Dr. Bhavani Thuraisingham February 18, 2011 Building Trustworthy Semantic Webs RDF and RDF Security

2 4/17/ :12 Objective of the Unit 0 This unit will provide an overview of RDF and then discuss some security issues

3 4/17/ :12 Outline of the Unit 0 Why RDF? 0 What is RDF? 0 RDF Specifications 0 RDF Schema (RFDS) 0 RDF Security 0 Policies in RDF 0 RDF Axiomatic Semantics and Inferencing 0 RDF Database 0 SPARQL 0 FOAF 0 Summary and Directions 0 Examples throughout the lecture

4 4/17/ :12 Why RDF? 0 XML cannot be used to specify semantics 0 Example: -Professor is a subclass of Academic Staff -Professor inherits all properties of Academic Staff 0 RDF was specified so that the inadequacies of XML could be handled 0 RDF uses XML Syntax 0 Additional constructs are needed for RDF

5 4/17/ :12 RDF 0 Resource Description Framework is the essence of the semantic web 0 Adds semantics with the use of ontologies, XML syntax 0 RDF Concepts - Basic Model =Resources, Properties and Statements -Container Model =Bag, Sequence and Alternative

6 4/17/ :12 RDF Basics 0 Resource: Everything is a resource -Person, Vehicle, etc. 0 Property: properties describe relationships between resources -E.g., Invented 0 Statement: (Object, Property, Value) Triple -Berners Lee invented the Semantic Web

7 4/17/ :12 RDF Specification <rdf: RDF xmlns: rdf = “ xmlns: xsd = “ xmlns: uni = “ <rdf: Description: rdf: about = “949352” Professor <rdf: Description rdf: about: “ZZZ” semantic web

8 4/17/ :12 Example 0 The following example illustrates a part of an RDF document describing books: Building_Trustworthy_Semantic_Webs and Managing_and_Mining_Multimedia_Databases. They belong to Class ‘Book’ and have properties: author, publisher, year and ISBN. 0 0 <rdf:RDF 0 xmlns:book=" 0 xmlns:owl=" 0 xmlns:rdf=" 0 xmlns:rdfs=" 0 0 Bhavani Thuraisingham 0 Auerbach Publications

9 4/17/ :12 Example Bhavani Thuraisingham 0 CRC Press

10 4/17/ :12 RDF Schema 0 Need RDF Schema to specify statements such as professor is a subclass of academic staff <rdfs: Class rdf: ID = “professor” The class of Professors All professors are Academic Staff Members.

11 4/17/ :12 Example 0 <The RDF schema for the above RDF document is as follows: 0 0 <rdf:RDF xmlns:owl=" 0 xmlns:rdf=" 0 xmlns:rdfs=" 0 xmlns:wsp=" 0 0 Book Class 0

12 4/17/ :12 Example 0 0 Author of the book 0 0 Publisher of the book 0

13 4/17/ :12 Example 0 0 Year of first publication of the book 0 0 ISBN of the book 0

14 4/17/ :12 RDF Container Model 0 Bag: Unordered container, may contain multiple occurrences -Rdf: Bag 0 Seq: Ordered container, may contain multiple occurrences -Rdf: Seq 0 Alt: a set of alternatives -Rdf: Alt

15 4/17/ :12 RDF and Security 0 RDF specifications have been given for Attributes, Types Nesting, Containers, etc. 0 How can security policies be included in the specification 0 Example: consider the statement “Berners Les is the Author of the book Semantic Web” 0 Do we allow access to the connection between author and book? Do we allow access to the connection but not to the author name and book name?

16 4/17/ :12 RDF Policy Specification < rdf: RDF xmlns: rdf = “ xmlns: xsd = “ xmlns: uni = “ <rdf: Description: rdf: about = “949352” Professor Level = L1 <rdf: Description rdf: about: “ZZZ” semantic web Level = L2

17 4/17/ :12 Policy Specification 0 The examples we have discussed earlier show how certain policies may be specified for RDF documents. A more detailed example is given below. 0 0 <rdf:RDF 0 xmlns:book=" 0 xmlns:owl=" 0 xmlns:rdf=" 0 xmlns:rdfs=" 0 0 Bhavani Thuraisingham 0 Level = Secret 0 Auerbach Publications 0 Level = Confidential

18 4/17/ :12 Policy Specification Level = Unclassified Level = Confidential 0 0 Level = Confidential 0 Bhavani Thuraisingham 0 Level = Secret 0 CRC Press 0 Level = Unclassified

19 4/17/ :12 Policy Specification Level = Unclassified Level = Unclassified 0

20 4/17/ :12 RDF Schema: Security Policies 0 How can security policies be specified? <rdfs: Class rdf: ID = “professor” The class of Professors All professors are Academic Staff Members. Level = L

21 4/17/ :12 RDF Axiomatic Semantics 0 First order logic to specify formulas and inferencing -Built in functions (First) and predicates (Type) -Modus Ponens -From A and If A then B, deduce B 0 Example: All containers are Resources -Type(?C, Container)  Type(?c, Resource) -If we have Type(A, Container) then we can infer (Type A, Resource)

22 4/17/ :12 RDF Inferencing 0 While first order logic provides a proof system, it will be computationally infeasible 0 As a result horn clause logic was developed for logic programming; this is still computationally expensive 0 RDF uses If then Rules 0 IF E contains the triples (?u, rdfs: subClassof, ?v) and (?v, rdfs: subClassof ?w) THEN E also contains the triple (?u, rdfs: subClassOf, ?w) That is, if u is a subclass of v, and v is a subclass of w, then u is a subclass of w

23 4/17/ :12 Policies in RDF 0 How can policies be specified? 0 Should policies be specified as shown in the examples, extensions to RDF syntax? 0 Should policies be specified as RDF documents? 0 Is there an analogy to XPath expressions for RDF policies? - -Can reification be used to specify policies?

24 4/17/ :12 Example Policies 0 Temporal Access Control -After 1/1/05, only doctors have access to medical records 0 Role-based Access Control -Manager has access to salary information -Project leader has access to project budgets, but he does not have access to salary information -What happens is the manager is also the project leader? 0 Positive and Negative Authorizations -John has write access to EMP -John does not have read access to DEPT -John does not have write access to Salary attribute in EMP -How are conflicts resolved?

25 4/17/ :12 Privacy Policies 0 Privacy constraints processing -Simple Constraint: an attribute of a document is private -Content-based constraint: If document contains information about X, then it is private -Association-based Constraint: Two or more documents taken together is private; individually each document is public -Release constraint: After X is released Y becomes private 0 Augment a database system with a privacy controller for constraint processing

26 4/17/ :12 Policies,in RDF 0 Now, in previous examples, we have specified policies for RDF documents. Now, can we use RDF to specify policies? That is, how can RDF be used to specify the following policy? 0 “Only those attending a class from a professor has read access to the lecture notes of the professor” 0 Below we specify this policy in RDF. 0 0 xmlns:uni= 0 xmlns:policy=" 0 xmlns:rdf=" 0 0 Bhavani Thuraisingham 0

27 4/17/ :12 Policies in RDF 0 <rdf:RDF 0 xmlns:uni= 0 xmlns:policy=" 0 xmlns:rdf= 0 0 Bhavani Thuraisingham 0

28 4/17/ :12 Access Control Strategy 0 Subjects request access to RDF documents under two modes: Browsing and authoring -With browsing access subject can read/navigate documents -Authoring access is needed to modify, delete, append documents 0 Access control module checks the policy based and applies policy specs 0 Views of the document are created based on credentials and policy specs 0 In case of conflict, least access privilege rule is enforced 0 Works for Push/Pull modes 0 Query Modification?

29 4/17/ :12 System Architecture for Access Control User Pull/Query Push/result RDF Documents RDF- Access RDF-Admin Admin Tools Policy base Credential base

30 4/17/ :12 RDF Databases 0 Data is presented as RDF documents 0 Query language: RQL, SPARQL 0 Query optimization 0 Managing transactions on RDF documents 0 Metadata management: RDF Schemas? 0 Access methods and index strategies 0 RDF security and integrity management

31 4/17/ :12 RDF Query 0 One can query RDF using XML, but this will be very difficult as RDF is much richer than XML 0 Is there an analogy between say XQuery and a query language for RDF? 0 RQL – an SQL-like language has been developed for RDF 0 Select from “RDF document” where some “condition” 0 SPARQL is the current query language for RDF

32 4/17/ :12 SPARQL 0 RDF is a directed, labeled graph data format for representing information in the Web. 0 SARQL specification defines the syntax and semantics of the SPARQL query language for RDF. 0 SPARQL can be used to express queries across diverse data sources, whether the data is stored natively as RDF or viewed as RDF via middleware. 0 SPARQL contains capabilities for querying required and optional graph patterns along with their conjunctions and disjunctions. 0 SPARQL also supports extensible value testing and constraining queries by source RDF graph. 0 The results of SPARQL queries can be results sets or RDF graphs. 0

33 4/17/ :12 RDF Databases 0 select Book, NumInStock 0 from {Book} book:authoredBy {Author} 0. book:Stock {NumInStock} 0 Where Author Like “Bhavani*” 0 using namespace 0 book = 0 The requestor does not have access to the number of book copies in the stock. Therefore, new modified Query: 0 select Book 0 from {Book} book:authoredBy {Author} 0 Where Author Like “Bhavani*” 0 using namespace 0 book =

34 4/17/ :12 Inference/Privacy Control Policies Ontologies Rules RDF Database RDF Documents Web Pages, Databases Inference Engine/ Rules Processor Interface to the Semantic Web Technology By UTD

35 4/17/ :12 Semantic Social Networks 0 The latest breed of social networking services combine social networks with the sharing of content such as bookmarks, documents, photos, reviews. 0 The use of of Semantic Web technology facilitated distributed control. - The friend-of-a-friend (FOAF) project is a first attempt at a formal, machine processable representation of user profiles and friendship networks. (Unlike with Friendster and similar sites that have central control) - FOAF profiles are created and controlled by the individual user and shared in a distributed fashion. -

36 4/17/ :12 FOAF 0 The Friend of a Friend (FOAF) project is creating a Web of machine-readable pages describing people, the links between them and the things they create and do; it is a contribution to the linked information system known as the Web. 0 FOAF defines an open, decentralized technology for connecting social Web sites, and the people they describe. 0 FOAF is part of a shift towards a Web where we can choose the sites and tools we like, without being cut off from friends who made different choices. 0 FOAF lets you share and inter-connect information from diverse sources, move it around, and use it in unexpected new ways. Sharif University of Technology, Semantic Web Course, Fall 2005

37 4/17/ :12 FOAF Example 0 Dan Brickley fb0e6289f92815fc210f9e c252e

38 4/17/ :12 Summary and Directions 0 RDF is beginning to be used 0 Very little work on RDF security 0 How can we specify the policies discussed in this unit in RDF? 0 How can query modification be carried out for RDF documents? 0 Design access control for RDF databases