Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Dr. Bhavani Thuraisingham PowerPoint Presentation
Download Presentation
Dr. Bhavani Thuraisingham

Dr. Bhavani Thuraisingham

125 Vues Download Presentation
Télécharger la présentation

Dr. Bhavani Thuraisingham

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Building Trustworthy Semantic Webs RDF and RDF Security Dr. Bhavani Thuraisingham February 18, 2011

  2. Objective of the Unit • This unit will provide an overview of RDF and then discuss some security issues

  3. Outline of the Unit • Why RDF? • What is RDF? • RDF Specifications • RDF Schema (RFDS) • RDF Security • Policies in RDF • RDF Axiomatic Semantics and Inferencing • RDF Database • SPARQL • FOAF • Summary and Directions • Examples throughout the lecture

  4. Why RDF? • XML cannot be used to specify semantics • Example: • Professor is a subclass of Academic Staff • Professor inherits all properties of Academic Staff • RDF was specified so that the inadequacies of XML could be handled • RDF uses XML Syntax • Additional constructs are needed for RDF

  5. RDF • Resource Description Framework is the essence of the semantic web • Adds semantics with the use of ontologies, XML syntax • RDF Concepts • Basic Model • Resources, Properties and Statements • Container Model • Bag, Sequence and Alternative

  6. RDF Basics • Resource: Everything is a resource • Person, Vehicle, etc. • Property: properties describe relationships between resources • E.g., Invented • Statement: (Object, Property, Value) Triple • Berners Lee invented the Semantic Web

  7. RDF Specification <rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - - <rdf: Description: rdf: about = “949352” <uni: name = Berners Lee</uni:name> <uni: title> Professor < uni:title> </rdf: Description> <rdf: Description rdf: about: “ZZZ” < uni: bookname> semantic web <uni:bookname> < uni: authoredby: Berners Lee <uni:authoredby> </rdf: Description> </rdf: RDF>

  8. Example • The following example illustrates a part of an RDF document describing books: Building_Trustworthy_Semantic_Webs and Managing_and_Mining_Multimedia_Databases. They belong to Class ‘Book’ and have properties: author, publisher, year and ISBN. • <?xml version="1.0"?> • <rdf:RDF • xmlns:book="http://www.example.com/book#" • xmlns:owl="http://www.w3.org/2002/07/owl#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" • xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"> • <book:Book rdf:ID="Building_Trustworthy_Semantic_Webs"> • <book:author>Bhavani Thuraisingham</book:author> • <book:publisher>Auerbach Publications</book:publisher> • <book:year>2007</book:year>

  9. Example • <book:ISBN>0849350808</book:ISBN> • </book:Book> • <book:Book rdf:ID="Managing_and_Mining_Multimedia_Databases"> • <book:author>Bhavani Thuraisingham</book:author> • <book:publisher>CRC Press</book:publisher> • <book:year>2001</book:year> • <book:ISBN>0849300371</book:ISBN> • </book:Book> • </rdf:RDF>

  10. RDF Schema • Need RDF Schema to specify statements such as professor is a subclass of academic staff <rdfs: Class rdf: ID = “professor” <rdfs: comment> The class of Professors All professors are Academic Staff Members. <rdfs: comment> <rdfs: subClassof rdf: resource = “academicStaffMember”/> <rdfs: Class>

  11. Example • <The RDF schema for the above RDF document is as follows: • <?xml version="1.0"?> • <rdf:RDF xmlns:owl="http://www.w3.org/2002/07/owl#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" • xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" • xmlns:wsp="http://www.w3.org/2004/08/20-ws-pol-pos/ns#"> • <rdfs:Class rdf:ID="Book"> • <rdfs:comment>Book Class</rdfs:comment> • <rdfs:subClassOf rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Resource"/> • </rdfs:Class>

  12. Example • <rdf:Property rdf:ID="author"> • <rdfs:Comment>Author of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property> • <rdf:Property rdf:ID="publisher"> • <rdfs:Comment>Publisher of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property>

  13. Example • <rdf:Property rdf:ID="year"> • <rdfs:Comment>Year of first publication of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property> • <rdf:Property rdf:ID="ISBN"> • <rdfs:Comment>ISBN of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property> • </rdf:RDF>

  14. RDF Container Model • Bag: Unordered container, may contain multiple occurrences • Rdf: Bag • Seq: Ordered container, may contain multiple occurrences • Rdf: Seq • Alt: a set of alternatives • Rdf: Alt

  15. RDF and Security • RDF specifications have been given for Attributes, Types Nesting, Containers, etc. • How can security policies be included in the specification • Example: consider the statement “Berners Les is the Author of the book Semantic Web” • Do we allow access to the connection between author and book? Do we allow access to the connection but not to the author name and book name?

  16. RDF Policy Specification <rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - - <rdf: Description: rdf: about = “949352” <uni: name = Berners Lee</uni:name> <uni: title> Professor < uni:title> Level = L1 </rdf: Description> <rdf: Description rdf: about: “ZZZ” < uni: bookname> semantic web <uni:bookname> < uni: authoredby: Berners Lee <uni:authoredby> Level = L2 </rdf: Description> </rdf: RDF>

  17. Policy Specification • The examples we have discussed earlier show how certain policies may be specified for RDF documents. A more detailed example is given below. • <?xml version="1.0"?> • <rdf:RDF • xmlns:book="http://www.example.com/book#" • xmlns:owl="http://www.w3.org/2002/07/owl#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" • xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"> • <book:Book rdf:ID="Building_Trustworthy_Semantic_Webs"> • <book:author>Bhavani Thuraisingham</book:author> • Level = Secret • <book:publisher>Auerbach Publications</book:publisher> • Level = Confidential

  18. Policy Specification • <book:year>2007</book:year> • Level = Unclassified • <book:ISBN>0849350808</book:ISBN> • Level = Confidential • </book:Book> • <book:Book rdf:ID="Managing_and_Mining_Multimedia_Databases"> • Level = Confidential • <book:author>Bhavani Thuraisingham</book:author> • Level = Secret • <book:publisher>CRC Press</book:publisher> • Level = Unclassified

  19. Policy Specification • <book:year>2001</book:year> • Level = Unclassified • <book:ISBN>0849300371</book:ISBN> • Level = Unclassified • </book:Book> • </rdf:RDF>

  20. RDF Schema: Security Policies • How can security policies be specified? <rdfs: Class rdf: ID = “professor” <rdfs: comment> The class of Professors All professors are Academic Staff Members. <rdfs: comment> <rdfs: subClassof rdf: resource = “academicStaffMember”/> Level = L <rdfs: Class>

  21. RDF Axiomatic Semantics • First order logic to specify formulas and inferencing • Built in functions (First) and predicates (Type) • Modus Ponens • From A and If A then B, deduce B • Example: All containers are Resources • Type(?C, Container)  Type(?c, Resource) • If we have Type(A, Container) then we can infer (Type A, Resource)

  22. RDF Inferencing • While first order logic provides a proof system, it will be computationally infeasible • As a result horn clause logic was developed for logic programming; this is still computationally expensive • RDF uses If then Rules • IF E contains the triples (?u, rdfs: subClassof, ?v) and (?v, rdfs: subClassof ?w) THEN E also contains the triple (?u, rdfs: subClassOf, ?w) That is, if u is a subclass of v, and v is a subclass of w, then u is a subclass of w

  23. Policies in RDF • How can policies be specified? • Should policies be specified as shown in the examples, extensions to RDF syntax? • Should policies be specified as RDF documents? • Is there an analogy to XPath expressions for RDF policies? • <policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report.xml” path = “//Patent[@Dept = ‘CS’]//Node()” priv = “VIEW”/> • Can reification be used to specify policies?

  24. Example Policies • Temporal Access Control • After 1/1/05, only doctors have access to medical records • Role-based Access Control • Manager has access to salary information • Project leader has access to project budgets, but he does not have access to salary information • What happens is the manager is also the project leader? • Positive and Negative Authorizations • John has write access to EMP • John does not have read access to DEPT • John does not have write access to Salary attribute in EMP • How are conflicts resolved?

  25. Privacy Policies • Privacy constraints processing • Simple Constraint: an attribute of a document is private • Content-based constraint: If document contains information about X, then it is private • Association-based Constraint: Two or more documents taken together is private; individually each document is public • Release constraint: After X is released Y becomes private • Augment a database system with a privacy controller for constraint processing

  26. Policies,in RDF • Now, in previous examples, we have specified policies for RDF documents. Now, can we use RDF to specify policies? That is, how can RDF be used to specify the following policy? • “Only those attending a class from a professor has read access to the lecture notes of the professor” • Below we specify this policy in RDF. • </rdf:RDF> • xmlns:uni=http://www.w3.org/2002/07/universityonto# • xmlns:policy="http://www.example.com/policyonto#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> • <uni:LectureNotes rdf:ID="Data_Quality.doc"> • <uni:Author>Bhavani Thuraisingham</uni:author> • <policy:AccessBy rdf:resource=http://localhost/bhavani/cs609/> • </rdf:RDF>

  27. Policies in RDF • <rdf:RDF • xmlns:uni=http://www.w3.org/2002/07/universityonto# • xmlns:policy="http://www.example.com/policyonto#" • xmlns:rdf=http://www.w3.org/1999/02/22-rdf-syntax-ns#> • <uni:Class rdf:ID="cs609"> • <uni:taughtyBy>Bhavani Thuraisingham</book:author> • </rdf:RDF>

  28. Access Control Strategy • Subjects request access to RDF documents under two modes: Browsing and authoring • With browsing access subject can read/navigate documents • Authoring access is needed to modify, delete, append documents • Access control module checks the policy based and applies policy specs • Views of the document are created based on credentials and policy specs • In case of conflict, least access privilege rule is enforced • Works for Push/Pull modes • Query Modification?

  29. System Architecture for Access Control User Pull/Query Push/result RDF- Access RDF-Admin Admin Tools Credential base Policy base RDF Documents

  30. RDF Databases • Data is presented as RDF documents • Query language: RQL, SPARQL • Query optimization • Managing transactions on RDF documents • Metadata management: RDF Schemas? • Access methods and index strategies • RDF security and integrity management

  31. RDF Query • One can query RDF using XML, but this will be very difficult as RDF is much richer than XML • Is there an analogy between say XQuery and a query language for RDF? • RQL – an SQL-like language has been developed for RDF • Select from “RDF document” where some “condition” • SPARQL is the current query language for RDF

  32. SPARQL • RDF is a directed, labeled graph data format for representing information in the Web. • SARQL specification defines the syntax and semantics of the SPARQL query language for RDF. • SPARQL can be used to express queries across diverse data sources, whether the data is stored natively as RDF or viewed as RDF via middleware. • SPARQL contains capabilities for querying required and optional graph patterns along with their conjunctions and disjunctions. • SPARQL also supports extensible value testing and constraining queries by source RDF graph. • The results of SPARQL queries can be results sets or RDF graphs. • http://www.w3.org/TR/rdf-sparql-query/

  33. RDF Databases • select Book, NumInStock • from {Book} book:authoredBy {Author} • . book:Stock {NumInStock} • Where Author Like “Bhavani*” • using namespace • book = http://www.example.com/book# • The requestor does not have access to the number of book copies in the stock. Therefore, new modified Query: • select Book • from {Book} book:authoredBy {Author} • Where Author Like “Bhavani*” • using namespace • book = http://www.example.com/book#

  34. Inference/Privacy Control Interface to the Semantic Web Technology By UTD Inference Engine/ Rules Processor Policies Ontologies Rules RDF Documents Web Pages, Databases RDF Database

  35. Semantic Social Networks • The latest breed of social networking services combine social networks with the sharing of content such as bookmarks, documents, photos, reviews. • The use of of Semantic Web technology facilitated distributed control. • The friend-of-a-friend (FOAF) project is a first attempt at a formal, machine processable representation of user profiles and friendship networks. (Unlike with Friendster and similar sites that have central control) • FOAF profiles are created and controlled by the individual user and shared in a distributed fashion. • http://www.foaf-project.org.

  36. FOAF • The Friend of a Friend (FOAF) project is creating a Web of machine-readable pages describing people, the links between them and the things they create and do; it is a contribution to the linked information system known as the Web. • FOAF defines an open, decentralized technology for connecting social Web sites, and the people they describe. • FOAF is part of a shift towards a Web where we can choose the sites and tools we like, without being cut off from friends who made different choices. • FOAF lets you share and inter-connect information from diverse sources, move it around, and use it in unexpected new ways. Sharif University of Technology, Semantic Web Course, Fall 2005

  37. FOAF Example • <foaf:Person rdf:about="#me“ xmlns:foaf="http://xmlns.com/foaf/0.1/"> <foaf:name>Dan Brickley</foaf:name> <foaf:mbox_sha1sum>241021fb0e6289f92815fc210f9e9137262c252e</foaf:mbox_sha1sum> <foaf:homepage rdf:resource="http://danbri.org/" /> <foaf:img rdf:resource="/images/me.jpg" /> </foaf:Person>

  38. Summary and Directions • RDF is beginning to be used • Very little work on RDF security • How can we specify the policies discussed in this unit in RDF? • How can query modification be carried out for RDF documents? • Design access control for RDF databases