SlideShare uma empresa Scribd logo

Context-Aware Access Control for RDF Graph Stores

S
Serena Villata

This document describes SHI3LD, a context-aware access control system for RDF graph stores. SHI3LD uses semantic web technologies and vocabularies to define access policies and user contexts. It evaluates policies against user contexts to determine which named graphs the user can access. This allows fine-grained, context-sensitive access control over RDF data. The system was evaluated using a SPARQL benchmark dataset, and response times increased only slightly as more user contexts and consumers were added. Future work may focus on improving context data trustworthiness and performing user-centered evaluations.

1 de 15
Baixar para ler offline
Context-Aware Access Control for RDF Graph Stores! SELECT … ! WHERE {…}! Luca  Costabello,  Serena  Villata,  Fabien  Gandon  
SPARQL   T  Berners-­‐Lee,  et  al.  On  Integra8on  Issues  of  Site-­‐Specific  APIs  into  the  Web  of  Data,  DERI  Tech.Rep.  2009   2007 2009 2011
Background and SHI3LD Key Features! WAC [Berners-Lee], [Toninelli et al, ISWC-2006], ! [Abel et al, ISWC-2007], [Finin et al.,SACMAT-2008], ! [Flouris et al., FIS-2010], [Sacco and Passant, LDOW-2011]
 Semantic Web Pluggable to languages only! any RDF store! > No new Policy languages! > SPARQL 1.1! Granularity from Mobile context in triples to whole graphs! the loop! > Named Graphs! > Context Awareness! [Carroll  et  al,  WWW2005]   [Schilit  and  Theimer,  94]     RDF  1.1   [Dey,  01]   3  
How it Works – Initial Setup! ●  Named Graph Partitioning! ●  Access Policy Definition! !S4AC & PRISSMA Vocabularies! 4  
SHI3LD Vocabularies! 5  
Example of Access Conditions! ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  FRIEND  OF     ?provider rel:hasFriend ?consumer . }! THE  DATA  PROVIDER  ?   ASK {?resource dcterms:creator ?provider . ! ARE  YOU  A  COLLABORATOR     ?provider rel:collaboratesWith ?consumer . }! THE  DATA  PROVIDER  ?   OF   ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  PARENT  OF     ?provider rel:hasParent ?consumer . }! THE  DATA  PROVIDER  ?   ASK{?resource dcterms:creator ?provider .! ARE  YOU  A  COLLEAGUE  OF     ?provider rel:hasColleague ?consumer . }! THE  DATA  PROVIDER  ?   6  
Example of Access Conditions! ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  MEMBER  OF     ?provider sioc:member_of ?group . ! THE  SAME  GROUP  OF     ?consumer sioc:member_of ?group . }! THE  DATA  PROVIDER  ?   ASK {?consumer a foaf:Person .! ARE  YOU  JOHN  ?   ! FILTER(?consumer = <http://example#John>) }! IF  SO   ASK {?consumer a foaf:Person .! ARE  YOU  JOHN  ?   ! FILTER(!(?consumer = <http://example#John>)) }! IF  SO   DO  YOU  GET  A  NUMBER     ASK { FILTER(rand()>0.5) }! BIGGER  THAN  0.5  ?   7  
Example of Access Conditions! ASK {?context a prissma:Context;! prissma:environment ?env.! ?env tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;! ! tl:duration "PT5H"^^xsd:duration.! ! ?env prissma:currentPOI ?poi.! ! ?poi prissma:poiLabel http://dbpedia.org/resource/Musee_du_Louvre. ! }! ARE  YOU  LOCATED  IN  THE  LOUVRE  MUSEUM     ASK {?context a prissma:Context; ! AND  IS  IT  OCTOBER  26 ,  2012  AFTER  12  a.m.?   TH ! prissma:device ?dev;! ! prissma:user ?consumer;! prissma:environment ?env.! ?consumer a foaf:Person;! rel:employedBy <http://example#Bob>.! ?env prissma:currentPOI ?poi.! ! ?poi prissma:poiLabel <http://dbpedia.org/resource/Musee_du_Louvre>.! ?dev a prissma:Device;! ARE  YOU  LOCATED  IN  THE  LOUVRE  MUSEUM,     soft:deviceSoftware ?devsw.! ARE  YOU  EMPLOYED  BY  BOB,  AND  ARE  YOU     ?devsw a soft:DeviceSoftware;! USING  ANDROID?   soft:operatingSystem ?opsys.! ?opsys a soft:Operatingsystem;! common:name "Android".! 8   }!
Sample Access Policy! Protected named graph Conditions to verify 9  
How it Works! 1.  Query Contextualization ! !! INSERT DATA { ! SELECT … ! GRAPH :ctx1{! [! ,! ,! ]! ,! , …! +   WHERE {…}! :ctx1! }}! 10  
Example of User Context! :sampleCtx a prissma:Context;! !prissma:user :sampleUsr; ! !prissma:device :sampleDev;! prissma:environment :sampleEnv.! :sampleUsr a prissma:User;! foaf:name "John Doe »;! !foaf:knows <http://example.org/people/alice/>.! :sampleDev a prissma:device;! !soft:deviceSoftware [soft:operatingSystem[common:name "Android"]].! :sampleEnv a prissma:Environment;! prissma:currentPOI [geo:lat "45.43463";! ! ! ! geo:lon "7.843435";! ! ! ! prissma:radius "500"];! tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;! 11  
How it Works! 2.  Access Policy Evaluation! ASK {?context ! a prissma:Context; ! prissma:environment ?env.! ?env prissma:currentPOI ?poi. ! ?poi prissma:radius "500";! foaf:based_near ?p. ! =   "false"   ?p geo:lat "43.615811";! geo:long "7.068532".} ! BINDINGS ?context {(:ctx1)}! 12  
How it Works! 3.  Query Execution on ! accessible Named Graphs! :ng1 ! :ng2 ! SELECT … ! :ng3 ! WHERE {…}! SELECT …! FROM :ng2,:ng3! WHERE {…}! 13  
Response Time Evaluation! RDF  store  and  SPARQL  1.1.  engine:  Corese-­‐KGRAM  with  Berlin  SPARQL  Benchmark  Dataset  3.1   • Dataset size still predominant! • Small fraction granted!  Faster! • More context updates, ! More consumers!  Slower! 14  
Future Work! Privacy! Context data User-centered trustworthiness! evaluation! Luca  Costabello  |  Serena  Villata    |  Fabien  Gandon   @lukostaz ! ! @serena_villata @fabien_gandon! tinyurl.com/shi3ld

Recomendados

Search LIKE %SQL% - Mikhail Khludnev, EPAM
Search LIKE %SQL% - Mikhail Khludnev, EPAMSearch LIKE %SQL% - Mikhail Khludnev, EPAM
Search LIKE %SQL% - Mikhail Khludnev, EPAMLucidworks
 
Real time data processing with spark & cassandra @ NoSQLMatters 2015 Paris
Real time data processing with spark & cassandra @ NoSQLMatters 2015 ParisReal time data processing with spark & cassandra @ NoSQLMatters 2015 Paris
Real time data processing with spark & cassandra @ NoSQLMatters 2015 ParisDuyhai Doan
 
Juggling Chainsaws: Perl and MongoDB
Juggling Chainsaws: Perl and MongoDBJuggling Chainsaws: Perl and MongoDB
Juggling Chainsaws: Perl and MongoDBDavid Golden
 
Yokohama Art Spot meets SPARQL
Yokohama Art Spot meets SPARQLYokohama Art Spot meets SPARQL
Yokohama Art Spot meets SPARQLFuyuko Matsumura
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEMen and Mice
 
Licenses Compatibility and Composition in the Web of Data
Licenses Compatibility and Composition in the Web of DataLicenses Compatibility and Composition in the Web of Data
Licenses Compatibility and Composition in the Web of DataSerena Villata
 
Social Semantic Web Access Control
Social Semantic Web Access ControlSocial Semantic Web Access Control
Social Semantic Web Access ControlSerena Villata
 
Supporting Argumentative Discussions Management in the Web
Supporting Argumentative Discussions Management in the WebSupporting Argumentative Discussions Management in the Web
Supporting Argumentative Discussions Management in the WebSerena Villata
 

Recomendados

Search LIKE %SQL% - Mikhail Khludnev, EPAM
Search LIKE %SQL% - Mikhail Khludnev, EPAMSearch LIKE %SQL% - Mikhail Khludnev, EPAM
Search LIKE %SQL% - Mikhail Khludnev, EPAMLucidworks
 
Real time data processing with spark & cassandra @ NoSQLMatters 2015 Paris
Real time data processing with spark & cassandra @ NoSQLMatters 2015 ParisReal time data processing with spark & cassandra @ NoSQLMatters 2015 Paris
Real time data processing with spark & cassandra @ NoSQLMatters 2015 ParisDuyhai Doan
 
Juggling Chainsaws: Perl and MongoDB
Juggling Chainsaws: Perl and MongoDBJuggling Chainsaws: Perl and MongoDB
Juggling Chainsaws: Perl and MongoDBDavid Golden
 
Yokohama Art Spot meets SPARQL
Yokohama Art Spot meets SPARQLYokohama Art Spot meets SPARQL
Yokohama Art Spot meets SPARQLFuyuko Matsumura
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEMen and Mice
 
Licenses Compatibility and Composition in the Web of Data
Licenses Compatibility and Composition in the Web of DataLicenses Compatibility and Composition in the Web of Data
Licenses Compatibility and Composition in the Web of DataSerena Villata
 
Social Semantic Web Access Control
Social Semantic Web Access ControlSocial Semantic Web Access Control
Social Semantic Web Access ControlSerena Villata
 
Supporting Argumentative Discussions Management in the Web
Supporting Argumentative Discussions Management in the WebSupporting Argumentative Discussions Management in the Web
Supporting Argumentative Discussions Management in the WebSerena Villata
 
Linked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
Linked Data Access Goes Mobile: Context Aware Authorization for Graph StoresLinked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
Linked Data Access Goes Mobile: Context Aware Authorization for Graph StoresLuca Costabello
 
Evaluation of Web Processing Service Frameworks
Evaluation of Web Processing Service FrameworksEvaluation of Web Processing Service Frameworks
Evaluation of Web Processing Service FrameworksEbrahim Poorazizi
 
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...NoSQLmatters
 
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit
 
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit
 
Access Control for HTTP Operations on Linked Data
Access Control for HTTP Operations on Linked DataAccess Control for HTTP Operations on Linked Data
Access Control for HTTP Operations on Linked DataLuca Costabello
 
Workflows in the Virtual Observatory
Workflows in the Virtual ObservatoryWorkflows in the Virtual Observatory
Workflows in the Virtual ObservatoryJose Enrique Ruiz
 
Cassandra Day SV 2014: Spark, Shark, and Apache Cassandra
Cassandra Day SV 2014: Spark, Shark, and Apache CassandraCassandra Day SV 2014: Spark, Shark, and Apache Cassandra
Cassandra Day SV 2014: Spark, Shark, and Apache CassandraDataStax Academy
 
CliqueSquare processing
CliqueSquare processingCliqueSquare processing
CliqueSquare processingINRIA-OAK
 
Finding knowledge, data and answers on the Semantic Web
Finding knowledge, data and answers on the Semantic WebFinding knowledge, data and answers on the Semantic Web
Finding knowledge, data and answers on the Semantic Webebiquity
 
A DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMFA DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMFMapMyFitness
 
NASA SensorWeb Enterprise Services
NASA SensorWeb Enterprise ServicesNASA SensorWeb Enterprise Services
NASA SensorWeb Enterprise ServicesPat Cappelaere
 
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Databricks
 
LODOP - Multi-Query Optimization for Linked Data Profiling Queries
LODOP - Multi-Query Optimization for Linked Data Profiling QueriesLODOP - Multi-Query Optimization for Linked Data Profiling Queries
LODOP - Multi-Query Optimization for Linked Data Profiling QueriesAnja Jentzsch
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 
Spark after Dark by Chris Fregly of Databricks
Spark after Dark by Chris Fregly of DatabricksSpark after Dark by Chris Fregly of Databricks
Spark after Dark by Chris Fregly of DatabricksData Con LA
 
Spark After Dark - LA Apache Spark Users Group - Feb 2015
Spark After Dark - LA Apache Spark Users Group - Feb 2015Spark After Dark - LA Apache Spark Users Group - Feb 2015
Spark After Dark - LA Apache Spark Users Group - Feb 2015Chris Fregly
 
Sparkling Water 5 28-14
Sparkling Water 5 28-14Sparkling Water 5 28-14
Sparkling Water 5 28-14Sri Ambati
 
RDF Stream Processing and the role of Semantics
RDF Stream Processing and the role of SemanticsRDF Stream Processing and the role of Semantics
RDF Stream Processing and the role of SemanticsJean-Paul Calbimonte
 
Polyglot Graph Databases using OCL as pivot
Polyglot Graph Databases using OCL as pivotPolyglot Graph Databases using OCL as pivot
Polyglot Graph Databases using OCL as pivotGraph-TA
 

Mais conteúdo relacionado

Semelhante a Context-Aware Access Control for RDF Graph Stores

Linked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
Linked Data Access Goes Mobile: Context Aware Authorization for Graph StoresLinked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
Linked Data Access Goes Mobile: Context Aware Authorization for Graph StoresLuca Costabello
 
Evaluation of Web Processing Service Frameworks
Evaluation of Web Processing Service FrameworksEvaluation of Web Processing Service Frameworks
Evaluation of Web Processing Service FrameworksEbrahim Poorazizi
 
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...NoSQLmatters
 
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit
 
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit
 
Access Control for HTTP Operations on Linked Data
Access Control for HTTP Operations on Linked DataAccess Control for HTTP Operations on Linked Data
Access Control for HTTP Operations on Linked DataLuca Costabello
 
Workflows in the Virtual Observatory
Workflows in the Virtual ObservatoryWorkflows in the Virtual Observatory
Workflows in the Virtual ObservatoryJose Enrique Ruiz
 
Cassandra Day SV 2014: Spark, Shark, and Apache Cassandra
Cassandra Day SV 2014: Spark, Shark, and Apache CassandraCassandra Day SV 2014: Spark, Shark, and Apache Cassandra
Cassandra Day SV 2014: Spark, Shark, and Apache CassandraDataStax Academy
 
CliqueSquare processing
CliqueSquare processingCliqueSquare processing
CliqueSquare processingINRIA-OAK
 
Finding knowledge, data and answers on the Semantic Web
Finding knowledge, data and answers on the Semantic WebFinding knowledge, data and answers on the Semantic Web
Finding knowledge, data and answers on the Semantic Webebiquity
 
A DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMFA DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMFMapMyFitness
 
NASA SensorWeb Enterprise Services
NASA SensorWeb Enterprise ServicesNASA SensorWeb Enterprise Services
NASA SensorWeb Enterprise ServicesPat Cappelaere
 
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Databricks
 
LODOP - Multi-Query Optimization for Linked Data Profiling Queries
LODOP - Multi-Query Optimization for Linked Data Profiling QueriesLODOP - Multi-Query Optimization for Linked Data Profiling Queries
LODOP - Multi-Query Optimization for Linked Data Profiling QueriesAnja Jentzsch
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 
Spark after Dark by Chris Fregly of Databricks
Spark after Dark by Chris Fregly of DatabricksSpark after Dark by Chris Fregly of Databricks
Spark after Dark by Chris Fregly of DatabricksData Con LA
 
Spark After Dark - LA Apache Spark Users Group - Feb 2015
Spark After Dark - LA Apache Spark Users Group - Feb 2015Spark After Dark - LA Apache Spark Users Group - Feb 2015
Spark After Dark - LA Apache Spark Users Group - Feb 2015Chris Fregly
 
Sparkling Water 5 28-14
Sparkling Water 5 28-14Sparkling Water 5 28-14
Sparkling Water 5 28-14Sri Ambati
 
RDF Stream Processing and the role of Semantics
RDF Stream Processing and the role of SemanticsRDF Stream Processing and the role of Semantics
RDF Stream Processing and the role of SemanticsJean-Paul Calbimonte
 
Polyglot Graph Databases using OCL as pivot
Polyglot Graph Databases using OCL as pivotPolyglot Graph Databases using OCL as pivot
Polyglot Graph Databases using OCL as pivotGraph-TA
 

Semelhante a Context-Aware Access Control for RDF Graph Stores (20)

Linked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
Linked Data Access Goes Mobile: Context Aware Authorization for Graph StoresLinked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
Linked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
 
Evaluation of Web Processing Service Frameworks
Evaluation of Web Processing Service FrameworksEvaluation of Web Processing Service Frameworks
Evaluation of Web Processing Service Frameworks
 
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...
DuyHai DOAN - Real time analytics with Cassandra and Spark - NoSQL matters Pa...
 
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod Narasimha
 
Spark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod NarasimhaSpark Summit EU talk by Debasish Das and Pramod Narasimha
Spark Summit EU talk by Debasish Das and Pramod Narasimha
 
Access Control for HTTP Operations on Linked Data
Access Control for HTTP Operations on Linked DataAccess Control for HTTP Operations on Linked Data
Access Control for HTTP Operations on Linked Data
 
Workflows in the Virtual Observatory
Workflows in the Virtual ObservatoryWorkflows in the Virtual Observatory
Workflows in the Virtual Observatory
 
Cassandra Day SV 2014: Spark, Shark, and Apache Cassandra
Cassandra Day SV 2014: Spark, Shark, and Apache CassandraCassandra Day SV 2014: Spark, Shark, and Apache Cassandra
Cassandra Day SV 2014: Spark, Shark, and Apache Cassandra
 
CliqueSquare processing
CliqueSquare processingCliqueSquare processing
CliqueSquare processing
 
Finding knowledge, data and answers on the Semantic Web
Finding knowledge, data and answers on the Semantic WebFinding knowledge, data and answers on the Semantic Web
Finding knowledge, data and answers on the Semantic Web
 
A DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMFA DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMF
 
NASA SensorWeb Enterprise Services
NASA SensorWeb Enterprise ServicesNASA SensorWeb Enterprise Services
NASA SensorWeb Enterprise Services
 
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
Microservices and Teraflops: Effortlessly Scaling Data Science with PyWren wi...
 
LODOP - Multi-Query Optimization for Linked Data Profiling Queries
LODOP - Multi-Query Optimization for Linked Data Profiling QueriesLODOP - Multi-Query Optimization for Linked Data Profiling Queries
LODOP - Multi-Query Optimization for Linked Data Profiling Queries
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
Spark after Dark by Chris Fregly of Databricks
Spark after Dark by Chris Fregly of DatabricksSpark after Dark by Chris Fregly of Databricks
Spark after Dark by Chris Fregly of Databricks
 
Spark After Dark - LA Apache Spark Users Group - Feb 2015
Spark After Dark - LA Apache Spark Users Group - Feb 2015Spark After Dark - LA Apache Spark Users Group - Feb 2015
Spark After Dark - LA Apache Spark Users Group - Feb 2015
 
Sparkling Water 5 28-14
Sparkling Water 5 28-14Sparkling Water 5 28-14
Sparkling Water 5 28-14
 
RDF Stream Processing and the role of Semantics
RDF Stream Processing and the role of SemanticsRDF Stream Processing and the role of Semantics
RDF Stream Processing and the role of Semantics
 
Polyglot Graph Databases using OCL as pivot
Polyglot Graph Databases using OCL as pivotPolyglot Graph Databases using OCL as pivot
Polyglot Graph Databases using OCL as pivot
 

Context-Aware Access Control for RDF Graph Stores

  • 1. Context-Aware Access Control for RDF Graph Stores! SELECT … ! WHERE {…}! Luca  Costabello,  Serena  Villata,  Fabien  Gandon  
  • 2. SPARQL   T  Berners-­‐Lee,  et  al.  On  Integra8on  Issues  of  Site-­‐Specific  APIs  into  the  Web  of  Data,  DERI  Tech.Rep.  2009   2007 2009 2011
  • 3. Background and SHI3LD Key Features! WAC [Berners-Lee], [Toninelli et al, ISWC-2006], ! [Abel et al, ISWC-2007], [Finin et al.,SACMAT-2008], ! [Flouris et al., FIS-2010], [Sacco and Passant, LDOW-2011]
 Semantic Web Pluggable to languages only! any RDF store! > No new Policy languages! > SPARQL 1.1! Granularity from Mobile context in triples to whole graphs! the loop! > Named Graphs! > Context Awareness! [Carroll  et  al,  WWW2005]   [Schilit  and  Theimer,  94]     RDF  1.1   [Dey,  01]   3  
  • 4. How it Works – Initial Setup! ●  Named Graph Partitioning! ●  Access Policy Definition! !S4AC & PRISSMA Vocabularies! 4  
  • 6. Example of Access Conditions! ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  FRIEND  OF     ?provider rel:hasFriend ?consumer . }! THE  DATA  PROVIDER  ?   ASK {?resource dcterms:creator ?provider . ! ARE  YOU  A  COLLABORATOR     ?provider rel:collaboratesWith ?consumer . }! THE  DATA  PROVIDER  ?   OF   ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  PARENT  OF     ?provider rel:hasParent ?consumer . }! THE  DATA  PROVIDER  ?   ASK{?resource dcterms:creator ?provider .! ARE  YOU  A  COLLEAGUE  OF     ?provider rel:hasColleague ?consumer . }! THE  DATA  PROVIDER  ?   6  
  • 7. Example of Access Conditions! ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  MEMBER  OF     ?provider sioc:member_of ?group . ! THE  SAME  GROUP  OF     ?consumer sioc:member_of ?group . }! THE  DATA  PROVIDER  ?   ASK {?consumer a foaf:Person .! ARE  YOU  JOHN  ?   ! FILTER(?consumer = <http://example#John>) }! IF  SO   ASK {?consumer a foaf:Person .! ARE  YOU  JOHN  ?   ! FILTER(!(?consumer = <http://example#John>)) }! IF  SO   DO  YOU  GET  A  NUMBER     ASK { FILTER(rand()>0.5) }! BIGGER  THAN  0.5  ?   7  
  • 8. Example of Access Conditions! ASK {?context a prissma:Context;! prissma:environment ?env.! ?env tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;! ! tl:duration "PT5H"^^xsd:duration.! ! ?env prissma:currentPOI ?poi.! ! ?poi prissma:poiLabel http://dbpedia.org/resource/Musee_du_Louvre. ! }! ARE  YOU  LOCATED  IN  THE  LOUVRE  MUSEUM     ASK {?context a prissma:Context; ! AND  IS  IT  OCTOBER  26 ,  2012  AFTER  12  a.m.?   TH ! prissma:device ?dev;! ! prissma:user ?consumer;! prissma:environment ?env.! ?consumer a foaf:Person;! rel:employedBy <http://example#Bob>.! ?env prissma:currentPOI ?poi.! ! ?poi prissma:poiLabel <http://dbpedia.org/resource/Musee_du_Louvre>.! ?dev a prissma:Device;! ARE  YOU  LOCATED  IN  THE  LOUVRE  MUSEUM,     soft:deviceSoftware ?devsw.! ARE  YOU  EMPLOYED  BY  BOB,  AND  ARE  YOU     ?devsw a soft:DeviceSoftware;! USING  ANDROID?   soft:operatingSystem ?opsys.! ?opsys a soft:Operatingsystem;! common:name "Android".! 8   }!
  • 9. Sample Access Policy! Protected named graph Conditions to verify 9  
  • 10. How it Works! 1.  Query Contextualization ! !! INSERT DATA { ! SELECT … ! GRAPH :ctx1{! [! ,! ,! ]! ,! , …! +   WHERE {…}! :ctx1! }}! 10  
  • 11. Example of User Context! :sampleCtx a prissma:Context;! !prissma:user :sampleUsr; ! !prissma:device :sampleDev;! prissma:environment :sampleEnv.! :sampleUsr a prissma:User;! foaf:name "John Doe »;! !foaf:knows <http://example.org/people/alice/>.! :sampleDev a prissma:device;! !soft:deviceSoftware [soft:operatingSystem[common:name "Android"]].! :sampleEnv a prissma:Environment;! prissma:currentPOI [geo:lat "45.43463";! ! ! ! geo:lon "7.843435";! ! ! ! prissma:radius "500"];! tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;! 11  
  • 12. How it Works! 2.  Access Policy Evaluation! ASK {?context ! a prissma:Context; ! prissma:environment ?env.! ?env prissma:currentPOI ?poi. ! ?poi prissma:radius "500";! foaf:based_near ?p. ! =   "false"   ?p geo:lat "43.615811";! geo:long "7.068532".} ! BINDINGS ?context {(:ctx1)}! 12  
  • 13. How it Works! 3.  Query Execution on ! accessible Named Graphs! :ng1 ! :ng2 ! SELECT … ! :ng3 ! WHERE {…}! SELECT …! FROM :ng2,:ng3! WHERE {…}! 13  
  • 14. Response Time Evaluation! RDF  store  and  SPARQL  1.1.  engine:  Corese-­‐KGRAM  with  Berlin  SPARQL  Benchmark  Dataset  3.1   • Dataset size still predominant! • Small fraction granted!  Faster! • More context updates, ! More consumers!  Slower! 14  
  • 15. Future Work! Privacy! Context data User-centered trustworthiness! evaluation! Luca  Costabello  |  Serena  Villata    |  Fabien  Gandon   @lukostaz ! ! @serena_villata @fabien_gandon! tinyurl.com/shi3ld