Abstract
In this paper we examine how Discretionary Access Control principles, that have been successfully applied to relational and XML data, can be applied to the Resource Description Framework (RDF) graph data model. The objective being to provide a baseline for the specification of a general authorisation framework for the RDF data model. Towards this end we provide a summary of access control requirements for graph data structures, based on the different characteristics of graph models compared to relational and tree data models. We subsequently focus on the RDF data model and identify a list of access rights based on SPARQL query operations; propose a layered approach to authorisation derivation based on the graph structure and RDFSchema; and demonstrate how SQL GRANT and REVOKE commands can be adapted to cater for delegation of privileges in SPARQL.
Chapter PDF
Similar content being viewed by others
References
Amini, M., Jalili, R.: Multi-level authorisation model and framework for distributed semantic-aware environments. IET Information Security 4(4), 301 (2010)
Angles, R., Gutierrez, C.: Survey of graph database models. Computing Surveys 1(212) (2008)
Astrahan, M.M., Blasgen, W., Chamberlin, D.D., Eswaran, K.P., Gray, J.N., Griffiths, P.P.: System R: Relational Management Approach to Database 1(2), 97–137 (1976)
Berners-Lee, T., Weitzner, D.J., Hendler, J.: Creating a Policy-Aware Web: Discretionary, Rule-based Access for the World Wide Web. Web and Information Security (2006)
Bertino, E., Sandhu, R.: Database security - concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing 2(1), 2–19 (2005)
Bertino, E., Castano, S., Ferrari, E.: Securing XML documents with Author-X. IEEE Internet Computing 5(3), 21–31 (2001)
Bertino, E., Samarati, P., Jajodia, S.: Authorizations in relational database management systems. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, pp. 130–139 (1993)
Bertino, E., Samarati, P., Jajodia, S., Member, S.: An Extended Authorization Model for Relational Databases 9(1), 85–101 (1997)
Costabello, L., Villata, S., Delaforge, N.: Linked data access goes mobile: Context-aware authorization for graph stores. In: 5th WWW Workshop on Linked Data on the Web, LDOW (2012)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
Dietzold, S., Auer, S.: Access control on RDF triple stores from a semantic wiki perspective. In: ESWC Workshop on Scripting for the Semantic Web (2006)
Fagin, R.: On an authorization mechanism. ACM Transactions on Database Systems (TODS) 3(3), 310–319 (1978)
Gabillon, A.: An authorization model for XML databases. In: Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004, pp. 16–28 (2004)
Griffiths, P.P., Wade, B.W.: An authorization mechanism for a relational database system. ACM Transactions on Database Systems (TODS) 1(3), 242–255 (1976)
Jain, A., Farkas, C.: Secure resource description framework: an access control model. In: ACM SACMAT, pp. 121–129 (2006)
Javanmardi, S., Amini, M., Jalili, R., GanjiSaffar, Y.: SBAC: A Semantic Based Access Control Model. In: 11th Nordic Workshop on Secure IT-systems (NordSec 2006), Linkping, Sweden (2006)
Kodali, N., Farkas, C., Wijesekera, D.: Multimedia access control using RDF metadata (2003)
Li, H., Zhang, X., Wu, H., Qu, Y.: Design and application of rule based access control policies. In: Proc. of the Semantic Web and Policy Workshop, pp. 34–41 (2005)
Lopes, N., Kirrane, S., Zimmermann, A., Polleres, A., Mileo, A.: A Logic Programming approach for Access Control over RDF. In: Technical Communications of ICLP 2012 (2012)
Qin, L., Atluri, V.: Concept-level access control for the Semantic Web. In: Proceedings of the 2003 ACM Workshop on XML Security, XMLSEC 2003, p. 94. ACM Press (2003)
Ryutov, T., Kichkaylo, T., Neches, R.: Access Control Policies for Semantic Networks. In: 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, pp. 150–157. IEEE (July 2009)
Kirrane, S., Lopes, N., Mileo, A., Decker, S.: Protect Your RDF Data! In: Proceedings of the 2nd Joint International Semantic Technology Conference (2012)
Sacco, O., Passant, A., Decker, S.: An Access Control Framework for the Web of Data. In: 10th International Conference on Trust, Security and Privacy in Computing and Communications (2011)
Samarati, P., de Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Communications Magazine (1994)
Tarjan, R.: Depth-First Search and Linear Graph Algorithms. SIAM Journal on Computing 1(2), 146–160 (1972)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kirrane, S., Mileo, A., Decker, S. (2013). Applying DAC Principles to the RDF Graph Data Model. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds) Security and Privacy Protection in Information Processing Systems. SEC 2013. IFIP Advances in Information and Communication Technology, vol 405. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39218-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-39218-4_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39217-7
Online ISBN: 978-3-642-39218-4
eBook Packages: Computer ScienceComputer Science (R0)