Abstract
The explosion of digital content and the heterogeneity of enterprise content sources have pushed existing data integration solutions to their boundaries. Although RDF can be used as a representation format for integrated data, enterprises have been slow to adopt this technology. One of the primary inhibitors to its widespread adoption in industry is the lack of fine grained access control enforcement mechanisms available for RDF. In this paper, we provide a summary of access control requirements based on our analysis of existing access control models and enforcement mechanisms. We subsequently: (i) propose a set of access control rules that can be used to provide support for these models over RDF data; (ii) detail a framework that enforces access control restrictions over RDF data; and (iii) evaluate our implementation of the framework over real-world enterprise data.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Amini, M., Jalili, R.: Multi-level authorisation model and framework for distributed semantic-aware environments. IET Information Security 4(4), 301 (2010)
Bonatti, P.A., De Coi, J.L., Olmedilla, D., Sauro, L.: Rule-based policy representations and reasoning. In: Bry, F., Małuszyński, J. (eds.) Semantic Techniques for the Web. LNCS, vol. 5500, pp. 201–232. Springer, Heidelberg (2009)
Bradshaw, J.M., Dutfield, S., Benoit, P., Woolley, J.D.: KAoS: Toward an industrial-strength open agent architecture. In: Software Agents (1997)
Costabello, L., Villata, S., Delaforge, N.: Linked data access goes mobile: Context-aware authorization for graph stores. In: LDOW - 5th WWW Workshop on Linked Data on the Web (2012), http://hal.archives-ouvertes.fr/hal-00691256/
Cyganiak, R., Harth, A., Hogan, A.: N-Quads: Enxtending N-Triples with Context (2009)
Das, S., Sundara, S., Cyganiak, R.: R2RML: RDB to RDF Mapping Language. Candidate Recommendation, W3C (February 2012)
Evered, M.: A case study in access control requirements for a health information system. In: Second Workshop on Australasian Information Security (2004)
Griffiths, P.P.: An authorization mechanism for a relational database system. ACM Transactions on Database Systems 1(3), 242–255 (1976)
Javanmardi, S., Amini, M., Jalili, R., GanjiSaffar, Y.: SBAC: A Semantic-Based Access Control Model. In: 11th Nordic Workshop on Secure IT-systems (NordSec 2006), Linköping, Sweden (2006)
Kagal, L., Finin, T.: A policy language for a pervasive computing environment. In: Proceedings of the IEEE 4th International Workshop on Policies for Distributed Systems and Networks, POLICY 2003, pp. 63–74. IEEE Comput. Soc. (2003)
Lopes, N., Polleres, A., Straccia, U., Zimmermann, A.: AnQL: SPARQLing Up Annotated RDFS. In: Patel-Schneider, P.F., Pan, Y., Hitzler, P., Mika, P., Zhang, L., Pan, J.Z., Horrocks, I., Glimm, B. (eds.) ISWC 2010, Part I. LNCS, vol. 6496, pp. 518–533. Springer, Heidelberg (2010)
Lopes, N., Bischof, S., Decker, S., Polleres, A.: On the Semantics of Heterogeneous Querying of Relational, XML and RDF Data with XSPARQL. In: Moura, P., Nogueira, V.B. (eds.) EPIA 2011 – COLA Track, Lisbon, Portugal (October 2011)
Lopes, N., Kirrane, S., Zimmermann, A., Polleres, A., Mileo, A.: A Logic Programming approach for Access Control over RDF. In: Technical Communications of ICLP 2012, vol. 17, pp. 381–392. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik (2012)
McCollum, C.J., Messing, J.R., Notargiacomo, L.: Beyond the pale of MAC and DAC-defining new forms of access control. In: Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 190–200. IEEE (1990)
Qin, L., Atluri, V.: Concept-level access control for the Semantic Web. In: Proceedings of the 2003 ACM Workshop on XML Security - XMLSEC 2003, p. 94. ACM Press (2003)
Ryutov, T., Kichkaylo, T., Neches, R.: Access Control Policies for Semantic Networks. In: 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, pp. 150–157. IEEE (July 2009)
Sacco, O., Passant, A., Decker, S.: An Access Control Framework for the Web of Data. In: 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 456–463 (November 2011)
Samarati, P., de Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Sandhu, R.S.: Role-based access control. In: Advances in Computers, pp. 554–563 (1998)
Seaborne, A., Prud’hommeaux, E.: SPARQL Query Language for RDF. W3C Recommendation, W3C (January 2008), http://www.w3.org/TR/rdf-sparql-query/
Stephens, S.: The Enterprise Semantic Web. In: Cardoso, J., Hepp, M., Lytras, M.D. (eds.) The Semantic Web: Real-World Applications from Industry. Semantic Web and Beyond Computing for Human Experience, vol. 6, pp. 17–37. Springer (2007)
Udrea, O., Recupero, D.R., Subrahmanian, V.S.: Annotated RDF. ACM Trans. Comput. Logic 11(2), 1–41 (2010)
Zimmermann, A., Lopes, N., Polleres, A., Straccia, U.: A General Framework for Representing, Reasoning and Querying with Annotated Semantic Web Data. J. Web Sem. 11, 72–95 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kirrane, S., Lopes, N., Mileo, A., Decker, S. (2013). Protect Your RDF Data!. In: Takeda, H., Qu, Y., Mizoguchi, R., Kitamura, Y. (eds) Semantic Technology. JIST 2012. Lecture Notes in Computer Science, vol 7774. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37996-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-37996-3_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37995-6
Online ISBN: 978-3-642-37996-3
eBook Packages: Computer ScienceComputer Science (R0)