context-aware access control for rdf graph stores
DESCRIPTION
ECAI 2012 presentationTRANSCRIPT
Context-Aware Access Control for RDF Graph Stores!
Luca Costabello, Serena Villata, Fabien Gandon
SELECT … !WHERE {…}!
2007 2009 2011
SPARQL
T Berners-‐Lee, et al. On Integra8on Issues of Site-‐Specific APIs into the Web of Data, DERI Tech.Rep. 2009
Background and SHI3LD Key Features!
3
Semantic Web languages only!
Pluggable to any RDF store!
Mobile context in the loop!
Granularity from triples to whole graphs!
WAC [Berners-Lee], [Toninelli et al, ISWC-2006], ![Abel et al, ISWC-2007], [Finin et al.,SACMAT-2008], ![Flouris et al., FIS-2010], [Sacco and Passant, LDOW-2011]
> Named Graphs!
> SPARQL 1.1!
> Context Awareness!
> No new Policy languages!
[Carroll et al, WWW2005] RDF 1.1
[Schilit and Theimer, 94] [Dey, 01]
How it Works – Initial Setup!
4
● Named Graph Partitioning!
● Access Policy Definition!!S4AC & PRISSMA Vocabularies!
SHI3LD Vocabularies!
5
Example of Access Conditions!
6
ASK {?resource dcterms:creator ?provider .!?provider rel:hasFriend ?consumer . }!
ARE YOU A FRIEND OF THE DATA PROVIDER ?
ASK {?resource dcterms:creator ?provider . !?provider rel:collaboratesWith ?consumer . }!
ARE YOU A COLLABORATOR OF THE DATA PROVIDER ?
ASK {?resource dcterms:creator ?provider .!?provider rel:hasParent ?consumer . }!
ARE YOU A PARENT OF THE DATA PROVIDER ?
ASK{?resource dcterms:creator ?provider .!?provider rel:hasColleague ?consumer . }!
ARE YOU A COLLEAGUE OF THE DATA PROVIDER ?
Example of Access Conditions!
7
ASK {?consumer a foaf:Person .!! FILTER(?consumer = <http://example#John>) }!
ARE YOU JOHN ? IF SO
ASK {?consumer a foaf:Person .!! FILTER(!(?consumer = <http://example#John>)) }!
ARE YOU JOHN ? IF SO
ASK {?resource dcterms:creator ?provider .! ?provider sioc:member_of ?group . ! ?consumer sioc:member_of ?group . }!
ARE YOU A MEMBER OF THE SAME GROUP OF THE DATA PROVIDER ?
ASK { FILTER(rand()>0.5) }! DO YOU GET A NUMBER BIGGER THAN 0.5 ?
Example of Access Conditions!
8
ASK {?context a prissma:Context;! prissma:environment ?env.! ?env tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;!
! tl:duration "PT5H"^^xsd:duration.!! ?env prissma:currentPOI ?poi.!! ?poi prissma:poiLabel http://dbpedia.org/resource/Musee_du_Louvre. !
}! ARE YOU LOCATED IN THE LOUVRE MUSEUM AND IS IT OCTOBER 26TH, 2012 AFTER 12 a.m.? ASK {?context a prissma:Context; !
! prissma:device ?dev;!! prissma:user ?consumer;!
prissma:environment ?env.! ?consumer a foaf:Person;! rel:employedBy <http://example#Bob>.! ?env prissma:currentPOI ?poi.!
! ?poi prissma:poiLabel <http://dbpedia.org/resource/Musee_du_Louvre>.! ?dev a prissma:Device;! soft:deviceSoftware ?devsw.! ?devsw a soft:DeviceSoftware;! soft:operatingSystem ?opsys.! ?opsys a soft:Operatingsystem;! common:name "Android".!}!
ARE YOU LOCATED IN THE LOUVRE MUSEUM, ARE YOU EMPLOYED BY BOB, AND ARE YOU USING ANDROID?
Sample Access Policy!
9
Protected named graph
Conditions to verify
How it Works!
10
SELECT … !WHERE {…}!+
INSERT DATA { !GRAPH :ctx1{!
}}!:ctx1!
1. Query Contextualization ! !!
,! ,! , …!]![! ,!
:sampleCtx a prissma:Context;!!prissma:user :sampleUsr; !!prissma:device :sampleDev;!
prissma:environment :sampleEnv.!
:sampleUsr a prissma:User;! foaf:name "John Doe »;!
!foaf:knows <http://example.org/people/alice/>.!
:sampleDev a prissma:device;! !soft:deviceSoftware [soft:operatingSystem[common:name "Android"]].!
:sampleEnv a prissma:Environment;! prissma:currentPOI [geo:lat "45.43463";! ! ! ! geo:lon "7.843435";! ! ! ! prissma:radius "500"];!
tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;!
Example of User Context!
11
How it Works!
12
ASK {?context ! a prissma:Context; ! prissma:environment ?env.! ?env prissma:currentPOI ?poi. ! ?poi prissma:radius "500";! foaf:based_near ?p. ! ?p geo:lat "43.615811";! geo:long "7.068532".} !
= "false"
2. Access Policy Evaluation!
BINDINGS ?context {(:ctx1)}!
How it Works!
SELECT …!FROM :ng2,:ng3!WHERE {…}!
SELECT … !WHERE {…}!
:ng1 ! :ng2 !
13
3. Query Execution on ! accessible Named Graphs!
:ng3 !
13
Response Time Evaluation!
Slower!
RDF store and SPARQL 1.1. engine: Corese-‐KGRAM with Berlin SPARQL Benchmark Dataset 3.1
Faster!
• More context updates, ! More consumers!
• Small fraction granted!
• Dataset size still predominant!
14
Future Work!
Privacy!
User-centered evaluation!
Context data trustworthiness!
tinyurl.com/shi3ld
@lukostaz ! ! @serena_villata @fabien_gandon!Luca Costabello | Serena Villata | Fabien Gandon