Secure Manipulation of Linked Data

When it comes to publishing data on the web, the level of access control required (if any) is highly dependent on the type of content exposed. Up until now RDF data publishers have focused on exposing and linking public data. With the advent of SPARQL 1.1, the linked data infrastructure can be used, not only as a means of publishing open data but also, as a general mechanism for managing distributed graph data. However, such a decentralised architecture brings with it a number of additional challenges with respect to both data security and integrity. In this paper, we propose a general authorisation framework that can be used to deliver dynamic query results based on user credentials and to cater for the secure manipulation of linked data. Specifically we describe how graph patterns, propagation rules, conflict resolution policies and integrity constraints can together be used to specify and enforce consistent access control policies.

[1]  Stefan Decker,et al.  An Access Control Framework for the Web of Data , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[2]  Stefan Decker,et al.  Applying DAC Principles to the RDF Graph Data Model , 2013, SEC.

[3]  Serena Villata,et al.  Linked Data Access Goes Mobile: Context-Aware Authorization for Graph Stores , 2012, LDOW.

[4]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[5]  Stefan Decker,et al.  Protect Your RDF Data! , 2012, JIST.

[6]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[7]  Sabrina De Capitani di Vimercati,et al.  Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.

[8]  Amit Jain,et al.  Secure resource description framework: an access control model , 2006, SACMAT '06.

[9]  Alban Gabillon,et al.  A View Based Access Control Model for SPARQL , 2010, 2010 Fourth International Conference on Network and System Security.

[10]  Roberto Gorrieri,et al.  Foundations of Security Analysis and Design VII , 2014, Lecture Notes in Computer Science.

[11]  Axel Polleres,et al.  A Logic Programming approach for Access Control over RDF , 2012, ICLP.

[12]  Sujeet Shenoi,et al.  Security and Privacy Protection in Information Processing Systems , 2013, IFIP Advances in Information and Communication Technology.

[13]  Sören Auer,et al.  Control on RDF Triple Stores from a Semantik Wiki Perspective , 2006 .

[14]  Elisa Bertino,et al.  Authorizations in relational database management systems , 1993, CCS '93.

[15]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[16]  Timothy W. Finin,et al.  Policy-Based Access Control for an RDF Store , 2005, IJCAI 2007.

[17]  Nicola Henze,et al.  Enabling Advanced and Context-Dependent Access Control in RDF Stores , 2007, ISWC/ASWC.

[18]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.