Towards a security and privacy protection model for semantic query engines

The semantic web aims to describe information in terms of well-defined vocabularies and comprehends both data and knowledge to cope with meaning of data. Advanced search engines are used to retrieve precise information out of these knowledge resources. The main challenge is not only retrieving data but also how to keep data safe and protected against any form of attacks. In this paper, we propose a security aware based model for semantic search engines. Our work aims to combine advances in information technology, such as cloud technology, while addressing security issues which threaten the integrity of information. In particular security gaps and countermeasures of the semantic web are identified. ISO/IEC security requirements for the protection of personally identifiable information (PII) are presented to cover security vulnerabilities of the proposed model. Finally, the feasibility of our proposed model is checked against the N2Sky use case, a multi-cloud knowledge information management system for the computational intelligence community.

[1]  Laurie A. Williams,et al.  Using Automated Fix Generation to Secure SQL Statements , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[2]  Neelam Duhan,et al.  Comparative Study on Semantic Search Engines , 2015 .

[3]  K Punithasurya,et al.  Analysis of Different Access Control Mechanism in Cloud , 2012 .

[4]  Mehmet Emin Mutlu,et al.  On the track of Artificial Intelligence: Learning with Intelligent Personal Assistants , 2016 .

[5]  Zhendong Ma,et al.  Security Viewpoint in a Reference Architecture Model for Cyber-Physical Production Systems , 2017, 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[6]  Erich Schikuta,et al.  N2Sky — Neural networks as services in the clouds , 2013, The 2013 International Joint Conference on Neural Networks (IJCNN).

[7]  Timothy W. Finin,et al.  Swoogle: a search and metadata engine for the semantic web , 2004, CIKM '04.

[8]  Erich Schikuta,et al.  A Framework for Ontology Based Management of Neural Network as a Service , 2016, ICONIP.

[9]  Donald E. Eastlake,et al.  XML-Signature Syntax and Processing , 2001, RFC.

[10]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[11]  Erich Schikuta,et al.  ViNNSL - the Vienna Neural Network Specification Language , 2008, 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence).

[12]  Eser Kandogan,et al.  Avatar semantic search: a database approach to information retrieval , 2006, SIGMOD Conference.

[13]  Erich Schikuta,et al.  Searching the Sky for Neural Networks , 2017, IWANN.

[14]  Wouter Joosen,et al.  Entity-Based Access Control: supporting more expressive access control policies , 2015, ACSAC.

[15]  Suresh Kumar,et al.  Realization of Threats and Countermeasure in Semantic Web Services , 2010 .

[16]  Zahid Anwar,et al.  A deliberately insecure RDF-based Semantic Web application framework for teaching SPARQL/SPARUL injection attacks and defense mechanisms , 2016, Comput. Secur..

[17]  Jyoti Chaurasia,et al.  Survey on Semantic Web Search Engine: Using Domain Ontology , 2015 .

[18]  A. A. Abd El-Aziz Ahmend,et al.  Literature Review on XML Security and Access Control to XML Documents , 2014 .

[19]  Bhavani M. Thuraisingham,et al.  Security standards for the semantic web , 2005, Comput. Stand. Interfaces.

[20]  Stefan Negru,et al.  How to feed Apache HBase with Petabytes of RDF Data: An Extremely Scalable RDF Store Based on Eclipse RDF4J Framework and Apache HBase Database , 2016, International Semantic Web Conference.

[21]  Yun Peng,et al.  Swoogle: A semantic web search and metadata engine , 2004, CIKM 2004.

[22]  Timothy W. Finin,et al.  Authorization and privacy for semantic Web services , 2004, IEEE Intelligent Systems.

[23]  Shuai Zhang,et al.  Exploring injection prevention technologies for security-aware distributed collaborative manufacturing on the Semantic Web , 2011 .

[24]  Suresh Kumar,et al.  Semantic Web attacks and countermeasures , 2014, 2014 International Conference on Advances in Engineering & Technology Research (ICAETR - 2014).