Trustworthy Semantic Web Dr. Bhavani Thuraisingham The University of Texas at Dallas Inference Problem February 2012

History Statistical databases (1970s – present) Inference problem in databases (early 1980s - present) Inference problem in MLS/DBMS (late 1980s – present) Unsolvability results (1990) Logic for secure databases (1990) Semantic data model applications (late 1980s - present) Emerging applications (1990s – present) Privacy (2000 – present)

Statistical Databases Census Bureau has been focusing for decades on statistical inference and statistical database Collections of data such as sums and averages may be given out but not the individual data elements Techniques include Perturbation where results are modified Randomization where random samples are used to compute summaries Techniques are being used now for privacy preserving data mining

Security Constraints / Access Control Rules / Policies Simple Constraint: John cannot access the attribute Salary of relation EMP Content-based constraint: If relation MISS contains information about missions in the Middle East, then John cannot access MISS Association-based Constraint: Ship’s location and mission taken together cannot be accessed by John; individually each attribute can be accessed by John Release constraint: After X is released Y cannot be accessed by John Aggregate Constraint: Ten or more tuples taken together cannot be accessed by John Dynamic Constraint: After the Mission, information about the mission can be accessed by John

Security Constraints/Policies for Healthcare Simple Constraint: Only doctors can access medical records Content-based constraint: If the patient has Aids then this information is private Association-based Constraint: Names and medical records taken together is private Release constraint: After medical records are released, names cannot be released Aggregate Constraint: The collection of patients is private, individually public Dynamic Constraint: After the patient dies, information about him becomes public

Inference Problem in MLS/DBMS Inference is the process of forming conclusions from premises If the conclusions are unauthorized, it becomes a problem Inference problem in a multilevel environment Aggregation problem is a special case of the inference problem - collections of data elements is Secret but the individual elements are Unclassified Association problem: attributes A and B taken together is Secret - individually they are Unclassified

Revisiting Security Constraints / Policies Simple Constraint: Mission attribute of SHIP is Secret Content-based constraint: If relation MISSION contains information about missions in Europe, then MISSION is Secret Association-based Constraint: Ship’s location and mission taken together is Secret; individually each attribute is Unclassified Release constraint: After X is released Y is Secret Aggregate Constraint: Ten or more tuples taken together is Secret Dynamic Constraint: After the Mission, information about the mission is Unclassified Logical Constraint: A Implies B; therefore if B is Secret then A must be at least Secret

Enforcement of Security Constraints User Interface Manager Security Constraints Constraint Manager Database Design Tool Constraints during database design operation Update Processor: Constraints during update operation Query Processor: Constraints during query and release operations Data Manager Database

Query Algorithms Query is modified according to the constraints Release database is examined as to what has been released Query is processed and response assembled Release database is examined to determine whether the response should be released Result is given to the user Portions of the query processor are trusted

Update Algorithms Certain constraints are examined during update operation Example: Content-based constraints The security level of the data is computed Data is entered at the appropriate level Certain parts of the Update Processor are trusted

Database Design Algorithms Certain constraints are examined during the database design time Example: Simple, Association and Logical Constraints Schema are assigned security levels Database is partitioned accordingly Example: If Ships location and mission taken together is Secret, then SHIP (S#, Sname) is Unclassified, LOC-MISS(S#, Location, Mission) is Secret LOC(Location) is Unclassified MISS(Mission) is Unclassified

Example Security-Enhanced Semantic Web Interface to the Security-Enhanced Semantic Web Technology to be developed by project Inference Engine/ Inference Controller Security Policies Ontologies Rules RDF, OWL Documents Web Pages, Databases Semantic Web Engine