WP3: Provenance and Access Policies

Giorgos Flouris (FORTH) - fgeo@ics.forth.gr

Irini Fundulaki (CWI & FORTH)- fundul@ics.forth.gr

Slide 2

Part IGeneral Description of WP3

Slide 3

Research Topics, Tasks and Partners Objective: manage annotations of different forms

and semantics over data, related to data access Research Topics: Provenance, Access Control,

Privacy, Digital Rights Management (DRM), Trust Management

Partners: FORTH, EPFL, KIT

PROVENANCE

ACCESS CONTROL

DRM PRIVACY TRUST MANAGEMENT

Task 3.1(M1-M36)

Task 3.2(M1-M42)

Task 3.3(M19-M42)

FORTH (14 PM) EPFL (2 PM) KIT (3 PM)

Slide 4

Deliverables

D3.1 (FORTH, M24): “Access Control Specification Language, Reasoning and Enforcement Mechanisms”

D3.2 (FORTH, M36): “Provenance Management and propagation through SPARQL query and update languages”

D3.3 (FORTH, M42): “Access Control System and Privacy Aware Language”

D3.4 (EPFL, M42): “Trust Management and Inference System”

PROVENANCE

ACCESS CONTROL

DRM PRIVACY TRUST MANAGEMENT

Task 3.1 (M1-M36) Task 3.2 (M1-M42) Task 3.3 (M19-M42)

FORTH (14 PM) EPFL (2 PM) KIT (3 PM)

D3.2 (M24) D3.1 (M36), D3.3 (M42) D3.4 (M42)

Slide 5

Collaboration (Review Concern)Paper connecting quality assessment and

repair from WP2 with provenance and the work done in WP3 (FUB-FORTH)

Experiments for access control framework to consider datasets used in the project

Slide 6

Part IIResearch on WP3: Access Control

Slide 7

Controlling Access to RDF Data

Refers to the ability to permit or deny the use of a particular resource by a particular entity

Crucial for sensitive content since it ensures the selective exposure of information to different classes of users

Slide 8

Contributions: Access Control

Contributions:

◦Fine-grained, repository independent, portable across platforms access control framework

◦High-level access control model for RDF data focusing on read-only permissions

◦Formal semantics

◦System implementation & experiments

Slide 9

Abstract Versus Concrete ModelsStandard approach

◦(t, accessible)Our approach

◦(t, at5 ⊙ at2)◦Concretize at5, at2, ⊙◦Compute at5⊙at2

◦Determine whether t is accessible or notAdvantages

◦Can experiment with different semantics and access control policies

◦Faster updating of access control annotations during changes (additions/deletions of triples and/or annotations)

Slide 10

Abstract Access Control ModelAccess Control Model defined by a set of abstract

tokens and abstract operators to model

◦Computation of access labels of implicit RDF triples

◦Propagation of access labels

◦Conflicting and missing access labelsAccess Control Authorizations associate triples in

the RDF/S graph with abstract tokens: quadruplesEntailment rules for computing the access labels of

implied quadruplesPropagation rules to specify how access labels are

propagated along the subclassOf and subpropertyOf relations.

Slide 11

Computing Abstract Labels

1. Evaluate the authorizations on the RDFS graph to obtain quadruples (i.e., triples annotated with access labels)

2. Apply RDFS Inference on the set of quadruples to obtain the closure of the RDFS graph

3. Apply the propagation rules to compute the propagated labels

04/21/23

Slide 12

Example: Input

t1:

t2:

t3:

t4:

t5:

t6:

s

Student sc Person

Person sc Agent

&a type Student

&a firstName Alice

&a lastName Smith

Agent type class

RDF triples

A1 : (construct {?x firstName ?y}

where {?x type Student }, at1)

A2 : (construct {?x sc ?y}, at2)

A3 : (construct {?x type Student }, at3)

A4 : (construct {?x type class}, at4)

A5 : (construct {?x ?p Person}, at5)

Authorizations(Query, Access Token)

op

Slide 13

Example: Authorizations

q1:

q2:

q3:

q4:

q5:

q6:

s p o

Student sc Person

Person sc Agent

&a type Student

&a firstName Alice

&a lastName Smith

Agent type class

RDF quadruples

l

at2

at2

at3

at1

at4

q7: Student sc Person

at5

t1:

t2:

t3:

t4:

t5:

t6:

s

Student sc Person

Person sc Agent

&a type Student

&a firstName Alice

&a lastName Smith

Agent type class

A1 : (construct {?x firstName ?y}

where {?x type Student }, at1)

A2 : (construct {?x sc ?y}, at2)

A3 : (construct {?x type Student }, at3)

A4 : (construct {?x type class}, at4)

A5 : (construct {?x ?p Person}, at5)

p o

Slide 14

Example: ⊙ Entailment Operator

RDFS Inference: triple-generating rules

(A1, sc, A2, l1) (A2, sc, A3, l2) (A1, sc, A3, l1 ⊙ l2)

(&r1, type, A1, l1)

(A1, sc, A2, l2) (&r1, type, A2, l1 ⊙ l2)

q8:

q9:

q10:

q11:

q12:

s p o

Student sc Agent

Student sc Agent

&a type Person

&a type Agent

&a type Agent

l

at2 ⊙ at2

at5 ⊙ at2

at3 ⊙ at2

(at3 ⊙ at2) ⊙ at2

(at5 ⊙ at2) ⊙ at2

q1:

q2:

q3:

s p o

Student sc Person

Person sc Agent

&a type Student

l

at2

at2

at3

q7: Student sc Person at5

Slide 15

Example: Propagation Operator

( (l1)) = (l1) (idempotence)

Propagating labels: no new triples are created(A1, type, class, l1)

(&a, type, A1, (l1 ))(&a, type, A1, l2)

q6:

q11:

s p o

Agent type

Agent&a type

class

l

at4

(at3 ⊙ at2) ⊙ at2

q13:

s p o

&a type Agent

l at4

Slide 16

Concrete Access Control Policy (1)

How do you determine the accessibility of a triple?

◦ Need to evaluate the abstract label(s) associated with said triple

Concrete access control policy

◦ Set of concrete Tokens (e.g., true-false, high-medium-low, etc)

◦ Mapping from abstract to concrete tokens (e.g., at4false)

◦ Concrete operators (i.e., implementation of abstract ones, e.g.,

⊙=)

◦ Conflict resolution operator (used when more that one abstract

labels are associated with the same triple to resolve ambiguity)

◦ Access function (to decide whether a triple is accessible,

depending on the evaluation result)

Slide 17

Concrete Access Control Policy (2)Example:

◦Set of concrete tokens: LP = { true, false}◦Mapping: at1, at2, at3 true, at4, at5 false◦Entailment operator ⊙:

al1 ⊙ al2 =

◦Propagation operator : al = al

al1 al2 if al1 and al2 are different from ali if ali = , alj different from if al1 , al2 equal to

Slide 18

Concrete Access Control Policy (3)

◦Conflict resolution operator: If a token is assigned n labels: al1,…,aln, then:

{al1,...,aln} =

◦Access function: triples with label true are accessible, otherwise, inaccessible

false if false is in {al1,...,aln}

true if false is not in {al1,...,aln}, but true is

if neither false nor true are in {al1,...,aln}

Slide 19

Example: Evaluation Process Is (&a, type, Agent) accessible?Find all labels of (&a, type, Agent), i.e., all quadruples

involving said triple:◦ (&a, type, Agent, (at3 ⊙ at2) ⊙ at2 )◦ (&a, type, Agent, (at5 ⊙ at2) ⊙ at2 )◦ (&a, type, Agent, at4)

Evaluate them:◦ (&a, type, Agent, true)◦ (&a, type, Agent, false)◦ (&a, type, Agent, false)

Resolve conflicts (i.e., “combine” labels):◦ (&a, type, Agent, false)

Run access function to determine accessibility:◦ Not accessible

Slide 20

Implementation

04/21/23

Implementation:◦Use of a relational schema to store the quadruples

◦Quad(qid, s, p, o, propop, inferop, label) inferop, propop: boolean values indicating whether the label is obtained through propagation or inference

◦LabelStore(qid, qid_uses) Stores the access label of a triple

◦qid: the quadruple whose label is stored

◦qid_uses: the quadruple used by quadruple with qid to compute the label of the latter.

Slide 21

Experiments: Description

Experiment 1: annotation time (the time required to compute the inferred triples with their labels and the propagated labels)

Experiment 2: evaluation time (a) (the time needed to compute for a concrete policy, the concrete access label all the RDF triples)

Experiment 3: evaluation time (b) (the time needed to compute for a concrete policy, the concrete access label of a % of the RDF triples in a graph)

Slide 22

Experiments: Setting and Process

MonetDB/Postgresql to store the quadruples

Stored Procedures to

◦Compute the abstract access labels (complex

expressions) (Experiment 1)

◦Given a concrete policy, to compute the concrete

access labels of triples (Experiments 2 and 3)

Datasets:

◦Synthetic schemas produced with Powergen

◦CIDOC & GO ontologies

Slide 23

Experiments: Results

Annotation time increases linearly with respect to implied triples ◦45 secs for 900K implied triples (MonetDB)

Evaluation time increases linearly with respect to the number of triples evaluated◦60 secs for 30K evaluated triples (MonetDB)

MonetDB is faster than PostgresqlWorking on improved schemata to get better

performance

Slide 24

References

Flouris G., Fundulaki I., Michou M., Antoniou G. Controlling

Access to RDF Graphs. In FIS 2010. Flouris G., Fundulaki I., Michou M., Papakonstantinou V.,

Antoniou G. Access Control for RDFS Graphs Using Abstract Models. To appear in SACMAT 2012.

04/21/23

Slide 25

Thank you !