Query-Based Access Control for Ontologies

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6333)


Role-based access control is a standard mechanism in information systems. Based on the role a user has, certain information is kept from the user even if requested. For ontologies representing knowledge, deciding what can be told to a user without revealing secrets is more difficult as the user might be able to infer secret knowledge using logical reasoning. In this paper, we present two approaches to solving this problem: query rewriting vs. axiom filtering, and show that while both approaches prevent the unveiling of secret knowledge, axiom filtering is more complete in the sense that it does not suppress knowledge the user is allowed to see while this happens frequently in query rewriting. Axiom filtering requires that each axiom carries a label representing its access level. We present methods to find an optimal axiom labeling to enforce query-based access restrictions and report experiments on real world data showing that a significant number of results are retained using the axiom filtering method.


Access Control Access Restriction Description Logic SPARQL Query Ontology Language 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baader, F., Knechtel, M., Peñaloza, R.: A generic approach for large-scale ontological reasoning in the presence of access restrictions to the ontology’s axioms. In: Bernstein, A., Karger, D.R., Heath, T., Feigenbaum, L., Maynard, D., Motta, E., Thirunarayan, K. (eds.) ISWC 2009. LNCS, vol. 5823, pp. 49–64. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Baader, F., Peñaloza, R.: Axiom pinpointing in general tableaux. Journal of Logic and Computation 20(1), 5–34 (2010); Special Issue: Tableaux and Analytic Proof Methods zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Calvanese, D., Giacomo, G.D., Lenzerini, M., Rosati, R.: View-based query answering over description logic ontologies. In: Proc. of KR 2008 (2008)Google Scholar
  4. 4.
    Chen, W., Stuckenschmidt, H.: A model-driven approach to enable access control for ontologies. In: Proc. of WI 2009, pp. 663–672 (2009)Google Scholar
  5. 5.
    Farkas, C., Jajodia, S.: The inference problem: a survey. SIGKDD Explor. Newsl. 4(2), 6–11 (2002)CrossRefGoogle Scholar
  6. 6.
    Gaag, A., Kohn, A., Lindemann, U.: Function-based solution retrieval and semantic search in mechanical engineering. In: Proc. of ICED 09 (2009)Google Scholar
  7. 7.
    Grau, B.C., Horrocks, I.: Privacy-preserving query answering in logic-based information systems. In: Proc. of ECAI 2008 (2008)Google Scholar
  8. 8.
    Kalyanpur, A., Parsia, B., Horridge, M., Sirin, E.: Finding all justifications of OWL DL entailments. In: Aberer, K., Choi, K.-S., Noy, N., Allemang, D., Lee, K.-I., Nixon, L.J.B., Golbeck, J., Mika, P., Maynard, D., Mizoguchi, R., Schreiber, G., Cudré-Mauroux, P. (eds.) ASWC 2007 and ISWC 2007. LNCS, vol. 4825, pp. 267–280. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Knechtel, M., Peñaloza, R.: Correcting access restrictions to a consequence. In: Proc. of DL 2010, CEUR-WS, vol. 573 (2010)Google Scholar
  10. 10.
    Knechtel, M., Peñaloza, R.: A generic approach for correcting access restrictions to a consequence. In: Aroyo, L., Antoniou, G., Hyvönen, E., ten Teije, A., Stuckenschmidt, H., Cabral, L., Tudorache, T. (eds.) ESWC 2010. LNCS, vol. 6088, pp. 167–182. Springer, Heidelberg (2010)Google Scholar
  11. 11.
    Reiter, R.: A theory of diagnosis from first principles. Artificial Intelligence 32(1), 57–95 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Sirin, E., Parsia, B.: SPARQL-DL: SPARQL queries for OWL-DL. In: Proc. of OWLED 2007 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.SAP Research Center DresdenGermany
  2. 2.Computer Science InstituteUniversity of MannheimGermany

Personalised recommendations