Privacy-Preserving Reasoning on the Semantic Web

Iowa State UniversityDepartment of Computer Science

Center for Computational Intelligence, Learning, and Discovery

Artificial Intelligence Research Laboratory

Web Intelligence, 2007, Jie Bao. Research Supported in part by NSF IIS 0639230

Jie Bao, Giora Slutzki and Vasant Honavar

Department of Computer Science, Iowa State University,

Ames, IA 50011-1040, USA. {baojie, slutzki, honavar}@cs.iastate.edu

Outline

• Selective knowledge sharing without compromising privacy

• Privacy-preserving reasoning under the open world assumption

• Practical algorithms for hierarchies and DL SHIQ.

Partially Hidden Knowledge

Locally visible:Has date

Query: Has date?Answer: Unknown

Bob’ schedule ontology

Query: Busy?Answer: Yes

Conflicting requirements

• Sharing knowledge

• Preserving privacy

Privacy-Preserving Reasoning

• Can a reasoner answer queries using hidden knowledge without exposing hidden knowledge?

QueriesYes

Unknown

Applications

• Personal Information Systems– e.g., calendar

• Healthcare– e.g., between person, pharmacy, and health insurance

company• Information protection

– e.g., can a public user infer protected information from queries to Monster.com?

• Government • Business

Outline

Hidden Knowledge and Incomplete Knowledge

• Open World Assumption

– KB: Dog is Animal

• Query: if Cat is Animal ? Unknown if Cat is not Animal ? Unknown

• Knowledge base may be incomplete

• Querying agent cannot distinguish between incomplete knowledge and hidden knowledge

• Hidden knowledge can be protected as if it is incomplete knowledge

Partially Hidden Knowledge

Locally visible:Has date

Query: Has date?Answer: Unknown

Query: Has travel?Answer: Unknown

Bob’ schedule ontology

Query: Busy?Answer: Yes

Desiderata for a Privacy-Preserving Reasoner

• A privacy-preserving reasoner should be– History independent: it gives the same answer to a query

regardless of the history of past queries – Honest: it never “lies”

– (Weak) History safe: previous answers and visible knowledge cannot be used to infer hidden knowledge

q R A {Y,N,U}

KBfalse

Reasoning Strategy and Safety Scope

• For a knowledge base K, a reasoning strategy produces a reasoner

• Scope( ) : {K | is privacy-preserving}

• Different reasoning strategies might have different safety scopes

• Desired: maximally informative reasoner with the largest possible safety scope

Outline

Privacy-preserving Reasoning with Hierarchies

OWA: • There may be

another path that connects a and d but is not included in the visible graph

• a→d does not imply b→c

unknownYES

Privacy-preserving reasoning reduces to reachability analysis

Example: Hierarchies

“safe” graph

Reasoning Strategy:

Safety Scope:

eE+ -Eh

Example: Hierarchies

“unsafe” graph

Reasoning Strategy:

Safety Scope:

eE+ -Eh( )+

Informativeness vs. Safety Scope

Dummy Reasoner

Obvious Reasoner

Safe Reasoner

Naive Reasoner

Gives information

Safety scope

Increasingly Informative

Decreasing safety scope

Privacy-preserving reasoning with DL

General Approach• Ensure that answers to queries will NOT give knowledge

beyond Kv about the signature of Kh.

• Kvc :axioms in Kv that contain names in Sig(Kh)

Kv Critical visible knowledge Kvc

C ⊑ D

C ⊑ R.D

G ⊑ H

• A querying agent does not know hidden names in Sig(Kh) that

are not in Sig(Kvc)

• A privacy preserving reasoner needs to

– ensure that Kv + QY does not reveal information about

Sig(Kh), beyond that revealed through Kvc

– i.e., ensure that Kv + QY is a conservative extension1 of Kvc

– i.e.,

• Determining whether one SHIQ KB is a conservative extension of another is in general, undecidable

1Grau, 2006

• Locality is a sufficient but not necessary condition for conservative extension

• An axiom or KB is local w.r.t. a signature S if it reveals no knowledge about S.

• An algorithm for checking locality is available1

• Locality can be used as a basis for a practical privacy preserving reasoner for SHIQ:

– It suffices to ensure that Kv-Kvc+QY is local w.r.t. Sig(Kvc)

[Grau et al., 2007]

Privacy-preserving reasoning with SHIQ

Call a DL Reasoner

Indistinguishable

Safety scope of this strategy is:

Summary

• A precise formulation of the problem of privacy-preserving reasoning

• A general framework for privacy-preserving reasoning that exploits the indistinguishability of hidden knowledge from incomplete knowledge under the Open World Assumption (OWA).

• Practical reasoners

– Strongly safe reasoner for hierarchical ontologies

– Weakly safe reasoner for SHIQ

Related Work

• Policy Languages (e.g. KAoS)– syntactical specification of access restrictions

• Ontology Encryption [Gieret 05]– Completely hide a part of an ontology

• Privacy information flow model [Farka and Jain] – focus on databases– relies on closed world semantics

• In contrast, our approach: – relies on open world semantics

– allows inferences using hidden knowledge without revealing hidden knowledge

Future Research

• Investigating of maximally informative privacy preserving reasoners

• Developing strong privacy-preserving reasoner for DL.

– Protect consequences of Kh

• Developing Privacy-Preserving Reasoners for RDF

• Investigating privacy preservation in a multiagent setting

• Exploring connections with epistemic logics

Thanks !

Privacy-Preserving Reasoning on the Semantic Web

Documents

Transcript of Privacy-Preserving Reasoning on the Semantic Web

MultiNet: Real-time Joint Semantic Reasoning for ...mi.eng.cam.ac.uk/~cipolla/publications/in... · MultiNet: Real-time Joint Semantic Reasoning for Autonomous Driving Marvin Teichmann123,

Preserving Privacy in Semantic-Rich Trajectories of Human Mobility

Semantic Understanding and Commonsense Reasoning in an ...

Unsupervised Semantic-Preserving Adversarial Hashing for Image Search · 2020. 9. 2. · DENG et al.: UNSUPERVISED SEMANTIC-PRESERVING ADVERSARIAL HASHING FOR IMAGE SEARCH 4033 reconstruct

Reasoning in Semantic Wikis

The UMLS Semantic Network Support for semantic integration and reasoning

An Efficient and Privacy-Preserving Semantic Multi …onlinepresent.org/proceedings/vol31_2013/58.pdfAn Efficient and Privacy-Preserving Semantic Multi-Keyword Ranked Search over Encrypted

From Semantic Parsing to Reasoning

Semantic Reasoning and Verification for Ambient Assisted Living · 2014-05-14 · Semantic Reasoning and Verification for Ambient Assisted Living Thibaut Tiberghien, Mounir Mokhtari,

Constructive Reasoning for Semantic Wikis - PhD defense presentation

and Inductive Stream Reasoning for Semantic Social Media ...tresp/papers/DeductiveInductiveStreamReasoni… · Deductive and Inductive Stream Reasoning for Semantic Social Media Analytics

Investigating Fuzzy Reasoning in Semantic Image Analysis · Investigating Fuzzy Reasoning in Semantic Image Analysis S. Dasiopoulou ¢ I. Kompatsiaris ¢ M.G. Strintzis the date of

SOWL:Spatiotemporal Representation , Reasoning and Querying over the Semantic Web

Combining Learning and Reasoning: A Semantic Web Perspectivepeople.cs.ksu.edu/~hitzler/pub2/2017-07-NeSy-keynote.pdf · 2017. 7. 18. · Combining Learning and Reasoning: A Semantic

Semantic Understanding and Commonsense Reasoning in an Adaptive

Reasoning Top-down biases symbolic distance effects semantic congruity effects Formal logic syllogisms conditional reasoning.

Pragmatic Reasoning and Semantic Convention: A Case Study ...

Minggu3 - Reasoning, Semantic Network, Frame 2015.pdf

Semantic matchmaking Local Closed-World Reasoning

Semantic Web reasoning - perso.liris.cnrs.fr · •The Semantic Web –Ontologies: OWL •Supplementary semantic constructs –Expressions » Object Property » Data ranges » Class