WP3: Provenance and Access Policies Giorgos Flouris (FORTH) - Irini Fundulaki (CWI & FORTH) -

Slide 2 Part I General Description of WP3

Slide 3 Research Topics, Tasks and Partners Objective: manage annotations of different forms and semantics over data, related to data access Research Topics: Provenance, Access Control, Privacy, Digital Rights Management (DRM), Trust Management Partners : FORTH, EPFL, KIT PROVENANCEACCESS CONTROL DRMPRIVACYTRUST MANAGEMENT Task 3.1 (M1-M36) Task 3.2 (M1-M42) Task 3.3 (M19-M42) FORTH (14 PM)EPFL (2 PM)KIT (3 PM)

Slide 4 Deliverables D3.1 (FORTH, M24): “Access Control Specification Language, Reasoning and Enforcement Mechanisms” D3.2 (FORTH, M36): “Provenance Management and propagation through SPARQL query and update languages” D3.3 (FORTH, M42): “Access Control System and Privacy Aware Language” D3.4 (EPFL, M42): “Trust Management and Inference System” PROVENANCEACCESS CONTROL DRMPRIVACYTRUST MANAGEMENT Task 3.1 (M1-M36 ) Task 3.2 (M1-M42)Task 3.3 (M19-M42) FORTH (14 PM)EPFL (2 PM)KIT (3 PM) D3.2 (M24)D3.1 (M36), D3.3 (M42)D3.4 (M42)

Slide 5 Collaboration (Review Concern) Paper connecting quality assessment and repair from WP2 with provenance and the work done in WP3 (FUB-FORTH) Experiments for access control framework to consider datasets used in the project

Slide 6 Part II Research on WP3: Access Control

Slide 7 Controlling Access to RDF Data Refers to the ability to permit or deny the use of a particular resource by a particular entity Crucial for sensitive content since it ensures the selective exposure of information to different classes of users

Slide 8 Contributions: Access Control Contributions: ◦ Fine-grained, repository independent, portable across platforms access control framework ◦ High-level access control model for RDF data focusing on read-only permissions ◦ Formal semantics ◦ System implementation & experiments

Slide 9 Abstract Versus Concrete Models Standard approach ◦ (t, accessible) Our approach ◦ (t, at 5 ⊙ at 2 ) ◦ Concretize at 5, at 2, ⊙ ◦ Compute at 5 ⊙ at 2 ◦ Determine whether t is accessible or not Advantages ◦ Can experiment with different semantics and access control policies ◦ Faster updating of access control annotations during changes (additions/deletions of triples and/or annotations)

Slide 10 Abstract Access Control Model Access Control Model defined by a set of abstract tokens and abstract operators to model ◦ Computation of access labels of implicit RDF triples ◦ Propagation of access labels ◦ Conflicting and missing access labels Access Control Authorizations associate triples in the RDF/S graph with abstract tokens: quadruples Entailment rules for computing the access labels of implied quadruples Propagation rules to specify how access labels are propagated along the subclassOf and subpropertyOf relations.

Slide 11 Computing Abstract Labels 1. Evaluate the authorizations on the RDFS graph to obtain quadruples (i.e., triples annotated with access labels) 2. Apply RDFS Inference on the set of quadruples to obtain the closure of the RDFS graph 3. Apply the propagation rules to compute the propagated labels 11/16/2015

Slide 12 Example: Input t1:t1: t2:t2: t3:t3: t4:t4: t5:t5: t6:t6: s Student sc Person sc Agent &a&a type Student &a&a firstName Alice &a&a lastNameSmith Agent typeclass RDF triples A 1 : (construct {?x firstName ?y} where {?x type Student }, at1) A 2 : (construct {?x sc ?y}, at2) A 3 : (construct {?x type Student }, at3) A 4 : (construct {?x type class }, at4) A 5 : (construct {?x ?p Person}, at5) Authorizations (Query, Access Token) o p

Slide 13 Example: Authorizations q1:q1: q2:q2: q3:q3: q4:q4: q5:q5: q6:q6: spospo Student sc Person sc Agent &a&a type Student &a&a firstName Alice &a&a lastNameSmith Agent typeclass RDF quadruples l at2 at3 at1 at4 q7:q7: Student sc Person at5  t1:t1: t2:t2: t3:t3: t4:t4: t5:t5: t6:t6: s Student sc Person sc Agent &a&a type Student &a&a firstName Alice &a&a lastNameSmith Agent type class A 1 : (construct {?x firstName ?y} where {?x type Student }, at1) A 2 : (construct {?x sc ?y}, at2) A 3 : (construct {?x type Student }, at3) A 4 : (construct {?x type class }, at4) A 5 : (construct {?x ?p Person}, at5) p o

Slide 14 Example: ⊙ Entailment Operator RDFS Inference: triple-generating rules (A 1, sc, A 2, l 1 )(A 2, sc, A 3, l 2 ) (A 1, sc, A 3, l 1 ⊙ l 2 ) (&r 1, type, A 1, l 1 )(A 1, sc, A 2, l 2 ) (&r 1, type, A 2, l 1 ⊙ l 2 ) q8:q8: q9:q9: q 10 : q 11 : q 12 : spospo Student sc Agent Student sc Agent &a&a type Person &a&a type Agent &a&a type Agent l at2 ⊙ at2 at5 ⊙ at2 at3 ⊙ at2 (at3 ⊙ at2) ⊙ at2 (at5 ⊙ at2) ⊙ at2 q1:q1: q2:q2: q3:q3: spospo Student sc Person sc Agent &a&a type Student l at2 at3 q7:q7: Student sc Person at5

Slide 15 Example:  Propagation Operator  (  ( l 1 )) =  ( l 1 ) ( idempotence ) Propagating labels: no new triples are created (A 1, type, class, l 1 )(&a, type, A 1,  ( l 1 ))(&a, type, A 1, l 2 ) q6:q6: q 11 : spospo Agent type Agent &a type class l at4 (at3 ⊙ at2) ⊙ at2 q 13 : spospo &a type Agent l  at4

Slide 16 Concrete Access Control Policy (1) How do you determine the accessibility of a triple? ◦ Need to evaluate the abstract label(s) associated with said triple Concrete access control policy ◦ Set of concrete Tokens (e.g., true-false, high-medium-low, etc) ◦ Mapping from abstract to concrete tokens (e.g., at4  false) ◦ Concrete operators (i.e., implementation of abstract ones, e.g., ⊙ =  ) ◦ Conflict resolution operator (used when more that one abstract labels are associated with the same triple to resolve ambiguity) ◦ Access function (to decide whether a triple is accessible, depending on the evaluation result)

Slide 17 Concrete Access Control Policy (2) Example: ◦ Set of concrete tokens: L P = { true, false} ◦ Mapping: at1, at2, at3  true, at4, at5  false ◦ Entailment operator ⊙ :  al1 ⊙ al2 = ◦ Propagation operator  :  al = al al 1  al 2 if al1 and al2 are different from  al i if al i = , al j different from   if al 1, al 2 equal to 

Slide 18 Concrete Access Control Policy (3) ◦ Conflict resolution operator:  If a token is assigned n labels: al 1,…,al n, then:   {al 1,...,al n } = ◦ Access function: triples with label true are accessible, otherwise, inaccessible false if false is in {al 1,...,al n } true if false is not in {al 1,...,al n }, but true is  if neither false nor true are in {al 1,...,al n }

Slide 19 Example: Evaluation Process Is (&a, type, Agent) accessible? Find all labels of (&a, type, Agent), i.e., all quadruples involving said triple: ◦ (&a, type, Agent, (at3 ⊙ at2) ⊙ at2 ) ◦ (&a, type, Agent, (at5 ⊙ at2) ⊙ at2 ) ◦ (&a, type, Agent,  at4) Evaluate them: ◦ (&a, type, Agent, true) ◦ (&a, type, Agent, false) Resolve conflicts (i.e., “combine” labels): ◦ (&a, type, Agent, false) Run access function to determine accessibility: ◦ Not accessible

Slide 20 Implementation 11/16/2015 Implementation: ◦ Use of a relational schema to store the quadruples ◦ Quad(qid, s, p, o, propop, inferop, label)  inferop, propop : boolean values indicating whether the label is obtained through propagation or inference ◦ LabelStore(qid, qid_uses)  Stores the access label of a triple ◦ qid : the quadruple whose label is stored ◦ qid_uses: the quadruple used by quadruple with qid to compute the label of the latter.

Slide 21 Experiments: Description Experiment 1: annotation time (the time required to compute the inferred triples with their labels and the propagated labels) Experiment 2: evaluation time (a) (the time needed to compute for a concrete policy, the concrete access label all the RDF triples) Experiment 3: evaluation time (b) (the time needed to compute for a concrete policy, the concrete access label of a % of the RDF triples in a graph)

Slide 22 Experiments: Setting and Process MonetDB/Postgresql to store the quadruples Stored Procedures to ◦ Compute the abstract access labels (complex expressions) ( Experiment 1 ) ◦ Given a concrete policy, to compute the concrete access labels of triples ( Experiments 2 and 3 ) Datasets: ◦ Synthetic schemas produced with Powergen ◦ CIDOC & GO ontologies

Slide 23 Experiments: Results Annotation time increases linearly with respect to implied triples ◦ 45 secs for 900K implied triples (MonetDB) Evaluation time increases linearly with respect to the number of triples evaluated ◦ 60 secs for 30K evaluated triples (MonetDB) MonetDB is faster than Postgresql Working on improved schemata to get better performance

Slide 24 References Flouris G., Fundulaki I., Michou M., Antoniou G. Controlling Access to RDF Graphs. In FIS Flouris G., Fundulaki I., Michou M., Papakonstantinou V., Antoniou G. Access Control for RDFS Graphs Using Abstract Models. To appear in SACMAT /16/2015

Slide 25 Thank you !