Collection of general data mining briefings

1
Building Trustworthy Semantic Webs Lecture 6
RDF and RDF Security
Dr. Bhavani Thuraisingham
September 2006

2
Objective of the Unit

• This unit will provide an overview of RDF and
  then discuss some security issues

3
Outline of the Unit

• Why RDF?
• What is RDF?
• RDF Specifications
• RDF Schema (RFDS)
• RDF Axiomatic Semantics and Inferencing
• RQL
• Policies in RDF
• Summary and Directions

4
Why RDF?

• XML cannot be used to specify semantics
• Example
• Professor is a subclass of Academic Staff
• Professor inherits all properties of Academic
  Staff
• RDF was specified so that the inadequacies of XML
  could be handled
• RDF uses XML Syntax
• Additional constructs are needed for RDF

5
RDF

• Resource Description Framework is the essence of
  the semantic web
• Adds semantics with the use of ontologies, XML
  syntax
• RDF Concepts
• Basic Model
• Resources, Properties and Statements
• Container Model
• Bag, Sequence and Alternative

6
RDF Basics

• Resource Everything is a resource
• Person, Vehicle, etc.
• Property properties describe relationships
  between resources
• E.g., Invented
• Statement (Object, Property, Value) Triple
• Berners Lee invented the Semantic Web

7
RDF Container Model

• Bag Unordered container, may contain multiple
  occurrences
• Rdf Bag
• Seq Ordered container, may contain multiple
  occurrences
• Rdf Seq
• Alt a set of alternatives
• Rdf Alt

8
RDF Specification
ltrdf RDF xmlns rdf http//w3c.org/1999/
02-22-rdf-syntax-ns xmlns xsd http//
- - - xmlns uni http// - - - - ltrdf
Description rdf about 949352 ltuni name
Berners Leelt/uninamegt ltuni titlegt
Professor lt unititlegt lt/rdf Descriptiongt ltrdf
Description rdf about ZZZ lt uni booknamegt
semantic web ltunibooknamegt lt uni authoredby
Berners Lee ltuniauthoredbygt lt/rdf
Descriptiongt lt/rdf RDFgt
9
RDF Specification

• RDF specifications have been given for
  Attributes, Types Nesting, Containers, etc.
• How can security policies be included in the
  specification
• Example consider the statement Berners Les is
  the Author of the book Semantic Web
• Do we allow access to the connection between
  author and book? Do we allow access to the
  connection but not to the author name and book
  name?

10
RDF Policy Specification
ltrdf RDF xmlns rdf http//w3c.org/1999/
02-22-rdf-syntax-ns xmlns xsd http//
- - - xmlns uni http// - - - - ltrdf
Description rdf about 949352 ltuni name
Berners Leelt/uninamegt ltuni titlegt
Professor lt unititlegt Level L1 lt/rdf
Descriptiongt ltrdf Description rdf about
ZZZ lt uni booknamegt semantic web
ltunibooknamegt lt uni authoredby Berners Lee
ltuniauthoredbygt Level L2 lt/rdf
Descriptiongt lt/rdf RDFgt
11
RDF Schema

• Need RDF Schema to specify statements such as
  professor is a subclass of academic staff
• ltrdfs Class rdf ID professor
• ltrdfs commentgt
• The class of Professors
• All professors are Academic Staff Members.
• ltrdfs commentgt
• ltrdfs subClassof rdf resource
  academicStaffMember/gt
• ltrdfs Classgt

12
RDF Schema Security Policies

• How can security policies be specified?
• ltrdfs Class rdf ID professor
• ltrdfs commentgt
• The class of Professors
• All professors are Academic Staff Members.
• ltrdfs commentgt
• ltrdfs subClassof rdf resource
  academicStaffMember/gt
• Level L
• ltrdfs Classgt

13
RDF Axiomatic Semantics

• First order logic to specify formulas and
  inferencing
• Built in functions (First) and predicates (Type)
• Modus Ponens
• From A and If A then B, deduce B
• Example All containers are Resources
• Type(?C, Container) ? Type(?c, Resource)
• If we have Type(A, Container) then we can infer
  (Type A, Resource)

14
RDF Inferencing

• While first order logic provides a proof system,
  it will be computationally infeasible
• As a result horn clause logic was developed for
  logic programming this is still computationally
  expensive
• RDF uses If then Rules
• IF E contains the triples (?u, rdfs subClassof,
  ?v)
• and (?v, rdfs subClassof ?w)
• THEN
• E also contains the triple (?u, rdfs subClassOf,
  ?w)
• That is, if u is a subclass of v, and v is a
  subclass of w, then u is a subclass of w

15
RDF Query

• One can query RDF using XML, but this will be
  very difficult as RDF is much richer than XML
• Is there an analogy between say XQuery and a
  query language for RDF?
• RQL an SQL-like language has been developed for
  RDF
• Select from RDF document where some condition

16
Policies in RDF

• How can policies be specified?
• Should policies be specified as shown in the
  examples, extensions to RDF syntax?
• Should policies be specified as RDF documents?
• Is there an analogy to XPath expressions for RDF
  policies?
• ltpolicy-spec cred-expr //Professordepartment
  CS target annual_ report.xml
  path //Patent_at_Dept CS//Node() priv
  VIEW/gt

17
Example Policies

• Temporal Access Control
• After 1/1/05, only doctors have access to medical
  records
• Role-based Access Control
• Manager has access to salary information
• Project leader has access to project budgets, but
  he does not have access to salary information
• What happens is the manager is also the project
  leader?
• Positive and Negative Authorizations
• John has write access to EMP
• John does not have read access to DEPT
• John does not have write access to Salary
  attribute in EMP
• How are conflicts resolved?

18
Privacy Policies

• Privacy constraints processing
• Simple Constraint an attribute of a document is
  private
• Content-based constraint If document contains
  information about X, then it is private
• Association-based Constraint Two or more
  documents taken together is private individually
  each document is public
• Release constraint After X is released Y becomes
  private
• Augment a database system with a privacy
  controller for constraint processing

19
Access Control Strategy

• Subjects request access to RDF documents under
  two modes Browsing and authoring
• With browsing access subject can read/navigate
  documents
• Authoring access is needed to modify, delete,
  append documents
• Access control module checks the policy based and
  applies policy specs
• Views of the document are created based on
  credentials and policy specs
• In case of conflict, least access privilege rule
  is enforced
• Works for Push/Pull modes
• Query Modification?

20
System Architecture for Access Control
User
Pull/Query
Push/result
RDF- Access
RDF-Admin
Admin Tools
Credential base
Policy base
RDF Documents
21
Can Thirs Party Architecture wotk for RDF
Documenrtfs?

• The Owner is the producer of information It
  specifies access control policies
• The Publisher is responsible for managing (a
  portion of) the Owner information and answering
  subject queries
• Goal Untrusted Publisher with respect to
  Authenticity and Completeness checking

XML Source
policy base
Credential base
SE-RDF?
Owner
Publisher
Reply document
credentials
Query
User/Subject
22
RDF Databases

• Data is presented as RDF documents
• Query language RQL
• Query optimization
• Managing transactions on RDF documents
• Metadata management RDF Schemas?
• Access methods and index strategies
• RDF security and integrity management

23
Inference/Privacy Control
Interface to the Semantic Web
Technology By UTD
Inference Engine/ Rules Processor
Policies Ontologies Rules
RDF Documents Web Pages, Databases
RDF Database
24
Summary and Directions

• RDF is beginning to be used
• Very little work on RDF security
• How can we specify the policies discussed in this
  unit in RDF?
• How can query modification be carried out for RDF
  documents?
• Design access control for RDF databases