1. Dr. Bhavani Thuraisingham September 24, 2008 Building Trustworthy Semantic Webs Lecture #9: RDF and RDF Security

2. 2 12/24/2015 07:26 Objective of the Unit 0 This unit will provide an overview of RDF and then discuss some security issues

3. 3 12/24/2015 07:26 Outline of the Unit 0 Why RDF? 0 What is RDF? 0 RDF Specifications 0 RDF Schema (RFDS) 0 RDF Axiomatic Semantics and Inferencing 0 RQL 0 Policies in RDF 0 Summary and Directions 0 Examples throughout the lecture

4. 4 12/24/2015 07:26 Why RDF? 0 XML cannot be used to specify semantics 0 Example: -Professor is a subclass of Academic Staff -Professor inherits all properties of Academic Staff 0 RDF was specified so that the inadequacies of XML could be handled 0 RDF uses XML Syntax 0 Additional constructs are needed for RDF

5. 5 12/24/2015 07:26 RDF 0 Resource Description Framework is the essence of the semantic web 0 Adds semantics with the use of ontologies, XML syntax 0 RDF Concepts - Basic Model =Resources, Properties and Statements -Container Model =Bag, Sequence and Alternative

6. 6 12/24/2015 07:26 RDF Basics 0 Resource: Everything is a resource -Person, Vehicle, etc. 0 Property: properties describe relationships between resources -E.g., Invented 0 Statement: (Object, Property, Value) Triple -Berners Lee invented the Semantic Web

7. 7 12/24/2015 07:26 RDF Specification <rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - - <rdf: Description: rdf: about = “949352” Professor <rdf: Description rdf: about: “ZZZ” semantic web

8. 8 12/24/2015 07:26 Example 0 The following example illustrates a part of an RDF document describing books: Building_Trustworthy_Semantic_Webs and Managing_and_Mining_Multimedia_Databases. They belong to Class ‘Book’ and have properties: author, publisher, year and ISBN. 0 0 <rdf:RDF 0 xmlns:book="http://www.example.com/book#" 0 xmlns:owl="http://www.w3.org/2002/07/owl#" 0 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 0 xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"> 0 0 Bhavani Thuraisingham 0 Auerbach Publications 0 2007

9. 9 12/24/2015 07:26 Example 0 0849350808 0 0 Bhavani Thuraisingham 0 CRC Press 0 2001 0 0849300371 0

10. 10 12/24/2015 07:26 RDF Schema 0 Need RDF Schema to specify statements such as professor is a subclass of academic staff <rdfs: Class rdf: ID = “professor” The class of Professors All professors are Academic Staff Members.

11. 11 12/24/2015 07:26 Example 0 <The RDF schema for the above RDF document is as follows: 0 0 <rdf:RDF xmlns:owl="http://www.w3.org/2002/07/owl#" 0 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 0 xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" 0 xmlns:wsp="http://www.w3.org/2004/08/20-ws-pol-pos/ns#"> 0 0 Book Class 0

12. 12 12/24/2015 07:26 Example 0 0 Author of the book 0 0 Publisher of the book 0

13. 13 12/24/2015 07:26 Example 0 0 Year of first publication of the book 0 0 ISBN of the book 0

14. 14 12/24/2015 07:26 RDF Container Model 0 Bag: Unordered container, may contain multiple occurrences -Rdf: Bag 0 Seq: Ordered container, may contain multiple occurrences -Rdf: Seq 0 Alt: a set of alternatives -Rdf: Alt

15. 15 12/24/2015 07:26 RDF and Security 0 RDF specifications have been given for Attributes, Types Nesting, Containers, etc. 0 How can security policies be included in the specification 0 Example: consider the statement “Berners Les is the Author of the book Semantic Web” 0 Do we allow access to the connection between author and book? Do we allow access to the connection but not to the author name and book name?

16. 16 12/24/2015 07:26 RDF Policy Specification < rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - - <rdf: Description: rdf: about = “949352” Professor Level = L1 <rdf: Description rdf: about: “ZZZ” semantic web Level = L2

17. 17 12/24/2015 07:26 Policy Specification 0 The examples we have discussed earlier show how certain policies may be specified for RDF documents. A more detailed example is given below. 0 0 <rdf:RDF 0 xmlns:book="http://www.example.com/book#" 0 xmlns:owl="http://www.w3.org/2002/07/owl#" 0 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 0 xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"> 0 0 Bhavani Thuraisingham 0 Level = Secret 0 Auerbach Publications 0 Level = Confidential

18. 18 12/24/2015 07:26 Policy Specification 0 2007 0 Level = Unclassified 0 0849350808 0 Level = Confidential 0 0 Level = Confidential 0 Bhavani Thuraisingham 0 Level = Secret 0 CRC Press 0 Level = Unclassified

19. 19 12/24/2015 07:26 Policy Specification 0 2001 0 Level = Unclassified 0 0849300371 0 Level = Unclassified 0

20. 20 12/24/2015 07:26 RDF Schema: Security Policies 0 How can security policies be specified? <rdfs: Class rdf: ID = “professor” The class of Professors All professors are Academic Staff Members. Level = L

21. 21 12/24/2015 07:26 RDF Axiomatic Semantics 0 First order logic to specify formulas and inferencing -Built in functions (First) and predicates (Type) -Modus Ponens -From A and If A then B, deduce B 0 Example: All containers are Resources -Type(?C, Container)  Type(?c, Resource) -If we have Type(A, Container) then we can infer (Type A, Resource)

22. 22 12/24/2015 07:26 RDF Inferencing 0 While first order logic provides a proof system, it will be computationally infeasible 0 As a result horn clause logic was developed for logic programming; this is still computationally expensive 0 RDF uses If then Rules 0 IF E contains the triples (?u, rdfs: subClassof, ?v) and (?v, rdfs: subClassof ?w) THEN E also contains the triple (?u, rdfs: subClassOf, ?w) That is, if u is a subclass of v, and v is a subclass of w, then u is a subclass of w

23. 23 12/24/2015 07:26 RDF Query 0 One can query RDF using XML, but this will be very difficult as RDF is much richer than XML 0 Is there an analogy between say XQuery and a query language for RDF? 0 RQL – an SQL-like language has been developed for RDF 0 Select from “RDF document” where some “condition”

24. 24 12/24/2015 07:26 Policies in RDF 0 How can policies be specified? 0 Should policies be specified as shown in the examples, extensions to RDF syntax? 0 Should policies be specified as RDF documents? 0 Is there an analogy to XPath expressions for RDF policies? -

25. 25 12/24/2015 07:26 Example Policies 0 Temporal Access Control -After 1/1/05, only doctors have access to medical records 0 Role-based Access Control -Manager has access to salary information -Project leader has access to project budgets, but he does not have access to salary information -What happens is the manager is also the project leader? 0 Positive and Negative Authorizations -John has write access to EMP -John does not have read access to DEPT -John does not have write access to Salary attribute in EMP -How are conflicts resolved?

26. 26 12/24/2015 07:26 Privacy Policies 0 Privacy constraints processing -Simple Constraint: an attribute of a document is private -Content-based constraint: If document contains information about X, then it is private -Association-based Constraint: Two or more documents taken together is private; individually each document is public -Release constraint: After X is released Y becomes private 0 Augment a database system with a privacy controller for constraint processing

27. 27 12/24/2015 07:26 Policies,in RDF 0 Now, in previous examples, we have specified policies for RDF documents. Now, can we use RDF to specify policies? That is, how can RDF be used to specify the following policy? 0 “Only those attending a class from a professor has read access to the lecture notes of the professor” 0 Below we specify this policy in RDF. 0 0 xmlns:uni=http://www.w3.org/2002/07/universityonto# 0 xmlns:policy="http://www.example.com/policyonto#" 0 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> 0 0 Bhavani Thuraisingham 0

28. 28 12/24/2015 07:26 Policies in RDF 0 <rdf:RDF 0 xmlns:uni=http://www.w3.org/2002/07/universityonto# 0 xmlns:policy="http://www.example.com/policyonto#" 0 xmlns:rdf=http://www.w3.org/1999/02/22-rdf-syntax-ns#> 0 0 Bhavani Thuraisingham 0

29. 29 12/24/2015 07:26 Access Control Strategy 0 Subjects request access to RDF documents under two modes: Browsing and authoring -With browsing access subject can read/navigate documents -Authoring access is needed to modify, delete, append documents 0 Access control module checks the policy based and applies policy specs 0 Views of the document are created based on credentials and policy specs 0 In case of conflict, least access privilege rule is enforced 0 Works for Push/Pull modes 0 Query Modification?

30. 30 12/24/2015 07:26 System Architecture for Access Control User Pull/Query Push/result RDF Documents RDF- Access RDF-Admin Admin Tools Policy base Credential base

31. 31 12/24/2015 07:26 RDF Databases 0 Data is presented as RDF documents 0 Query language: RQL 0 Query optimization 0 Managing transactions on RDF documents 0 Metadata management: RDF Schemas? 0 Access methods and index strategies 0 RDF security and integrity management

32. 32 12/24/2015 07:26 RDF Databases 0 select Book, NumInStock 0 from {Book} book:authoredBy {Author} 0. book:Stock {NumInStock} 0 Where Author Like “Bhavani*” 0 using namespace 0 book = http://www.example.com/book# 0 The requestor does not have access to the number of book copies in the stock. Therefore, new modified Query: 0 select Book 0 from {Book} book:authoredBy {Author} 0 Where Author Like “Bhavani*” 0 using namespace 0 book = http://www.example.com/book#

33. 33 12/24/2015 07:26 Inference/Privacy Control Policies Ontologies Rules RDF Database RDF Documents Web Pages, Databases Inference Engine/ Rules Processor Interface to the Semantic Web Technology By UTD

34. 34 12/24/2015 07:26 Summary and Directions 0 RDF is beginning to be used 0 Very little work on RDF security 0 How can we specify the policies discussed in this unit in RDF? 0 How can query modification be carried out for RDF documents? 0 Design access control for RDF databases