WP3: Provenance and Access Policies Giorgos Flouris (FORTH) - [email protected] Irini Fundulaki (CWI...
-
Upload
henry-oconnor -
Category
Documents
-
view
220 -
download
0
Transcript of WP3: Provenance and Access Policies Giorgos Flouris (FORTH) - [email protected] Irini Fundulaki (CWI...
WP3: Provenance and Access Policies
Giorgos Flouris (FORTH) - [email protected]
Irini Fundulaki (CWI & FORTH)- [email protected]
Slide 2
Part IGeneral Description of WP3
Slide 3
Research Topics, Tasks and Partners Objective: manage annotations of different forms
and semantics over data, related to data access Research Topics: Provenance, Access Control,
Privacy, Digital Rights Management (DRM), Trust Management
Partners: FORTH, EPFL, KIT
PROVENANCE
ACCESS CONTROL
DRM PRIVACY TRUST MANAGEMENT
Task 3.1(M1-M36)
Task 3.2(M1-M42)
Task 3.3(M19-M42)
FORTH (14 PM) EPFL (2 PM) KIT (3 PM)
Slide 4
Deliverables
D3.1 (FORTH, M24): “Access Control Specification Language, Reasoning and Enforcement Mechanisms”
D3.2 (FORTH, M36): “Provenance Management and propagation through SPARQL query and update languages”
D3.3 (FORTH, M42): “Access Control System and Privacy Aware Language”
D3.4 (EPFL, M42): “Trust Management and Inference System”
PROVENANCE
ACCESS CONTROL
DRM PRIVACY TRUST MANAGEMENT
Task 3.1 (M1-M36) Task 3.2 (M1-M42) Task 3.3 (M19-M42)
FORTH (14 PM) EPFL (2 PM) KIT (3 PM)
D3.2 (M24) D3.1 (M36), D3.3 (M42) D3.4 (M42)
Slide 5
Collaboration (Review Concern)Paper connecting quality assessment and
repair from WP2 with provenance and the work done in WP3 (FUB-FORTH)
Experiments for access control framework to consider datasets used in the project
Slide 6
Part IIResearch on WP3: Access Control
Slide 7
Controlling Access to RDF Data
Refers to the ability to permit or deny the use of a particular resource by a particular entity
Crucial for sensitive content since it ensures the selective exposure of information to different classes of users
Slide 8
Contributions: Access Control
Contributions:
◦Fine-grained, repository independent, portable across platforms access control framework
◦High-level access control model for RDF data focusing on read-only permissions
◦Formal semantics
◦System implementation & experiments
Slide 9
Abstract Versus Concrete ModelsStandard approach
◦(t, accessible)Our approach
◦(t, at5 ⊙ at2)◦Concretize at5, at2, ⊙◦Compute at5⊙at2
◦Determine whether t is accessible or notAdvantages
◦Can experiment with different semantics and access control policies
◦Faster updating of access control annotations during changes (additions/deletions of triples and/or annotations)
Slide 10
Abstract Access Control ModelAccess Control Model defined by a set of abstract
tokens and abstract operators to model
◦Computation of access labels of implicit RDF triples
◦Propagation of access labels
◦Conflicting and missing access labelsAccess Control Authorizations associate triples in
the RDF/S graph with abstract tokens: quadruplesEntailment rules for computing the access labels of
implied quadruplesPropagation rules to specify how access labels are
propagated along the subclassOf and subpropertyOf relations.
Slide 11
Computing Abstract Labels
1. Evaluate the authorizations on the RDFS graph to obtain quadruples (i.e., triples annotated with access labels)
2. Apply RDFS Inference on the set of quadruples to obtain the closure of the RDFS graph
3. Apply the propagation rules to compute the propagated labels
04/21/23
Slide 12
Example: Input
t1:
t2:
t3:
t4:
t5:
t6:
s
Student sc Person
Person sc Agent
&a type Student
&a firstName Alice
&a lastName Smith
Agent type class
RDF triples
A1 : (construct {?x firstName ?y}
where {?x type Student }, at1)
A2 : (construct {?x sc ?y}, at2)
A3 : (construct {?x type Student }, at3)
A4 : (construct {?x type class}, at4)
A5 : (construct {?x ?p Person}, at5)
Authorizations(Query, Access Token)
op
Slide 13
Example: Authorizations
q1:
q2:
q3:
q4:
q5:
q6:
s p o
Student sc Person
Person sc Agent
&a type Student
&a firstName Alice
&a lastName Smith
Agent type class
RDF quadruples
l
at2
at2
at3
at1
at4
q7: Student sc Person
at5
t1:
t2:
t3:
t4:
t5:
t6:
s
Student sc Person
Person sc Agent
&a type Student
&a firstName Alice
&a lastName Smith
Agent type class
A1 : (construct {?x firstName ?y}
where {?x type Student }, at1)
A2 : (construct {?x sc ?y}, at2)
A3 : (construct {?x type Student }, at3)
A4 : (construct {?x type class}, at4)
A5 : (construct {?x ?p Person}, at5)
p o
Slide 14
Example: ⊙ Entailment Operator
RDFS Inference: triple-generating rules
(A1, sc, A2, l1) (A2, sc, A3, l2) (A1, sc, A3, l1 ⊙ l2)
(&r1, type, A1, l1)
(A1, sc, A2, l2) (&r1, type, A2, l1 ⊙ l2)
q8:
q9:
q10:
q11:
q12:
s p o
Student sc Agent
Student sc Agent
&a type Person
&a type Agent
&a type Agent
l
at2 ⊙ at2
at5 ⊙ at2
at3 ⊙ at2
(at3 ⊙ at2) ⊙ at2
(at5 ⊙ at2) ⊙ at2
q1:
q2:
q3:
s p o
Student sc Person
Person sc Agent
&a type Student
l
at2
at2
at3
q7: Student sc Person at5
Slide 15
Example: Propagation Operator
( (l1)) = (l1) (idempotence)
Propagating labels: no new triples are created(A1, type, class, l1)
(&a, type, A1, (l1 ))(&a, type, A1, l2)
q6:
q11:
s p o
Agent type
Agent&a type
class
l
at4
(at3 ⊙ at2) ⊙ at2
q13:
s p o
&a type Agent
l at4
Slide 16
Concrete Access Control Policy (1)
How do you determine the accessibility of a triple?
◦ Need to evaluate the abstract label(s) associated with said triple
Concrete access control policy
◦ Set of concrete Tokens (e.g., true-false, high-medium-low, etc)
◦ Mapping from abstract to concrete tokens (e.g., at4false)
◦ Concrete operators (i.e., implementation of abstract ones, e.g.,
⊙=)
◦ Conflict resolution operator (used when more that one abstract
labels are associated with the same triple to resolve ambiguity)
◦ Access function (to decide whether a triple is accessible,
depending on the evaluation result)
Slide 17
Concrete Access Control Policy (2)Example:
◦Set of concrete tokens: LP = { true, false}◦Mapping: at1, at2, at3 true, at4, at5 false◦Entailment operator ⊙:
al1 ⊙ al2 =
◦Propagation operator : al = al
al1 al2 if al1 and al2 are different from ali if ali = , alj different from if al1 , al2 equal to
Slide 18
Concrete Access Control Policy (3)
◦Conflict resolution operator: If a token is assigned n labels: al1,…,aln, then:
{al1,...,aln} =
◦Access function: triples with label true are accessible, otherwise, inaccessible
false if false is in {al1,...,aln}
true if false is not in {al1,...,aln}, but true is
if neither false nor true are in {al1,...,aln}
Slide 19
Example: Evaluation Process Is (&a, type, Agent) accessible?Find all labels of (&a, type, Agent), i.e., all quadruples
involving said triple:◦ (&a, type, Agent, (at3 ⊙ at2) ⊙ at2 )◦ (&a, type, Agent, (at5 ⊙ at2) ⊙ at2 )◦ (&a, type, Agent, at4)
Evaluate them:◦ (&a, type, Agent, true)◦ (&a, type, Agent, false)◦ (&a, type, Agent, false)
Resolve conflicts (i.e., “combine” labels):◦ (&a, type, Agent, false)
Run access function to determine accessibility:◦ Not accessible
Slide 20
Implementation
04/21/23
Implementation:◦Use of a relational schema to store the quadruples
◦Quad(qid, s, p, o, propop, inferop, label) inferop, propop: boolean values indicating whether the label is obtained through propagation or inference
◦LabelStore(qid, qid_uses) Stores the access label of a triple
◦qid: the quadruple whose label is stored
◦qid_uses: the quadruple used by quadruple with qid to compute the label of the latter.
Slide 21
Experiments: Description
Experiment 1: annotation time (the time required to compute the inferred triples with their labels and the propagated labels)
Experiment 2: evaluation time (a) (the time needed to compute for a concrete policy, the concrete access label all the RDF triples)
Experiment 3: evaluation time (b) (the time needed to compute for a concrete policy, the concrete access label of a % of the RDF triples in a graph)
Slide 22
Experiments: Setting and Process
MonetDB/Postgresql to store the quadruples
Stored Procedures to
◦Compute the abstract access labels (complex
expressions) (Experiment 1)
◦Given a concrete policy, to compute the concrete
access labels of triples (Experiments 2 and 3)
Datasets:
◦Synthetic schemas produced with Powergen
◦CIDOC & GO ontologies
Slide 23
Experiments: Results
Annotation time increases linearly with respect to implied triples ◦45 secs for 900K implied triples (MonetDB)
Evaluation time increases linearly with respect to the number of triples evaluated◦60 secs for 30K evaluated triples (MonetDB)
MonetDB is faster than PostgresqlWorking on improved schemata to get better
performance
Slide 24
References
Flouris G., Fundulaki I., Michou M., Antoniou G. Controlling
Access to RDF Graphs. In FIS 2010. Flouris G., Fundulaki I., Michou M., Papakonstantinou V.,
Antoniou G. Access Control for RDFS Graphs Using Abstract Models. To appear in SACMAT 2012.
04/21/23
Slide 25
Thank you !