1 / 34

Dr. Bhavani Thuraisingham

Building Trustworthy Semantic Webs Lecture #9: RDF and RDF Security. Dr. Bhavani Thuraisingham. September 24, 2008. Objective of the Unit. This unit will provide an overview of RDF and then discuss some security issues. Outline of the Unit. Why RDF? What is RDF? RDF Specifications

jethro
Télécharger la présentation

Dr. Bhavani Thuraisingham

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building Trustworthy Semantic Webs Lecture #9: RDF and RDF Security Dr. Bhavani Thuraisingham September 24, 2008

  2. Objective of the Unit • This unit will provide an overview of RDF and then discuss some security issues

  3. Outline of the Unit • Why RDF? • What is RDF? • RDF Specifications • RDF Schema (RFDS) • RDF Axiomatic Semantics and Inferencing • RQL • Policies in RDF • Summary and Directions • Examples throughout the lecture

  4. Why RDF? • XML cannot be used to specify semantics • Example: • Professor is a subclass of Academic Staff • Professor inherits all properties of Academic Staff • RDF was specified so that the inadequacies of XML could be handled • RDF uses XML Syntax • Additional constructs are needed for RDF

  5. RDF • Resource Description Framework is the essence of the semantic web • Adds semantics with the use of ontologies, XML syntax • RDF Concepts • Basic Model • Resources, Properties and Statements • Container Model • Bag, Sequence and Alternative

  6. RDF Basics • Resource: Everything is a resource • Person, Vehicle, etc. • Property: properties describe relationships between resources • E.g., Invented • Statement: (Object, Property, Value) Triple • Berners Lee invented the Semantic Web

  7. RDF Specification <rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - - <rdf: Description: rdf: about = “949352” <uni: name = Berners Lee</uni:name> <uni: title> Professor < uni:title> </rdf: Description> <rdf: Description rdf: about: “ZZZ” < uni: bookname> semantic web <uni:bookname> < uni: authoredby: Berners Lee <uni:authoredby> </rdf: Description> </rdf: RDF>

  8. Example • The following example illustrates a part of an RDF document describing books: Building_Trustworthy_Semantic_Webs and Managing_and_Mining_Multimedia_Databases. They belong to Class ‘Book’ and have properties: author, publisher, year and ISBN. • <?xml version="1.0"?> • <rdf:RDF • xmlns:book="http://www.example.com/book#" • xmlns:owl="http://www.w3.org/2002/07/owl#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" • xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"> • <book:Book rdf:ID="Building_Trustworthy_Semantic_Webs"> • <book:author>Bhavani Thuraisingham</book:author> • <book:publisher>Auerbach Publications</book:publisher> • <book:year>2007</book:year>

  9. Example • <book:ISBN>0849350808</book:ISBN> • </book:Book> • <book:Book rdf:ID="Managing_and_Mining_Multimedia_Databases"> • <book:author>Bhavani Thuraisingham</book:author> • <book:publisher>CRC Press</book:publisher> • <book:year>2001</book:year> • <book:ISBN>0849300371</book:ISBN> • </book:Book> • </rdf:RDF>

  10. RDF Schema • Need RDF Schema to specify statements such as professor is a subclass of academic staff <rdfs: Class rdf: ID = “professor” <rdfs: comment> The class of Professors All professors are Academic Staff Members. <rdfs: comment> <rdfs: subClassof rdf: resource = “academicStaffMember”/> <rdfs: Class>

  11. Example • <The RDF schema for the above RDF document is as follows: • <?xml version="1.0"?> • <rdf:RDF xmlns:owl="http://www.w3.org/2002/07/owl#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" • xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" • xmlns:wsp="http://www.w3.org/2004/08/20-ws-pol-pos/ns#"> • <rdfs:Class rdf:ID="Book"> • <rdfs:comment>Book Class</rdfs:comment> • <rdfs:subClassOf rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Resource"/> • </rdfs:Class>

  12. Example • <rdf:Property rdf:ID="author"> • <rdfs:Comment>Author of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property> • <rdf:Property rdf:ID="publisher"> • <rdfs:Comment>Publisher of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property>

  13. Example • <rdf:Property rdf:ID="year"> • <rdfs:Comment>Year of first publication of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property> • <rdf:Property rdf:ID="ISBN"> • <rdfs:Comment>ISBN of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property> • </rdf:RDF>

  14. RDF Container Model • Bag: Unordered container, may contain multiple occurrences • Rdf: Bag • Seq: Ordered container, may contain multiple occurrences • Rdf: Seq • Alt: a set of alternatives • Rdf: Alt

  15. RDF and Security • RDF specifications have been given for Attributes, Types Nesting, Containers, etc. • How can security policies be included in the specification • Example: consider the statement “Berners Les is the Author of the book Semantic Web” • Do we allow access to the connection between author and book? Do we allow access to the connection but not to the author name and book name?

  16. RDF Policy Specification <rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - - <rdf: Description: rdf: about = “949352” <uni: name = Berners Lee</uni:name> <uni: title> Professor < uni:title> Level = L1 </rdf: Description> <rdf: Description rdf: about: “ZZZ” < uni: bookname> semantic web <uni:bookname> < uni: authoredby: Berners Lee <uni:authoredby> Level = L2 </rdf: Description> </rdf: RDF>

  17. Policy Specification • The examples we have discussed earlier show how certain policies may be specified for RDF documents. A more detailed example is given below. • <?xml version="1.0"?> • <rdf:RDF • xmlns:book="http://www.example.com/book#" • xmlns:owl="http://www.w3.org/2002/07/owl#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" • xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"> • <book:Book rdf:ID="Building_Trustworthy_Semantic_Webs"> • <book:author>Bhavani Thuraisingham</book:author> • Level = Secret • <book:publisher>Auerbach Publications</book:publisher> • Level = Confidential

  18. Policy Specification • <book:year>2007</book:year> • Level = Unclassified • <book:ISBN>0849350808</book:ISBN> • Level = Confidential • </book:Book> • <book:Book rdf:ID="Managing_and_Mining_Multimedia_Databases"> • Level = Confidential • <book:author>Bhavani Thuraisingham</book:author> • Level = Secret • <book:publisher>CRC Press</book:publisher> • Level = Unclassified

  19. Policy Specification • <book:year>2001</book:year> • Level = Unclassified • <book:ISBN>0849300371</book:ISBN> • Level = Unclassified • </book:Book> • </rdf:RDF>

  20. RDF Schema: Security Policies • How can security policies be specified? <rdfs: Class rdf: ID = “professor” <rdfs: comment> The class of Professors All professors are Academic Staff Members. <rdfs: comment> <rdfs: subClassof rdf: resource = “academicStaffMember”/> Level = L <rdfs: Class>

  21. RDF Axiomatic Semantics • First order logic to specify formulas and inferencing • Built in functions (First) and predicates (Type) • Modus Ponens • From A and If A then B, deduce B • Example: All containers are Resources • Type(?C, Container)  Type(?c, Resource) • If we have Type(A, Container) then we can infer (Type A, Resource)

  22. RDF Inferencing • While first order logic provides a proof system, it will be computationally infeasible • As a result horn clause logic was developed for logic programming; this is still computationally expensive • RDF uses If then Rules • IF E contains the triples (?u, rdfs: subClassof, ?v) and (?v, rdfs: subClassof ?w) THEN E also contains the triple (?u, rdfs: subClassOf, ?w) That is, if u is a subclass of v, and v is a subclass of w, then u is a subclass of w

  23. RDF Query • One can query RDF using XML, but this will be very difficult as RDF is much richer than XML • Is there an analogy between say XQuery and a query language for RDF? • RQL – an SQL-like language has been developed for RDF • Select from “RDF document” where some “condition”

  24. Policies in RDF • How can policies be specified? • Should policies be specified as shown in the examples, extensions to RDF syntax? • Should policies be specified as RDF documents? • Is there an analogy to XPath expressions for RDF policies? • <policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report.xml” path = “//Patent[@Dept = ‘CS’]//Node()” priv = “VIEW”/>

  25. Example Policies • Temporal Access Control • After 1/1/05, only doctors have access to medical records • Role-based Access Control • Manager has access to salary information • Project leader has access to project budgets, but he does not have access to salary information • What happens is the manager is also the project leader? • Positive and Negative Authorizations • John has write access to EMP • John does not have read access to DEPT • John does not have write access to Salary attribute in EMP • How are conflicts resolved?

  26. Privacy Policies • Privacy constraints processing • Simple Constraint: an attribute of a document is private • Content-based constraint: If document contains information about X, then it is private • Association-based Constraint: Two or more documents taken together is private; individually each document is public • Release constraint: After X is released Y becomes private • Augment a database system with a privacy controller for constraint processing

  27. Policies,in RDF • Now, in previous examples, we have specified policies for RDF documents. Now, can we use RDF to specify policies? That is, how can RDF be used to specify the following policy? • “Only those attending a class from a professor has read access to the lecture notes of the professor” • Below we specify this policy in RDF. • </rdf:RDF> • xmlns:uni=http://www.w3.org/2002/07/universityonto# • xmlns:policy="http://www.example.com/policyonto#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> • <uni:LectureNotes rdf:ID="Data_Quality.doc"> • <uni:Author>Bhavani Thuraisingham</uni:author> • <policy:AccessBy rdf:resource=http://localhost/bhavani/cs609/> • </rdf:RDF>

  28. Policies in RDF • <rdf:RDF • xmlns:uni=http://www.w3.org/2002/07/universityonto# • xmlns:policy="http://www.example.com/policyonto#" • xmlns:rdf=http://www.w3.org/1999/02/22-rdf-syntax-ns#> • <uni:Class rdf:ID="cs609"> • <uni:taughtyBy>Bhavani Thuraisingham</book:author> • </rdf:RDF>

  29. Access Control Strategy • Subjects request access to RDF documents under two modes: Browsing and authoring • With browsing access subject can read/navigate documents • Authoring access is needed to modify, delete, append documents • Access control module checks the policy based and applies policy specs • Views of the document are created based on credentials and policy specs • In case of conflict, least access privilege rule is enforced • Works for Push/Pull modes • Query Modification?

  30. System Architecture for Access Control User Pull/Query Push/result RDF- Access RDF-Admin Admin Tools Credential base Policy base RDF Documents

  31. RDF Databases • Data is presented as RDF documents • Query language: RQL • Query optimization • Managing transactions on RDF documents • Metadata management: RDF Schemas? • Access methods and index strategies • RDF security and integrity management

  32. RDF Databases • select Book, NumInStock • from {Book} book:authoredBy {Author} • . book:Stock {NumInStock} • Where Author Like “Bhavani*” • using namespace • book = http://www.example.com/book# • The requestor does not have access to the number of book copies in the stock. Therefore, new modified Query: • select Book • from {Book} book:authoredBy {Author} • Where Author Like “Bhavani*” • using namespace • book = http://www.example.com/book#

  33. Inference/Privacy Control Interface to the Semantic Web Technology By UTD Inference Engine/ Rules Processor Policies Ontologies Rules RDF Documents Web Pages, Databases RDF Database

  34. Summary and Directions • RDF is beginning to be used • Very little work on RDF security • How can we specify the policies discussed in this unit in RDF? • How can query modification be carried out for RDF documents? • Design access control for RDF databases

More Related