A Logic Programming approach for Access Control over RDF

The Resource Description Framework (RDF) is an interoperable data representation format suitable for interchange and integration of data, especially in Open Data contexts. However, RDF is also becoming increasingly attractive in scenarios involving sensitive data, where data protection is a major concern. At its core, RDF does not support any form of access control and current proposals for extending RDF with access control do not fit well with the RDF representation model. Considering an enterprise scenario, we present a modelling that caters for access control over the stored RDF data in an intuitive and transparent manner. For this paper we rely on Annotated RDF, which introduces concepts from Annotated Logic Programming into RDF. Based on this model of the access control annotation domain, we propose a mechanism to manage permissions via application-specific logic rules. Furthermore, we illustrate how our Annotated Query Language (AnQL) provides a secure way to query this access control annotated RDF data.

[1]  E. Prud hommeaux,et al.  SPARQL query language for RDF , 2011 .

[2]  Umberto Straccia,et al.  A General Framework for Representing and Reasoning with Annotated Semantic Web Data , 2010, AAAI.

[3]  Marcelo Arenas,et al.  Semantics and complexity of SPARQL , 2006, TODS.

[4]  Morteza Amini,et al.  Multi-level authorisation model and framework for distributed semantic-aware environments , 2010, IET Inf. Secur..

[5]  Dan Brickley,et al.  Rdf vocabulary description language 1.0 : Rdf schema , 2004 .

[6]  Sushil Jajodia,et al.  Policies, Models, and Languages for Access Control , 2005, DNIS.

[7]  Jeffrey M. Bradshaw,et al.  KAoS: toward an industrial-strength open agent architecture , 1997 .

[8]  Diego Reforgiato Recupero,et al.  Annotated RDF , 2006, TOCL.

[9]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[10]  Heiner Stuckenschmidt,et al.  Query-Based Access Control for Ontologies , 2010, RR.

[11]  Umberto Straccia,et al.  A Minimal Deductive System for General Fuzzy RDF , 2009, RR.

[12]  Joe Presbrey,et al.  Using RDF Metadata To Enable Access Control on the Social Semantic Web , 2009 .

[13]  S. Javanmardi,et al.  SBAC : “ A Semantic – Based Access Control Model ” , 2006 .

[14]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[15]  Umberto Straccia,et al.  A General Framework for Representing, Reasoning and Querying with Annotated Semantic Web Data , 2011, J. Web Semant..

[16]  Herman J. ter Horst,et al.  Completeness, decidability and complexity of entailment for RDF Schema and a semantic extension involving the OWL vocabulary , 2005, J. Web Semant..

[17]  Zhisheng Huang,et al.  SWI-Prolog and the web , 2007, Theory and Practice of Logic Programming.

[18]  Nicola Henze,et al.  Enabling Advanced and Context-Dependent Access Control in RDF Stores , 2007, ISWC/ASWC.

[19]  Robert Neches,et al.  Access Control Policies for Semantic Networks , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[20]  Claudio Gutiérrez,et al.  Introducing Time into RDF , 2007, IEEE Transactions on Knowledge and Data Engineering.

[21]  V. S. Subrahmanian,et al.  Theory of Generalized Annotated Logic Programming and its Applications , 1992, J. Log. Program..

[22]  Umberto Straccia,et al.  AnQL: SPARQLing Up Annotated RDFS , 2010, SEMWEB.

[23]  V. S. Costa,et al.  Theory and Practice of Logic Programming , 2010 .

[24]  Piero A. Bonatti,et al.  Rule-Based Policy Representations and Reasoning , 2009, REWERSE.

[25]  Rafael Peñaloza,et al.  A Generic Approach for Large-Scale Ontological Reasoning in the Presence of Access Restrictions to the Ontology's Axioms , 2009, International Semantic Web Conference.