Papakonstantinou, Vassilis, Michou, Maria, Fundulaki, Irini, Flouris, Giorgos and Antoniou, Grigoris (2012) Access control for RDF graphs using abstract models. In: SACMAT '12 Proceedings of the 17th ACM symposium on Access Control Models and Technologies. ACM, pp. 103-112. ISBN 978-1-4503-1295-0
|PDF - Submitted Version |
Restricted to Repository staff only
The Resource Description Framework (RDF) has become the defacto standard for representing information in the Semantic Web. Given the increasing amount of sensitive RDF data available on the Web, it becomes increasingly critical to guarantee secure access to this content. In this paper we advocate the use of an abstract access control model to ensure the selective exposure of RDF information. The model is defined by a set of abstract operators and tokens. Tokens are used to label RDF triples with access information. Abstract operators model RDF Schema inference rules and propagation of labels along the RDF Schema(RDFS) class and property hierarchies. In this way, the access label of a triple is a complex expression that involves the labels of the triples and the operators applied to obtain said label. Different applications can then adopt different concrete access policies that encode an assignment of the abstract tokens and operators to concrete (specific) values. Following this approach, changes in the interpretation of abstract tokens and operators can be easily implemented resulting in a very flexible mechanism that allows one to easily experiment with different concrete access policies (defined per context or user). To demonstrate the feasibility of the approach, we implemented our ideas on top of the MonetDB and PostgreSQL open source database systems. We conducted an initial set of experiments which showed that the overhead for using abstract expressions is roughly linear to the number of triples considered; performance is also affected by the characteristics of the dataset, such as the size and depth of class and property hierarchies as well as the considered concrete policy.
|Item Type:||Book Chapter|
|Subjects:||Q Science > QA Mathematics > QA75 Electronic computers. Computer science|
|Schools:||School of Computing and Engineering|
|Depositing User:||Grigoris Antoniou|
|Date Deposited:||03 Jul 2012 13:53|
|Last Modified:||03 Jul 2012 13:53|
Downloader CountriesMore statistics for this item...
Repository Staff Only: item control page