dr. bhavani thuraisingham

Dr. Bhavani Thuraisingham

February 18, 2011

Building Trustworthy Semantic Webs

RDF and RDF Security

204/21/23 03:48

Objective of the Unit

0 This unit will provide an overview of RDF and then discuss some security issues

304/21/23 03:48

Outline of the Unit

0 Why RDF?

0 What is RDF?

0 RDF Specifications

0 RDF Schema (RFDS)

0 RDF Security

0 Policies in RDF

0 RDF Axiomatic Semantics and Inferencing

0 RDF Database

0 SPARQL

0 FOAF

0 Summary and Directions

0 Examples throughout the lecture

404/21/23 03:48

Why RDF?

0 XML cannot be used to specify semantics0 Example:

- Professor is a subclass of Academic Staff- Professor inherits all properties of Academic Staff

0 RDF was specified so that the inadequacies of XML could be handled

0 RDF uses XML Syntax0 Additional constructs are needed for RDF

504/21/23 03:48

RDF

0 Resource Description Framework is the essence of the semantic web

0 Adds semantics with the use of ontologies, XML syntax0 RDF Concepts

- Basic Model =Resources, Properties and Statements

- Container Model=Bag, Sequence and Alternative

604/21/23 03:48

RDF Basics

0 Resource: Everything is a resource- Person, Vehicle, etc.

0 Property: properties describe relationships between resources- E.g., Invented

0 Statement: (Object, Property, Value) Triple- Berners Lee invented the Semantic Web

704/21/23 03:48

RDF Specification

<rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - -

<rdf: Description: rdf: about = “949352” <uni: name = Berners Lee</uni:name> <uni: title> Professor < uni:title> </rdf: Description>

<rdf: Description rdf: about: “ZZZ”< uni: bookname> semantic web <uni:bookname>< uni: authoredby: Berners Lee <uni:authoredby>

</rdf: Description>

</rdf: RDF>

804/21/23 03:48

Example0 The following example illustrates a part of an RDF document describing books:

Building_Trustworthy_Semantic_Webs and

Managing_and_Mining_Multimedia_Databases. They belong to Class ‘Book’ and have

properties: author, publisher, year and ISBN.

0 <?xml version="1.0"?>

0 <rdf:RDF

0 xmlns:book="http://www.example.com/book#"

0 xmlns:owl="http://www.w3.org/2002/07/owl#"

0 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"

0 xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#">

0 <book:Book rdf:ID="Building_Trustworthy_Semantic_Webs">

0 <book:author>Bhavani Thuraisingham</book:author>

0 <book:publisher>Auerbach Publications</book:publisher>

0 <book:year>2007</book:year>

904/21/23 03:48

Example

0 <book:ISBN>0849350808</book:ISBN>

0 </book:Book>

0 <book:Book rdf:ID="Managing_and_Mining_Multimedia_Databases">


0 <book:publisher>CRC Press</book:publisher>



0 </book:Book>

0 </rdf:RDF>

1004/21/23 03:48

RDF Schema

0 Need RDF Schema to specify statements such as professor is a subclass of academic staff

<rdfs: Class rdf: ID = “professor”

<rdfs: comment>

The class of Professors

All professors are Academic Staff Members.

<rdfs: comment>

<rdfs: subClassof rdf: resource = “academicStaffMember”/>

<rdfs: Class>

1104/21/23 03:48

Example

0 <The RDF schema for the above RDF document is as follows:


0 <rdf:RDF

xmlns:owl="http://www.w3.org/2002/07/owl#"


0 xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"

0 xmlns:wsp="http://www.w3.org/2004/08/20-ws-pol-pos/ns#">

0 <rdfs:Class rdf:ID="Book">

0 <rdfs:comment>Book Class</rdfs:comment>

0 <rdfs:subClassOf rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-

ns#Resource"/>

0 </rdfs:Class>

1204/21/23 03:48

Example

0 <rdf:Property rdf:ID="author">

0 <rdfs:Comment>Author of the book</rdfs:Comment>

0 <rdfs:domain rdf:resource="#Book"/>

0 <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/>

0 </rdf:Property>

0

0 <rdf:Property rdf:ID="publisher">

0 <rdfs:Comment>Publisher of the book</rdfs:Comment>



0 </rdf:Property>

0

1304/21/23 03:48

Example

0 <rdf:Property rdf:ID="year">

0 <rdfs:Comment>Year of first publication of the book</rdfs:Comment>



0 </rdf:Property>

0

0 <rdf:Property rdf:ID="ISBN">

0 <rdfs:Comment>ISBN of the book</rdfs:Comment>



0 </rdf:Property>

0

0 </rdf:RDF>

1404/21/23 03:48

RDF Container Model

0 Bag: Unordered container, may contain multiple occurrences- Rdf: Bag

0 Seq: Ordered container, may contain multiple occurrences- Rdf: Seq

0 Alt: a set of alternatives- Rdf: Alt

1504/21/23 03:48

RDF and Security

0 RDF specifications have been given for Attributes, Types Nesting, Containers, etc.

0 How can security policies be included in the specification0 Example: consider the statement “Berners Les is the Author

of the book Semantic Web”0 Do we allow access to the connection between author and

book? Do we allow access to the connection but not to the author name and book name?

1604/21/23 03:48

RDF Policy Specification

<rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - -

<rdf: Description: rdf: about = “949352” <uni: name = Berners Lee</uni:name> <uni: title> Professor < uni:title>Level = L1 </rdf: Description>

<rdf: Description rdf: about: “ZZZ”< uni: bookname> semantic web <uni:bookname>< uni: authoredby: Berners Lee <uni:authoredby>

Level = L2</rdf: Description>

</rdf: RDF>

1704/21/23 03:48

Policy Specification

0 The examples we have discussed earlier show how certain policies may be specified for RDF documents. A more detailed example is given below.


0 <rdf:RDF

0 xmlns:book="http://www.example.com/book#"

0 xmlns:owl="http://www.w3.org/2002/07/owl#"


0 xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#">

0 <book:Book rdf:ID="Building_Trustworthy_Semantic_Webs">


0 Level = Secret

0 <book:publisher>Auerbach Publications</book:publisher>

0 Level = Confidential

1804/21/23 03:48



0 Level = Unclassified



0 </book:Book>

0

0 <book:Book rdf:ID="Managing_and_Mining_Multimedia_Databases">



0 Level = Secret

0 <book:publisher>CRC Press</book:publisher>


1904/21/23 03:48






0 </book:Book>

0 </rdf:RDF>

2004/21/23 03:48

RDF Schema: Security Policies

0 How can security policies be specified?

<rdfs: Class rdf: ID = “professor”

<rdfs: comment>

The class of Professors

All professors are Academic Staff Members.

<rdfs: comment>

<rdfs: subClassof rdf: resource = “academicStaffMember”/>

Level = L

<rdfs: Class>

2104/21/23 03:48

RDF Axiomatic Semantics

0 First order logic to specify formulas and inferencing- Built in functions (First) and predicates (Type)- Modus Ponens- From A and If A then B, deduce B

0 Example: All containers are Resources- Type(?C, Container) Type(?c, Resource)- If we have Type(A, Container) then we can infer

(Type A, Resource)

2204/21/23 03:48

RDF Inferencing

0 While first order logic provides a proof system, it will be computationally infeasible

0 As a result horn clause logic was developed for logic programming; this is still computationally expensive

0 RDF uses If then Rules

0 IF E contains the triples (?u, rdfs: subClassof, ?v)

and (?v, rdfs: subClassof ?w)

THEN

E also contains the triple (?u, rdfs: subClassOf, ?w)

That is, if u is a subclass of v, and v is a subclass of w, then u is a subclass of w

2304/21/23 03:48

Policies in RDF

0 How can policies be specified?0 Should policies be specified as shown in the examples,

extensions to RDF syntax?0 Should policies be specified as RDF documents?0 Is there an analogy to XPath expressions for RDF policies?

- <policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report.xml” path = “//Patent[@Dept = ‘CS’]//Node()” priv = “VIEW”/>

- Can reification be used to specify policies?

2404/21/23 03:48

Example Policies

0 Temporal Access Control

- After 1/1/05, only doctors have access to medical records

0 Role-based Access Control

- Manager has access to salary information

- Project leader has access to project budgets, but he does not have access to salary information

- What happens is the manager is also the project leader?

0 Positive and Negative Authorizations

- John has write access to EMP

- John does not have read access to DEPT

- John does not have write access to Salary attribute in EMP

- How are conflicts resolved?

2504/21/23 03:48

Privacy Policies

0 Privacy constraints processing

- Simple Constraint: an attribute of a document is private

- Content-based constraint: If document contains information about X, then it is private

- Association-based Constraint: Two or more documents taken together is private; individually each document is public

- Release constraint: After X is released Y becomes private

0 Augment a database system with a privacy controller for constraint processing

2604/21/23 03:48

Policies,in RDF

0 Now, in previous examples, we have specified policies for RDF documents. Now, can we use RDF to specify policies? That is, how can RDF be used to specify the following policy?

0 “Only those attending a class from a professor has read access to the lecture notes of the professor”

0 Below we specify this policy in RDF.

0 </rdf:RDF>

0 xmlns:uni=http://www.w3.org/2002/07/universityonto#

0 xmlns:policy="http://www.example.com/policyonto#"

0 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">

0 <uni:LectureNotes rdf:ID="Data_Quality.doc">

0 <uni:Author>Bhavani Thuraisingham</uni:author>

0 <policy:AccessBy rdf:resource=http://localhost/bhavani/cs609/>

0 </rdf:RDF>

2704/21/23 03:48

Policies in RDF

0 <rdf:RDF

0 xmlns:uni=http://www.w3.org/2002/07/universityonto#

0 xmlns:policy="http://www.example.com/policyonto#"

0 xmlns:rdf=http://www.w3.org/1999/02/22-rdf-syntax-ns#>

0 <uni:Class rdf:ID="cs609">

0 <uni:taughtyBy>Bhavani Thuraisingham</book:author>

0 </rdf:RDF>

2804/21/23 03:48

Access Control Strategy0 Subjects request access to RDF documents under two modes: Browsing and

authoring

- With browsing access subject can read/navigate documents- Authoring access is needed to modify, delete, append documents

0 Access control module checks the policy based and applies policy specs0 Views of the document are created based on credentials and policy specs0 In case of conflict, least access privilege rule is enforced0 Works for Push/Pull modes0 Query Modification?

2904/21/23 03:48

System Architecture for Access Control

UserPull/Query Push/result

RDFDocuments

RDF-Access

RDF-AdminAdmin Tools

Policybase

Credentialbase

3004/21/23 03:48

RDF Databases

0 Data is presented as RDF documents

0 Query language: RQL, SPARQL

0 Query optimization

0 Managing transactions on RDF documents

0 Metadata management: RDF Schemas?

0 Access methods and index strategies

0 RDF security and integrity management

3104/21/23 03:48

RDF Query

0 One can query RDF using XML, but this will be very difficult as RDF is much richer than XML

0 Is there an analogy between say XQuery and a query language for RDF?

0 RQL – an SQL-like language has been developed for RDF0 Select from “RDF document” where some “condition”0 SPARQL is the current query language for RDF

3204/21/23 03:48

SPARQL

0 RDF is a directed, labeled graph data format for representing information in the Web.

0 SARQL specification defines the syntax and semantics of the SPARQL query language for RDF.

0 SPARQL can be used to express queries across diverse data sources, whether the data is stored natively as RDF or viewed as RDF via middleware.

0 SPARQL contains capabilities for querying required and optional graph patterns along with their conjunctions and disjunctions.

0 SPARQL also supports extensible value testing and constraining queries by source RDF graph.

0 The results of SPARQL queries can be results sets or RDF graphs.

0 http://www.w3.org/TR/rdf-sparql-query/

3304/21/23 03:48

RDF Databases

0 select Book, NumInStock

0 from {Book} book:authoredBy {Author}

0 . book:Stock {NumInStock}

0 Where Author Like “Bhavani*”

0 using namespace

0 book = http://www.example.com/book#

0 The requestor does not have access to the number of book copies in the stock. Therefore, new modified Query:

0 select Book

0 from {Book} book:authoredBy {Author}

0 Where Author Like “Bhavani*”

0 using namespace

0 book = http://www.example.com/book#

3404/21/23 03:48

Inference/Privacy Control

Policies

Ontologies

Rules

RDF DatabaseRDFDocumentsWeb Pages, Databases

Inference Engine/Rules Processor

Interface to the Semantic WebTechnologyBy UTD

3504/21/23 03:48

Semantic Social Networks

0 The latest breed of social networking services combine social networks with the sharing of content such as bookmarks, documents, photos, reviews.

0 The use of of Semantic Web technology facilitated distributed control.

- The friend-of-a-friend (FOAF) project is a first attempt at a formal, machine processable representation of user profiles and friendship networks. (Unlike with Friendster and similar sites that have central control)

- FOAF profiles are created and controlled by the individual user and shared in a distributed fashion.

- http://www.foaf-project.org.

3604/21/23 03:48

FOAF

0 The Friend of a Friend (FOAF) project is creating a Web of machine-readable pages describing people, the links between them and the things they create and do; it is a contribution to the linked information system known as the Web.

0 FOAF defines an open, decentralized technology for connecting social Web sites, and the people they describe.

0 FOAF is part of a shift towards a Web where we can choose the sites and tools we like, without being cut off from friends who made different choices.

0 FOAF lets you share and inter-connect information from diverse sources, move it around, and use it in unexpected new ways.

Sharif University of Technology,

Semantic Web Course, Fall 2005

3704/21/23 03:48

FOAF Example

0 <foaf:Person rdf:about="#me“ xmlns:foaf="http://xmlns.com/foaf/0.1/">

<foaf:name>Dan Brickley</foaf:name>

<foaf:mbox_sha1sum>241021fb0e6289f92815fc210f9e9137262c252e</foaf:mbox_sha1sum>

<foaf:homepage rdf:resource="http://danbri.org/" /> <foaf:img rdf:resource="/images/me.jpg" />

</foaf:Person>

3804/21/23 03:48

Summary and Directions

0 RDF is beginning to be used

0 Very little work on RDF security

0 How can we specify the policies discussed in this unit in RDF?

0 How can query modification be carried out for RDF documents?

0 Design access control for RDF databases