Collection of general data mining briefings

1
Building Trustworthy Semantic Webs Lecture 9
RDF and RDF Security
Dr. Bhavani Thuraisingham
September 24, 2008

2
Objective of the Unit

• This unit will provide an overview of RDF and
  then discuss some security issues

3
Outline of the Unit

• Why RDF?
• What is RDF?
• RDF Specifications
• RDF Schema (RFDS)
• RDF Axiomatic Semantics and Inferencing
• RQL
• Policies in RDF
• Summary and Directions
• Examples throughout the lecture

4
Why RDF?

• XML cannot be used to specify semantics
• Example
• Professor is a subclass of Academic Staff
• Professor inherits all properties of Academic
  Staff
• RDF was specified so that the inadequacies of XML
  could be handled
• RDF uses XML Syntax
• Additional constructs are needed for RDF

5
RDF

• Resource Description Framework is the essence of
  the semantic web
• Adds semantics with the use of ontologies, XML
  syntax
• RDF Concepts
• Basic Model
• Resources, Properties and Statements
• Container Model
• Bag, Sequence and Alternative

6
RDF Basics

• Resource Everything is a resource
• Person, Vehicle, etc.
• Property properties describe relationships
  between resources
• E.g., Invented
• Statement (Object, Property, Value) Triple
• Berners Lee invented the Semantic Web

7
RDF Specification
ltrdf RDF xmlns rdf http//w3c.org/1999/
02-22-rdf-syntax-ns xmlns xsd http//
- - - xmlns uni http// - - - - ltrdf
Description rdf about 949352 ltuni name
Berners Leelt/uninamegt ltuni titlegt
Professor lt unititlegt lt/rdf Descriptiongt ltrdf
Description rdf about ZZZ lt uni booknamegt
semantic web ltunibooknamegt lt uni authoredby
Berners Lee ltuniauthoredbygt lt/rdf
Descriptiongt lt/rdf RDFgt
8
Example

• The following example illustrates a part of an
  RDF document describing books Building_Trustworth
  y_Semantic_Webs and Managing_and_Mining_Multimedia
  _Databases. They belong to Class Book and have
  properties author, publisher, year and ISBN.
• lt?xml version"1.0"?gt
• ltrdfRDF
• xmlnsbook"http//www.example.com/book"
• xmlnsowl"http//www.w3.org/2002/07/owl"
• xmlnsrdf"http//www.w3.org/1999/02/22-rdf-syntax
  -ns"
• xmlnsrdfs"http//www.w3.org/2000/01/rdf-schema"
  gt
• ltbookBook rdfID"Building_Trustworthy_Semantic_W
  ebs"gt
• ltbookauthorgtBhavani Thuraisinghamlt/book
  authorgt
• ltbookpublishergtAuerbach
  Publicationslt/bookpublishergt
• ltbookyeargt2007lt/bookyeargt

9
Example

• ltbookISBNgt0849350808lt/bookISBNgt
• lt/bookBookgt
• ltbookBook rdfID"Managing_and_Mining_Multimedia_
  Databases"gt
• ltbookauthorgtBhavani Thuraisinghamlt/bookaut
  horgt
• ltbookpublishergtCRC Presslt/bookpublishergt
• ltbookyeargt2001lt/bookyeargt
• ltbookISBNgt0849300371lt/bookISBNgt
• lt/bookBookgt
• lt/rdfRDFgt

10
RDF Schema

• Need RDF Schema to specify statements such as
  professor is a subclass of academic staff
• ltrdfs Class rdf ID professor
• ltrdfs commentgt
• The class of Professors
• All professors are Academic Staff Members.
• ltrdfs commentgt
• ltrdfs subClassof rdf resource
  academicStaffMember/gt
• ltrdfs Classgt

11
Example

• ltThe RDF schema for the above RDF document is as
  follows
• lt?xml version"1.0"?gt
• ltrdfRDF
• xmlnsowl"http//www.w3.org/2002/07/owl"
• xmlnsrdf"http//www.w3.org/1999/02/22-rdf-syntax
  -ns"
• xmlnsrdfs"http//www.w3.org/2000/01/rdf-schema"
  
• xmlnswsp"http//www.w3.org/2004/08/20-ws-pol-pos
  /ns"gt
• ltrdfsClass rdfID"Book"gt
• ltrdfscommentgtBook Classlt/rdfscommentgt
• ltrdfssubClassOf rdfresource"http//www.w3.org/1
  999/02/22-rdf-syntax-nsResource"/gt
• lt/rdfsClassgt

12
Example

• ltrdfProperty rdfID"author"gt
• ltrdfsCommentgtAuthor of the booklt/rdfsCommentgt
• ltrdfsdomain rdfresource"Book"/gt
• ltrdfsrange rdfresource"http//www.w3.org/1999/0
  2/22-rdf-syntax-nsLiteral"/gt
• lt/rdfPropertygt
• ltrdfProperty rdfID"publisher"gt
• ltrdfsCommentgtPublisher of the booklt/rdfsCommentgt
  
• ltrdfsdomain rdfresource"Book"/gt
• ltrdfsrange rdfresource"http//www.w3.org/1999/0
  2/22-rdf-syntax-nsLiteral"/gt
• lt/rdfPropertygt

13
Example

• ltrdfProperty rdfID"year"gt
• ltrdfsCommentgtYear of first publication of the
  booklt/rdfsCommentgt
• ltrdfsdomain rdfresource"Book"/gt
• ltrdfsrange rdfresource"http//www.w3.org/1999/0
  2/22-rdf-syntax-nsLiteral"/gt
• lt/rdfPropertygt
• ltrdfProperty rdfID"ISBN"gt
• ltrdfsCommentgtISBN of the booklt/rdfsCommentgt
• ltrdfsdomain rdfresource"Book"/gt
• ltrdfsrange rdfresource"http//www.w3.org/1999/0
  2/22-rdf-syntax-nsLiteral"/gt
• lt/rdfPropertygt
• lt/rdfRDFgt

14
RDF Container Model

• Bag Unordered container, may contain multiple
  occurrences
• Rdf Bag
• Seq Ordered container, may contain multiple
  occurrences
• Rdf Seq
• Alt a set of alternatives
• Rdf Alt

15
RDF and Security

• RDF specifications have been given for
  Attributes, Types Nesting, Containers, etc.
• How can security policies be included in the
  specification
• Example consider the statement Berners Les is
  the Author of the book Semantic Web
• Do we allow access to the connection between
  author and book? Do we allow access to the
  connection but not to the author name and book
  name?

16
RDF Policy Specification
ltrdf RDF xmlns rdf http//w3c.org/1999/
02-22-rdf-syntax-ns xmlns xsd http//
- - - xmlns uni http// - - - - ltrdf
Description rdf about 949352 ltuni name
Berners Leelt/uninamegt ltuni titlegt
Professor lt unititlegt Level L1 lt/rdf
Descriptiongt ltrdf Description rdf about
ZZZ lt uni booknamegt semantic web
ltunibooknamegt lt uni authoredby Berners Lee
ltuniauthoredbygt Level L2 lt/rdf
Descriptiongt lt/rdf RDFgt
17
Policy Specification

• The examples we have discussed earlier show how
  certain policies may be specified for RDF
  documents. A more detailed example is given
  below.
• lt?xml version"1.0"?gt
• ltrdfRDF
• xmlnsbook"http//www.example.com/book"
• xmlnsowl"http//www.w3.org/2002/07/owl"
• xmlnsrdf"http//www.w3.org/1999/02/22-rdf-syntax
  -ns"
• xmlnsrdfs"http//www.w3.org/2000/01/rdf-schema"
  gt
• ltbookBook rdfID"Building_Trustworthy_Semantic_W
  ebs"gt
• ltbookauthorgtBhavani Thuraisinghamlt/bookauthorgt
• Level Secret
• ltbookpublishergtAuerbach Publicationslt/bookpublis
  hergt
• Level Confidential

18
Policy Specification

• ltbookyeargt2007lt/bookyeargt
• Level Unclassified
• ltbookISBNgt0849350808lt/bookISBNgt
• Level Confidential
• lt/bookBookgt
• ltbookBook rdfID"Managing_and_Mining_Multimedia_
  Databases"gt
• Level Confidential
• ltbookauthorgtBhavani Thuraisinghamlt/bookauthorgt
• Level Secret
• ltbookpublishergtCRC Presslt/bookpublishergt
• Level Unclassified

19
Policy Specification

• ltbookyeargt2001lt/bookyeargt
• Level Unclassified
• ltbookISBNgt0849300371lt/bookISBNgt
• Level Unclassified
• lt/bookBookgt
• lt/rdfRDFgt

20
RDF Schema Security Policies

• How can security policies be specified?
• ltrdfs Class rdf ID professor
• ltrdfs commentgt
• The class of Professors
• All professors are Academic Staff Members.
• ltrdfs commentgt
• ltrdfs subClassof rdf resource
  academicStaffMember/gt
• Level L
• ltrdfs Classgt

21
RDF Axiomatic Semantics

• First order logic to specify formulas and
  inferencing
• Built in functions (First) and predicates (Type)
• Modus Ponens
• From A and If A then B, deduce B
• Example All containers are Resources
• Type(?C, Container) ? Type(?c, Resource)
• If we have Type(A, Container) then we can infer
  (Type A, Resource)

22
RDF Inferencing

• While first order logic provides a proof system,
  it will be computationally infeasible
• As a result horn clause logic was developed for
  logic programming this is still computationally
  expensive
• RDF uses If then Rules
• IF E contains the triples (?u, rdfs subClassof,
  ?v)
• and (?v, rdfs subClassof ?w)
• THEN
• E also contains the triple (?u, rdfs subClassOf,
  ?w)
• That is, if u is a subclass of v, and v is a
  subclass of w, then u is a subclass of w

23
RDF Query

• One can query RDF using XML, but this will be
  very difficult as RDF is much richer than XML
• Is there an analogy between say XQuery and a
  query language for RDF?
• RQL an SQL-like language has been developed for
  RDF
• Select from RDF document where some condition

24
Policies in RDF

• How can policies be specified?
• Should policies be specified as shown in the
  examples, extensions to RDF syntax?
• Should policies be specified as RDF documents?
• Is there an analogy to XPath expressions for RDF
  policies?
• ltpolicy-spec cred-expr //Professordepartment
  CS target annual_ report.xml
  path //Patent_at_Dept CS//Node() priv
  VIEW/gt

25
Example Policies

• Temporal Access Control
• After 1/1/05, only doctors have access to medical
  records
• Role-based Access Control
• Manager has access to salary information
• Project leader has access to project budgets, but
  he does not have access to salary information
• What happens is the manager is also the project
  leader?
• Positive and Negative Authorizations
• John has write access to EMP
• John does not have read access to DEPT
• John does not have write access to Salary
  attribute in EMP
• How are conflicts resolved?

26
Privacy Policies

• Privacy constraints processing
• Simple Constraint an attribute of a document is
  private
• Content-based constraint If document contains
  information about X, then it is private
• Association-based Constraint Two or more
  documents taken together is private individually
  each document is public
• Release constraint After X is released Y becomes
  private
• Augment a database system with a privacy
  controller for constraint processing

27
Policies,in RDF

• Now, in previous examples, we have specified
  policies for RDF documents. Now, can we use RDF
  to specify policies? That is, how can RDF be used
  to specify the following policy?
• Only those attending a class from a professor
  has read access to the lecture notes of the
  professor
• Below we specify this policy in RDF.
• lt/rdfRDFgt
• xmlnsunihttp//www.w3.org/2002/07/universi
  tyonto
• xmlnspolicy"http//www.example.com/policyo
  nto"
• xmlnsrdf"http//www.w3.org/1999/02/22-rdf-
  syntax-ns"gt
• ltuniLectureNotes rdfID"Data_Quality.doc"gt
• ltuniAuthorgtBhavani Thuraisinghamlt/uniauthorgt
• ltpolicyAccessBy rdfresourcehttp//localhost/
  bhavani/cs609/gt
• lt/rdfRDFgt

28
Policies in RDF

• ltrdfRDF
• xmlnsunihttp//www.w3.org/2002/07/universit
  yonto
• xmlnspolicy"http//www.example.com/policyon
  to"
• xmlnsrdfhttp//www.w3.org/1999/02/22-rdf-sy
  ntax-nsgt
• ltuniClass rdfID"cs609"gt
• ltunitaughtyBygtBhavani Thuraisinghamlt/bookaut
  horgt
• lt/rdfRDFgt

29
Access Control Strategy

• Subjects request access to RDF documents under
  two modes Browsing and authoring
• With browsing access subject can read/navigate
  documents
• Authoring access is needed to modify, delete,
  append documents
• Access control module checks the policy based and
  applies policy specs
• Views of the document are created based on
  credentials and policy specs
• In case of conflict, least access privilege rule
  is enforced
• Works for Push/Pull modes
• Query Modification?

30
System Architecture for Access Control
User
Pull/Query
Push/result
RDF- Access
RDF-Admin
Admin Tools
Credential base
Policy base
RDF Documents
31
RDF Databases

• Data is presented as RDF documents
• Query language RQL
• Query optimization
• Managing transactions on RDF documents
• Metadata management RDF Schemas?
• Access methods and index strategies
• RDF security and integrity management

32
RDF Databases

• select Book, NumInStock
• from Book bookauthoredBy Author
• . bookStock NumInStock
• Where Author Like Bhavani
• using namespace
• book http//www.example.com/book
• The requestor does not have access to the number
  of book copies in the stock. Therefore, new
  modified Query
• select Book
• from Book bookauthoredBy Author
• Where Author Like Bhavani
• using namespace
• book http//www.example.com/book

33
Inference/Privacy Control
Interface to the Semantic Web
Technology By UTD
Inference Engine/ Rules Processor
Policies Ontologies Rules
RDF Documents Web Pages, Databases
RDF Database
34
Summary and Directions

• RDF is beginning to be used
• Very little work on RDF security
• How can we specify the policies discussed in this
  unit in RDF?
• How can query modification be carried out for RDF
  documents?
• Design access control for RDF databases