Access Control for Sharing Semantic Data across Desktops

Personal Information Management (PIM) systems aim to provide convenient access to all data and metadata on a desktop to the user itself as well as the co-workers. Obviously, sharing desktop data with co-workers raises privacy and access control issues which have to be addressed. In this paper we discuss these issues, and present appropriate solutions. In line with the architecture of current PIM systems [8, 2, 11, 15], our solutions cover all semantic data shared in such a context, i.e. all desktop resources as well as other data structures created by the system, such as metadata in an RDF store and inverted index entries created for efficient textual search. We discuss different kinds of policies to specify protection for desktop data and metadata, and describe our access control system to express and execute these policies efficiently. Additionally, we describe the extension of an existing PIM system, Beagle++, with our approach, as well as our experiments, with convincing results on performance and scalability.

[1]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[2]  Leo Sauermann,et al.  Semantic Desktop 2.0: The Gnowsis Experience , 2006, International Semantic Web Conference.

[3]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[4]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[5]  Marianne Winslett,et al.  No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web , 2004, ESWS.

[6]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[7]  Wolfgang Nejdl,et al.  The Beagle++ Toolbox: Towards an Extendable Desktop Search Architecture , 2006, SemDesk.

[8]  David Hawking,et al.  Challenges in Enterprise Search , 2004, ADC.

[9]  Jaideep Vaidya,et al.  Privacy-preserving indexing of documents on the network , 2003, The VLDB Journal.

[10]  Piero A. Bonatti,et al.  Driving and monitoring provisional trust negotiation with metapolicies , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[11]  Tore Risch,et al.  EDUTELLA: a P2P networking infrastructure based on RDF , 2002, WWW.

[12]  Charles L. A. Clarke,et al.  A security model for full-text file system search in multi-user environments , 2005, FAST'05.

[13]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.