Inference Leakage Detection for Authorization Policies over RDF Data

  • Tarek SayahEmail author
  • Emmanuel Coquery
  • Romuald Thion
  • Mohand-Saïd Hacid
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9149)


The Semantic Web technologies include entailment regimes that produce new RDF data from existing ones. In the presence of access control, once a user has legitimately received the answer of a query, she/he can derive new data entailed from the answer that should have been forbidden if carried out inside of the RDF store. In this paper, we define a fine-grained authorization model for which it is possible to check in advance whether such a problem will arise. To this end, we provide a static analysis algorithm which can be used at the time of writing the authorization policy and does not require access to the data. We illustrate the expressiveness of the access control model with several conflict resolution strategies including most specific takes precedence as well as the applicability of the algorithm for diagnosis purposes.


Authorization Semantic reasoning Inference leakage 



This work is supported by Thomson Reuters in the framework of the Partner University Fund project : “Cybersecurity Collaboratory: Cyberspace Threat Identification, Analysis and Proactive Response”. The Partner University Fund is a program of the French Embassy in the United States and the FACE Foundation and is supported by American donors and the French government.


  1. 1.
    Abel, F., De Coi, J.L., Henze, N., Koesling, A.W., Krause, D., Olmedilla, D.: Enabling advanced and context-dependent access control in RDF stores. In: Aberer, K., et al. (eds.) ASWC 2007 and ISWC 2007. LNCS, vol. 4825, pp. 1–14. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  2. 2.
    Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Boston (1995). zbMATHGoogle Scholar
  3. 3.
    Barker, S.: Protecting deductive databases from unauthorized retrieval and update requests. Data Knowl. Eng. 43(3), 293–315 (2002)zbMATHMathSciNetCrossRefGoogle Scholar
  4. 4.
    Farkas, C., Jajodia, S.: The inference problem: a survey. SIGKDD Explor. Newsl. 4(2), 6–11 (2002)CrossRefGoogle Scholar
  5. 5.
    Flouris, G., Fundulaki, I., Michou, M., Antoniou, G.: Controlling access to RDF graphs. In: Berre, A.J., Gómez-Pérez, A., Tutschku, K., Fensel, D. (eds.) FIS 2010. LNCS, vol. 6369, pp. 107–117. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  6. 6.
    Hayes, P., McBride, B.: RDF semantics. Technical report, W3C (2004)Google Scholar
  7. 7.
    Jain, A., Farkas, C.: Secure resource description framework: an access control model. In: SACMAT, pp. 121–129. ACM (2006)Google Scholar
  8. 8.
    Lopes, N., Kirrane, S., Zimmermann, A., Polleres, A., Mileo, A.: A logic programming approach for access control over RDF. In: ICLP, pp. 381–392 (2012)Google Scholar
  9. 9.
    Martelli, A., Montanari, U.: An efficient unification algorithm. ACM Trans. Program. Lang. Syst. 4, 258–282 (1982)zbMATHCrossRefGoogle Scholar
  10. 10.
    Papakonstantinou, V., Michou, M., Fundulaki, I., Flouris, G., Antoniou, G.: Access control for RDF graphs using abstract models. In: SACMAT, pp. 103–112 (2012)Google Scholar
  11. 11.
    Pérez, J., Arenas, M., Gutierrez, C.: Semantics and complexity of SPARQL. ACM Trans. Database Syst. 34(3), 16:1–16:45 (2009)CrossRefGoogle Scholar
  12. 12.
    Polleres, A.: From SPARQL to rules (and back). In: WWW, pp. 787–796 (2007)Google Scholar
  13. 13.
    Rachapalli, J., Khadilkar, V., Kantarcioglu, M., Thuraisingham, B.: Towards fine grained RDF access control. In: SACMAT, pp. 165–176. ACM (2014)Google Scholar
  14. 14.
    Kencana Ramli, C.D.P., Nielson, H.R., Nielson, F.: The logic of XACML. In: Arbab, F., Ölveczky, P.C. (eds.) FACS 2011. LNCS, vol. 7253, pp. 205–222. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  15. 15.
    Reddivari, P., Finin, T., Joshi, A.: Policy-based access control for an RDF store. In: Policy Management for the Web workshop, WWW. pp. 78–81 (2005)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Tarek Sayah
    • 1
    Email author
  • Emmanuel Coquery
    • 1
  • Romuald Thion
    • 1
  • Mohand-Saïd Hacid
    • 1
  1. 1.Université de Lyon, CNRS, Université Lyon 1, LIRIS, UMR5205LyonFrance

Personalised recommendations