Semantics-aware security policy specification for the semantic web data

The semantic web has been envisioned as a machine interpretable web, where data instances are described through concepts defined and related in ontologies. Though ontologies are publicly available as a crucial component of the semantic web infrastructure, many data instances are sensitive and should be kept confidential. Sensitive information can be illegally inferred from other seemingly unclassified information in combination with the underlying data semantics and interrelationships revealed by ontologies. In other words, the visibility of ontologies can pose inference threats to the security of data instances, and this requires that security policies be specified in such a way that the semantic relationships among data instances are taken into account. To protect the semantic web data or other semantics-rich data, this paper presents semantics-aware security policy specification. We propose concept-level, association-level and property-level access control models for different security objects, and that authorisations be propagated based on different inference patterns. These propagation policies can be used to generate safe and consistent access control authorisations.

[1]  Phiniki Stouppa,et al.  A Formal Model of Data Privacy , 2006, Ershov Memorial Conference.

[2]  Peter D. Karp,et al.  Detection and elimination of inference channels in multilevel relational database systems , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Csilla Farkas,et al.  Ontology Guided XML Security Engine , 2004, Journal of Intelligent Information Systems.

[4]  Jie Bao,et al.  Privacy-Preserving Reasoning on the SemanticWeb , 2007, IEEE/WIC/ACM International Conference on Web Intelligence (WI'07).

[5]  Makoto Murata,et al.  XML access control using static analysis , 2006, TSEC.

[6]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[7]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[8]  Harry S. Delugach,et al.  Wizard: A Database Inference Analysis and Detection System , 1996, IEEE Trans. Knowl. Data Eng..

[9]  Harry S. Delugach,et al.  A Fast Algorithm for Detecting Second Paths in Database Inference Analysis , 1995, J. Comput. Secur..

[10]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[11]  Li Qin,et al.  Concept-level access control for the Semantic Web , 2003, XMLSEC '03.

[12]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[13]  Reind P. van de Riet,et al.  Answering queries without revealing secrets , 1983, TODS.

[14]  Phiniki Stouppa,et al.  Data Privacy for Knowledge Bases , 2009, LFCS.

[15]  Amit Jain,et al.  Secure resource description framework: an access control model , 2006, SACMAT '06.

[16]  Thomas R. Gruber,et al.  A translation approach to portable ontology specifications , 1993, Knowl. Acquis..

[17]  Elisa Bertino,et al.  On specifying security policies for web documents with an XML-based language , 2001, SACMAT '01.

[18]  Vijayalakshmi Atluri,et al.  An authorization model for temporal and derived data: securing information portals , 2002, TSEC.

[19]  Joachim Biskup,et al.  Lying versus refusal for known potential secrets , 2001, Data Knowl. Eng..

[20]  Norbert E. Fuchs,et al.  Semantic Web Policies - A Discussion of Requirements and Research Issues , 2006, ESWC.

[21]  Lalana Kagal Rei : A Policy Language for the Me-Centric Project , 2002 .

[22]  Thomas R. Gruber,et al.  A Translation Approach to Portable Ontologies , 1993 .

[23]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[24]  Sarit Kraus,et al.  Foundations of Secure Deductive Databases , 1995, IEEE Trans. Knowl. Data Eng..

[25]  Sushil Jajodia,et al.  Inference Problems in Multilevel Secure Database Management Systems , 2006 .

[26]  Timothy W. Finin,et al.  Policy-Based Access Control for an RDF Store , 2005, IJCAI 2007.

[27]  Matthew Morgenstern,et al.  Controlling logical inference in multilevel database systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[28]  Joachim Biskup,et al.  Controlled query evaluation for enforcing confidentiality in complete information systems , 2004, International Journal of Information Security.

[29]  Ernesto Damiani,et al.  Securing XML Documents , 2000, EDBT.

[30]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[31]  Thomas H. Hinke,et al.  Inference aggregation detection in database management systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[32]  Ernesto Damiani,et al.  Extending Policy Languages to the Semantic Web , 2004, ICWE.

[33]  Elisa Bertino,et al.  An infrastructure for managing secure update operations on XML data , 2003, SACMAT '03.