouris et al., FIS-2010], [Sacco and Passant, LDOW-2011]
 Semantic Web Pluggable to languages only! any RDF store! > No new Policy languages! > SPARQL 1.1! Granularity from Mobile context in triples to whole graphs! the loop! > Named Graphs! > Context Awareness! [Carroll  et  al,  WWW2005]   [Schilit  and  Theimer,  94]     RDF  1.1   [Dey,  01]   3  
  • 4. How it Works – Initial Setup! ●  Named Graph Partitioning! ●  Access Policy Definition! !S4AC & PRISSMA Vocabularies! 4  
  • 6. Example of Access Conditions! ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  FRIEND  OF     ?provider rel:hasFriend ?consumer . }! THE  DATA  PROVIDER  ?   ASK {?resource dcterms:creator ?provider . ! ARE  YOU  A  COLLABORATOR     ?provider rel:collaboratesWith ?consumer . }! THE  DATA  PROVIDER  ?   OF   ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  PARENT  OF     ?provider rel:hasParent ?consumer . }! THE  DATA  PROVIDER  ?   ASK{?resource dcterms:creator ?provider .! ARE  YOU  A  COLLEAGUE  OF     ?provider rel:hasColleague ?consumer . }! THE  DATA  PROVIDER  ?   6  
  • 7. Example of Access Conditions! ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  MEMBER  OF     ?provider sioc:member_of ?group . ! THE  SAME  GROUP  OF     ?consumer sioc:member_of ?group . }! THE  DATA  PROVIDER  ?   ASK {?consumer a foaf:Person .! ARE  YOU  JOHN  ?   ! FILTER(?consumer = <http://example#John>) }! IF  SO   ASK {?consumer a foaf:Person .! ARE  YOU  JOHN  ?   ! FILTER(!(?consumer = <http://example#John>)) }! IF  SO   DO  YOU  GET  A  NUMBER     ASK { FILTER(rand()>0.5) }! BIGGER  THAN  0.5  ?   7  
  • 8. Example of Access Conditions! ASK {?context a prissma:Context;! prissma:environment ?env.! ?env tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;! ! tl:duration "PT5H"^^xsd:duration.! ! ?env prissma:currentPOI ?poi.! ! ?poi prissma:poiLabel http://dbpedia.org/resource/Musee_du_Louvre. ! }! ARE  YOU  LOCATED  IN  THE  LOUVRE  MUSEUM     ASK {?context a prissma:Context; ! AND  IS  IT  OCTOBER  26 ,  2012  AFTER  12  a.m.?   TH ! prissma:device ?dev;! ! prissma:user ?consumer;! prissma:environment ?env.! ?consumer a foaf:Person;! rel:employedBy <http://example#Bob>.! ?env prissma:currentPOI ?poi.! ! ?poi prissma:poiLabel <http://dbpedia.org/resource/Musee_du_Louvre>.! ?dev a prissma:Device;! ARE  YOU  LOCATED  IN  THE  LOUVRE  MUSEUM,     soft:deviceSoftware ?devsw.! ARE  YOU  EMPLOYED  BY  BOB,  AND  ARE  YOU     ?devsw a soft:DeviceSoftware;! USING  ANDROID?   soft:operatingSystem ?opsys.! ?opsys a soft:Operatingsystem;! common:name "Android".! 8   }!
  • 9. Sample Access Policy! Protected named graph Conditions to verify 9  
  • 10. How it Works! 1.  Query Contextualization ! !! INSERT DATA { ! SELECT … ! GRAPH :ctx1{! [! ,! ,! ]! ,! , …! +   WHERE {…}! :ctx1! }}! 10  
  • 11. Example of User Context! :sampleCtx a prissma:Context;! !prissma:user :sampleUsr; ! !prissma:device :sampleDev;! prissma:environment :sampleEnv.! :sampleUsr a prissma:User;! foaf:name "John Doe »;! !foaf:knows <http://example.org/people/alice/>.! :sampleDev a prissma:device;! !soft:deviceSoftware [soft:operatingSystem[common:name "Android"]].! :sampleEnv a prissma:Environment;! prissma:currentPOI [geo:lat "45.43463";! ! ! ! geo:lon "7.843435";! ! ! ! prissma:radius "500"];! tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;! 11  
  • 12. How it Works! 2.  Access Policy Evaluation! ASK {?context ! a prissma:Context; ! prissma:environment ?env.! ?env prissma:currentPOI ?poi. ! ?poi prissma:radius "500";! foaf:based_near ?p. ! =   "false"   ?p geo:lat "43.615811";! geo:long "7.068532".} ! BINDINGS ?context {(:ctx1)}! 12  
  • 13. How it Works! 3.  Query Execution on ! accessible Named Graphs! :ng1 ! :ng2 ! SELECT … ! :ng3 ! WHERE {…}! SELECT …! FROM :ng2,:ng3! WHERE {…}! 13  
  • 14. Response Time Evaluation! RDF  store  and  SPARQL  1.1.  engine:  Corese-­‐KGRAM  with  Berlin  SPARQL  Benchmark  Dataset  3.1   • Dataset size still predominant! • Small fraction granted!  Faster! • More context updates, ! More consumers!  Slower! 14  
  • 15. Future Work! Privacy! Context data User-centered trustworthiness! evaluation! Luca  Costabello  |  Serena  Villata    |  Fabien  Gandon   @lukostaz ! ! @serena_villata @fabien_gandon! tinyurl.com/shi3ld