Lecture #6: RDF and RDF Security Dr. Bhavani Thuraisingham Building Trustworthy Semantic Webs Lecture #6: RDF and RDF Security Dr. Bhavani Thuraisingham September 2006

Objective of the Unit This unit will provide an overview of RDF and then discuss some security issues

Outline of the Unit Why RDF? What is RDF? RDF Specifications RDF Schema (RFDS) RDF Axiomatic Semantics and Inferencing RQL Policies in RDF Summary and Directions

Why RDF? XML cannot be used to specify semantics Example: Professor is a subclass of Academic Staff Professor inherits all properties of Academic Staff RDF was specified so that the inadequacies of XML could be handled RDF uses XML Syntax Additional constructs are needed for RDF

RDF Resource Description Framework is the essence of the semantic web Adds semantics with the use of ontologies, XML syntax RDF Concepts Basic Model Resources, Properties and Statements Container Model Bag, Sequence and Alternative

RDF Basics Resource: Everything is a resource Person, Vehicle, etc. Property: properties describe relationships between resources E.g., Invented Statement: (Object, Property, Value) Triple Berners Lee invented the Semantic Web

RDF Container Model Bag: Unordered container, may contain multiple occurrences Rdf: Bag Seq: Ordered container, may contain multiple occurrences Rdf: Seq Alt: a set of alternatives Rdf: Alt

RDF Specification <rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - - <rdf: Description: rdf: about = “949352” <uni: name = Berners Lee</uni:name> <uni: title> Professor < uni:title> </rdf: Description> <rdf: Description rdf: about: “ZZZ” < uni: bookname> semantic web <uni:bookname> < uni: authoredby: Berners Lee <uni:authoredby> </rdf: RDF>

RDF Specification RDF specifications have been given for Attributes, Types Nesting, Containers, etc. How can security policies be included in the specification Example: consider the statement “Berners Les is the Author of the book Semantic Web” Do we allow access to the connection between author and book? Do we allow access to the connection but not to the author name and book name?

RDF Policy Specification <rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - - <rdf: Description: rdf: about = “949352” <uni: name = Berners Lee</uni:name> <uni: title> Professor < uni:title> Level = L1 </rdf: Description> <rdf: Description rdf: about: “ZZZ” < uni: bookname> semantic web <uni:bookname> < uni: authoredby: Berners Lee <uni:authoredby> Level = L2 </rdf: RDF>

RDF Schema Need RDF Schema to specify statements such as professor is a subclass of academic staff <rdfs: Class rdf: ID = “professor” <rdfs: comment> The class of Professors All professors are Academic Staff Members. <rdfs: subClassof rdf: resource = “academicStaffMember”/> <rdfs: Class>

RDF Schema: Security Policies How can security policies be specified? <rdfs: Class rdf: ID = “professor” <rdfs: comment> The class of Professors All professors are Academic Staff Members. <rdfs: subClassof rdf: resource = “academicStaffMember”/> Level = L <rdfs: Class>

RDF Axiomatic Semantics First order logic to specify formulas and inferencing Built in functions (First) and predicates (Type) Modus Ponens From A and If A then B, deduce B Example: All containers are Resources Type(?C, Container)  Type(?c, Resource) If we have Type(A, Container) then we can infer (Type A, Resource)

RDF Inferencing While first order logic provides a proof system, it will be computationally infeasible As a result horn clause logic was developed for logic programming; this is still computationally expensive RDF uses If then Rules IF E contains the triples (?u, rdfs: subClassof, ?v) and (?v, rdfs: subClassof ?w) THEN E also contains the triple (?u, rdfs: subClassOf, ?w) That is, if u is a subclass of v, and v is a subclass of w, then u is a subclass of w

RDF Query One can query RDF using XML, but this will be very difficult as RDF is much richer than XML Is there an analogy between say XQuery and a query language for RDF? RQL – an SQL-like language has been developed for RDF Select from “RDF document” where some “condition”

Policies in RDF How can policies be specified? Should policies be specified as shown in the examples, extensions to RDF syntax? Should policies be specified as RDF documents? Is there an analogy to XPath expressions for RDF policies? <policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report.xml” path = “//Patent[@Dept = ‘CS’]//Node()” priv = “VIEW”/>

Example Policies Temporal Access Control After 1/1/05, only doctors have access to medical records Role-based Access Control Manager has access to salary information Project leader has access to project budgets, but he does not have access to salary information What happens is the manager is also the project leader? Positive and Negative Authorizations John has write access to EMP John does not have read access to DEPT John does not have write access to Salary attribute in EMP How are conflicts resolved?

Privacy Policies Privacy constraints processing Simple Constraint: an attribute of a document is private Content-based constraint: If document contains information about X, then it is private Association-based Constraint: Two or more documents taken together is private; individually each document is public Release constraint: After X is released Y becomes private Augment a database system with a privacy controller for constraint processing

Access Control Strategy Subjects request access to RDF documents under two modes: Browsing and authoring With browsing access subject can read/navigate documents Authoring access is needed to modify, delete, append documents Access control module checks the policy based and applies policy specs Views of the document are created based on credentials and policy specs In case of conflict, least access privilege rule is enforced Works for Push/Pull modes Query Modification?

System Architecture for Access Control User Pull/Query Push/result RDF- Access RDF-Admin Admin Tools Credential base Policy base RDF Documents

Can Thirs Party Architecture wotk for RDF Documenrtfs? The Owner is the producer of information It specifies access control policies The Publisher is responsible for managing (a portion of) the Owner information and answering subject queries Goal: Untrusted Publisher with respect to Authenticity and Completeness checking XML Source Credential base policy base SE-RDF? Owner Publisher Reply document credentials Query User/Subject

RDF Databases Data is presented as RDF documents Query language: RQL Query optimization Managing transactions on RDF documents Metadata management: RDF Schemas? Access methods and index strategies RDF security and integrity management

Inference/Privacy Control Interface to the Semantic Web Technology By UTD Inference Engine/ Rules Processor Policies Ontologies Rules RDF Documents Web Pages, Databases RDF Database

Summary and Directions RDF is beginning to be used Very little work on RDF security How can we specify the policies discussed in this unit in RDF? How can query modification be carried out for RDF documents? Design access control for RDF databases