Presentation is loading. Please wait.

Presentation is loading. Please wait.

WP3: Provenance and Access Policies Giorgos Flouris (FORTH) - Irini Fundulaki (CWI & FORTH) -

Published byHenry O’Connor’ Modified over 8 years ago

Similar presentations

Presentation on theme: "WP3: Provenance and Access Policies Giorgos Flouris (FORTH) - Irini Fundulaki (CWI & FORTH) -"— Presentation transcript:

1 WP3: Provenance and Access Policies Giorgos Flouris (FORTH) - fgeo@ics.forth.gr Irini Fundulaki (CWI & FORTH) - fundul@ics.forth.gr

2 Slide 2 Part I General Description of WP3

3 Slide 3 Research Topics, Tasks and Partners Objective: manage annotations of different forms and semantics over data, related to data access Research Topics: Provenance, Access Control, Privacy, Digital Rights Management (DRM), Trust Management Partners : FORTH, EPFL, KIT PROVENANCEACCESS CONTROL DRMPRIVACYTRUST MANAGEMENT Task 3.1 (M1-M36) Task 3.2 (M1-M42) Task 3.3 (M19-M42) FORTH (14 PM)EPFL (2 PM)KIT (3 PM)

4 Slide 4 Deliverables D3.1 (FORTH, M24): “Access Control Specification Language, Reasoning and Enforcement Mechanisms” D3.2 (FORTH, M36): “Provenance Management and propagation through SPARQL query and update languages” D3.3 (FORTH, M42): “Access Control System and Privacy Aware Language” D3.4 (EPFL, M42): “Trust Management and Inference System” PROVENANCEACCESS CONTROL DRMPRIVACYTRUST MANAGEMENT Task 3.1 (M1-M36 ) Task 3.2 (M1-M42)Task 3.3 (M19-M42) FORTH (14 PM)EPFL (2 PM)KIT (3 PM) D3.2 (M24)D3.1 (M36), D3.3 (M42)D3.4 (M42)

5 Slide 5 Collaboration (Review Concern) Paper connecting quality assessment and repair from WP2 with provenance and the work done in WP3 (FUB-FORTH) Experiments for access control framework to consider datasets used in the project

6 Slide 6 Part II Research on WP3: Access Control

7 Slide 7 Controlling Access to RDF Data Refers to the ability to permit or deny the use of a particular resource by a particular entity Crucial for sensitive content since it ensures the selective exposure of information to different classes of users

8 Slide 8 Contributions: Access Control Contributions: ◦ Fine-grained, repository independent, portable across platforms access control framework ◦ High-level access control model for RDF data focusing on read-only permissions ◦ Formal semantics ◦ System implementation & experiments

9 Slide 9 Abstract Versus Concrete Models Standard approach ◦ (t, accessible) Our approach ◦ (t, at 5 ⊙ at 2 ) ◦ Concretize at 5, at 2, ⊙ ◦ Compute at 5 ⊙ at 2 ◦ Determine whether t is accessible or not Advantages ◦ Can experiment with different semantics and access control policies ◦ Faster updating of access control annotations during changes (additions/deletions of triples and/or annotations)

10 Slide 10 Abstract Access Control Model Access Control Model defined by a set of abstract tokens and abstract operators to model ◦ Computation of access labels of implicit RDF triples ◦ Propagation of access labels ◦ Conflicting and missing access labels Access Control Authorizations associate triples in the RDF/S graph with abstract tokens: quadruples Entailment rules for computing the access labels of implied quadruples Propagation rules to specify how access labels are propagated along the subclassOf and subpropertyOf relations.

11 Slide 11 Computing Abstract Labels 1. Evaluate the authorizations on the RDFS graph to obtain quadruples (i.e., triples annotated with access labels) 2. Apply RDFS Inference on the set of quadruples to obtain the closure of the RDFS graph 3. Apply the propagation rules to compute the propagated labels 11/16/2015

12 Slide 12 Example: Input t1:t1: t2:t2: t3:t3: t4:t4: t5:t5: t6:t6: s Student sc Person sc Agent &a&a type Student &a&a firstName Alice &a&a lastNameSmith Agent typeclass RDF triples A 1 : (construct {?x firstName ?y} where {?x type Student }, at1) A 2 : (construct {?x sc ?y}, at2) A 3 : (construct {?x type Student }, at3) A 4 : (construct {?x type class }, at4) A 5 : (construct {?x ?p Person}, at5) Authorizations (Query, Access Token) o p

13 Slide 13 Example: Authorizations q1:q1: q2:q2: q3:q3: q4:q4: q5:q5: q6:q6: spospo Student sc Person sc Agent &a&a type Student &a&a firstName Alice &a&a lastNameSmith Agent typeclass RDF quadruples l at2 at3 at1 at4 q7:q7: Student sc Person at5  t1:t1: t2:t2: t3:t3: t4:t4: t5:t5: t6:t6: s Student sc Person sc Agent &a&a type Student &a&a firstName Alice &a&a lastNameSmith Agent type class A 1 : (construct {?x firstName ?y} where {?x type Student }, at1) A 2 : (construct {?x sc ?y}, at2) A 3 : (construct {?x type Student }, at3) A 4 : (construct {?x type class }, at4) A 5 : (construct {?x ?p Person}, at5) p o

14 Slide 14 Example: ⊙ Entailment Operator RDFS Inference: triple-generating rules (A 1, sc, A 2, l 1 )(A 2, sc, A 3, l 2 ) (A 1, sc, A 3, l 1 ⊙ l 2 ) (&r 1, type, A 1, l 1 )(A 1, sc, A 2, l 2 ) (&r 1, type, A 2, l 1 ⊙ l 2 ) q8:q8: q9:q9: q 10 : q 11 : q 12 : spospo Student sc Agent Student sc Agent &a&a type Person &a&a type Agent &a&a type Agent l at2 ⊙ at2 at5 ⊙ at2 at3 ⊙ at2 (at3 ⊙ at2) ⊙ at2 (at5 ⊙ at2) ⊙ at2 q1:q1: q2:q2: q3:q3: spospo Student sc Person sc Agent &a&a type Student l at2 at3 q7:q7: Student sc Person at5

15 Slide 15 Example:  Propagation Operator  (  ( l 1 )) =  ( l 1 ) ( idempotence ) Propagating labels: no new triples are created (A 1, type, class, l 1 )(&a, type, A 1,  ( l 1 ))(&a, type, A 1, l 2 ) q6:q6: q 11 : spospo Agent type Agent &a type class l at4 (at3 ⊙ at2) ⊙ at2 q 13 : spospo &a type Agent l  at4

16 Slide 16 Concrete Access Control Policy (1) How do you determine the accessibility of a triple? ◦ Need to evaluate the abstract label(s) associated with said triple Concrete access control policy ◦ Set of concrete Tokens (e.g., true-false, high-medium-low, etc) ◦ Mapping from abstract to concrete tokens (e.g., at4  false) ◦ Concrete operators (i.e., implementation of abstract ones, e.g., ⊙ =  ) ◦ Conflict resolution operator (used when more that one abstract labels are associated with the same triple to resolve ambiguity) ◦ Access function (to decide whether a triple is accessible, depending on the evaluation result)

17 Slide 17 Concrete Access Control Policy (2) Example: ◦ Set of concrete tokens: L P = { true, false} ◦ Mapping: at1, at2, at3  true, at4, at5  false ◦ Entailment operator ⊙ :  al1 ⊙ al2 = ◦ Propagation operator  :  al = al al 1  al 2 if al1 and al2 are different from  al i if al i = , al j different from   if al 1, al 2 equal to 

18 Slide 18 Concrete Access Control Policy (3) ◦ Conflict resolution operator:  If a token is assigned n labels: al 1,…,al n, then:   {al 1,...,al n } = ◦ Access function: triples with label true are accessible, otherwise, inaccessible false if false is in {al 1,...,al n } true if false is not in {al 1,...,al n }, but true is  if neither false nor true are in {al 1,...,al n }

19 Slide 19 Example: Evaluation Process Is (&a, type, Agent) accessible? Find all labels of (&a, type, Agent), i.e., all quadruples involving said triple: ◦ (&a, type, Agent, (at3 ⊙ at2) ⊙ at2 ) ◦ (&a, type, Agent, (at5 ⊙ at2) ⊙ at2 ) ◦ (&a, type, Agent,  at4) Evaluate them: ◦ (&a, type, Agent, true) ◦ (&a, type, Agent, false) Resolve conflicts (i.e., “combine” labels): ◦ (&a, type, Agent, false) Run access function to determine accessibility: ◦ Not accessible

20 Slide 20 Implementation 11/16/2015 Implementation: ◦ Use of a relational schema to store the quadruples ◦ Quad(qid, s, p, o, propop, inferop, label)  inferop, propop : boolean values indicating whether the label is obtained through propagation or inference ◦ LabelStore(qid, qid_uses)  Stores the access label of a triple ◦ qid : the quadruple whose label is stored ◦ qid_uses: the quadruple used by quadruple with qid to compute the label of the latter.

21 Slide 21 Experiments: Description Experiment 1: annotation time (the time required to compute the inferred triples with their labels and the propagated labels) Experiment 2: evaluation time (a) (the time needed to compute for a concrete policy, the concrete access label all the RDF triples) Experiment 3: evaluation time (b) (the time needed to compute for a concrete policy, the concrete access label of a % of the RDF triples in a graph)

22 Slide 22 Experiments: Setting and Process MonetDB/Postgresql to store the quadruples Stored Procedures to ◦ Compute the abstract access labels (complex expressions) ( Experiment 1 ) ◦ Given a concrete policy, to compute the concrete access labels of triples ( Experiments 2 and 3 ) Datasets: ◦ Synthetic schemas produced with Powergen ◦ CIDOC & GO ontologies

23 Slide 23 Experiments: Results Annotation time increases linearly with respect to implied triples ◦ 45 secs for 900K implied triples (MonetDB) Evaluation time increases linearly with respect to the number of triples evaluated ◦ 60 secs for 30K evaluated triples (MonetDB) MonetDB is faster than Postgresql Working on improved schemata to get better performance

24 Slide 24 References Flouris G., Fundulaki I., Michou M., Antoniou G. Controlling Access to RDF Graphs. In FIS 2010. Flouris G., Fundulaki I., Michou M., Papakonstantinou V., Antoniou G. Access Control for RDFS Graphs Using Abstract Models. To appear in SACMAT 2012. 11/16/2015

25 Slide 25 Thank you !

Download ppt "WP3: Provenance and Access Policies Giorgos Flouris (FORTH) - Irini Fundulaki (CWI & FORTH) -"

Similar presentations

RDFTL: An Event-Condition- Action Language for RDF George Papamarkos Alexandra Poulovassilis Peter T. Wood School of Computer Science and Information Systems.

RDFTL: An Event-Condition- Action Language for RDF George Papamarkos Alexandra Poulovassilis Peter T. Wood School of Computer Science and Information Systems.
Schema Matching and Query Rewriting in Ontology-based Data Integration Zdeňka Linková ICS AS CR Advisor: Július Štuller.

Schema Matching and Query Rewriting in Ontology-based Data Integration Zdeňka Linková ICS AS CR Advisor: Július Štuller.
Operating System Security

Operating System Security
CH-4 Ontologies, Querying and Data Integration. Introduction to RDF(S) RDF stands for Resource Description Framework. RDF is a standard for describing.

CH-4 Ontologies, Querying and Data Integration. Introduction to RDF(S) RDF stands for Resource Description Framework. RDF is a standard for describing.
WP3: Provenance and Access Control Irini Fundulaki Giorgos Flouris Institute of Computer Science-FORTH 1st year review Luxembourg, December 2011.

WP3: Provenance and Access Control Irini Fundulaki Giorgos Flouris Institute of Computer Science-FORTH 1st year review Luxembourg, December 2011.
Workpackage 2: Norms www.agreement-technologies.org.

Workpackage 2: Norms
Open Provenance Model Tutorial Session 2: OPM Overview and Semantics Luc Moreau University of Southampton.

Open Provenance Model Tutorial Session 2: OPM Overview and Semantics Luc Moreau University of Southampton.
RDF Schemata (with apologies to the W3C, the plural is not ‘schemas’) CSCI 7818 – Web Technologies 14 November 2001 Van Lepthien.

RDF Schemata (with apologies to the W3C, the plural is not ‘schemas’) CSCI 7818 – Web Technologies 14 November 2001 Van Lepthien.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
Introduction to Database Management  Department of Computer Science Northern Illinois University January 2001.

Introduction to Database Management  Department of Computer Science Northern Illinois University January 2001.
Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.

Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.
Continuous Compliance Assurance for Trusted Information Sharing: A Research Framework Bonnie W. Morris College of Business & Economics

Continuous Compliance Assurance for Trusted Information Sharing: A Research Framework Bonnie W. Morris College of Business & Economics
The Semantic Web – WEEK 5: RDF Schema + Ontologies The “Layer Cake” Model – [From Rector & Horrocks Semantic Web cuurse]

The Semantic Web – WEEK 5: RDF Schema + Ontologies The “Layer Cake” Model – [From Rector & Horrocks Semantic Web cuurse]
Introduction to CSE 591: Autonomous agents - theory and practice. Chitta Baral Professor Department of Computer Sc. & Engg. Arizona State University.

Introduction to CSE 591: Autonomous agents - theory and practice. Chitta Baral Professor Department of Computer Sc. & Engg. Arizona State University.
Let remember from the previous lesson what is Knowledge representation

Let remember from the previous lesson what is Knowledge representation
Describing Syntax and Semantics

Describing Syntax and Semantics
Module 2b: Modeling Information Objects and Relationships IMT530: Organization of Information Resources Winter, 2007 Michael Crandall.

Module 2b: Modeling Information Objects and Relationships IMT530: Organization of Information Resources Winter, 2007 Michael Crandall.
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.

XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
UT DALLAS Erik Jonsson School of Engineering & Computer Science FEARLESS engineering Secure Data Storage and Retrieval in the Cloud Bhavani Thuraisingham,

UT DALLAS Erik Jonsson School of Engineering & Computer Science FEARLESS engineering Secure Data Storage and Retrieval in the Cloud Bhavani Thuraisingham,

Similar presentations

Ads by Google