Building Trustworthy
Semantic Webs
RDF and RDF Security
Dr. Bhavani Thuraisingham
February 18, 2011
8/1/2017 00:35
2
Objective of the Unit
0 This unit will provide an overview of RDF and then discuss some
security issues
8/1/2017 00:35
3
Outline of the Unit
0 Why RDF?
0 What is RDF?
0 RDF Specifications
0 RDF Schema (RFDS)
0 RDF Security
0 Policies in RDF
0 RDF Axiomatic Semantics and Inferencing
0 RDF Database
0 SPARQL
0 FOAF
0 Summary and Directions
0 Examples throughout the lecture
8/1/2017 00:35
4
Why RDF?
0 XML cannot be used to specify semantics
0 Example:
- Professor is a subclass of Academic Staff
- Professor inherits all properties of Academic Staff
0 RDF was specified so that the inadequacies of XML could be
handled
0 RDF uses XML Syntax
0 Additional constructs are needed for RDF
8/1/2017 00:35
5
RDF
0 Resource Description Framework is the essence of the
semantic web
0 Adds semantics with the use of ontologies, XML syntax
0 RDF Concepts
- Basic Model
= Resources, Properties and Statements
- Container Model
= Bag, Sequence and Alternative
8/1/2017 00:35
6
RDF Basics
0 Resource: Everything is a resource
- Person, Vehicle, etc.
0 Property: properties describe relationships between
resources
- E.g., Invented
0 Statement: (Object, Property, Value) Triple
- Berners Lee invented the Semantic Web
8/1/2017 00:35
7
RDF Specification
<rdf: RDF
xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#”
xmlns: xsd = “http:// - - xmlns: uni = “http:// - - - <rdf: Description: rdf: about = “949352”
<uni: name = Berners Lee</uni:name>
<uni: title> Professor < uni:title>
</rdf: Description>
<rdf: Description rdf: about: “ZZZ”
< uni: bookname> semantic web <uni:bookname>
< uni: authoredby: Berners Lee <uni:authoredby>
</rdf: Description>
</rdf: RDF>
8/1/2017 00:35
8
Example
0
The following example illustrates a part of an RDF document describing books:
Building_Trustworthy_Semantic_Webs and
Managing_and_Mining_Multimedia_Databases. They belong to Class ‘Book’ and have
properties: author, publisher, year and ISBN.
0 <?xml version="1.0"?>
0 <rdf:RDF
0 xmlns:book="http://www.example.com/book#"
0 xmlns:owl="http://www.w3.org/2002/07/owl#"
0 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
0 xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#">
0 <book:Book rdf:ID="Building_Trustworthy_Semantic_Webs">
0
<book:author>Bhavani Thuraisingham</book:author>
0
<book:publisher>Auerbach Publications</book:publisher>
0
<book:year>2007</book:year>
8/1/2017 00:35
9
Example
0 <book:ISBN>0849350808</book:ISBN>
0
</book:Book>
0
<book:Book rdf:ID="Managing_and_Mining_Multimedia_Databases">
0
<book:author>Bhavani Thuraisingham</book:author>
0
<book:publisher>CRC Press</book:publisher>
0
<book:year>2001</book:year>
0
<book:ISBN>0849300371</book:ISBN>
0
</book:Book>
0
</rdf:RDF>
8/1/2017 00:35
10
RDF Schema
0 Need RDF Schema to specify statements such as professor is
a subclass of academic staff
<rdfs: Class rdf: ID = “professor”
<rdfs: comment>
The class of Professors
All professors are Academic Staff Members.
<rdfs: comment>
<rdfs: subClassof rdf: resource = “academicStaffMember”/>
<rdfs: Class>
8/1/2017 00:35
11
Example
0 <The RDF schema for the above RDF document is as follows:
0
<?xml version="1.0"?>
0
<rdf:RDF
xmlns:owl="http://www.w3.org/2002/07/owl#"
0
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
0
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
0
xmlns:wsp="http://www.w3.org/2004/08/20-ws-pol-pos/ns#">
0
<rdfs:Class rdf:ID="Book">
0
<rdfs:comment>Book Class</rdfs:comment>
0
<rdfs:subClassOf rdf:resource="http://www.w3.org/1999/02/22-rdf-syntaxns#Resource"/>
0
</rdfs:Class>
8/1/2017 00:35
12
Example
0
<rdf:Property rdf:ID="author">
0
<rdfs:Comment>Author of the book</rdfs:Comment>
0
<rdfs:domain rdf:resource="#Book"/>
0
<rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/>
0
</rdf:Property>
0
0
<rdf:Property rdf:ID="publisher">
0
<rdfs:Comment>Publisher of the book</rdfs:Comment>
0
<rdfs:domain rdf:resource="#Book"/>
0
<rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/>
0
</rdf:Property>
0
8/1/2017 00:35
13
Example
0
<rdf:Property rdf:ID="year">
0
<rdfs:Comment>Year of first publication of the book</rdfs:Comment>
0
<rdfs:domain rdf:resource="#Book"/>
0
<rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/>
0
</rdf:Property>
0
0
<rdf:Property rdf:ID="ISBN">
0
<rdfs:Comment>ISBN of the book</rdfs:Comment>
0
<rdfs:domain rdf:resource="#Book"/>
0
<rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/>
0
</rdf:Property>
0
0
</rdf:RDF>
8/1/2017 00:35
14
RDF Container Model
0 Bag: Unordered container, may contain multiple occurrences
- Rdf: Bag
0 Seq: Ordered container, may contain multiple occurrences
- Rdf: Seq
0 Alt: a set of alternatives
- Rdf: Alt
8/1/2017 00:35
15
RDF and Security
0 RDF specifications have been given for Attributes, Types
Nesting, Containers, etc.
0 How can security policies be included in the specification
0 Example: consider the statement “Berners Les is the Author
of the book Semantic Web”
0 Do we allow access to the connection between author and
book? Do we allow access to the connection but not to the
author name and book name?
8/1/2017 00:35
16
RDF Policy Specification
<rdf: RDF
xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#”
xmlns: xsd = “http:// - - xmlns: uni = “http:// - - - -
<rdf: Description: rdf: about = “949352”
<uni: name = Berners Lee</uni:name>
<uni: title> Professor < uni:title>
Level = L1
</rdf: Description>
<rdf: Description rdf: about: “ZZZ”
< uni: bookname> semantic web <uni:bookname>
< uni: authoredby: Berners Lee <uni:authoredby>
Level = L2
</rdf: Description>
</rdf: RDF>
8/1/2017 00:35
17
Policy Specification
0 The examples we have discussed earlier show how certain policies may be
specified for RDF documents. A more detailed example is given below.
0
<?xml version="1.0"?>
0
<rdf:RDF
0
xmlns:book="http://www.example.com/book#"
0
xmlns:owl="http://www.w3.org/2002/07/owl#"
0
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
0
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#">
0
<book:Book rdf:ID="Building_Trustworthy_Semantic_Webs">
0
<book:author>Bhavani Thuraisingham</book:author>
0
Level = Secret
0
<book:publisher>Auerbach Publications</book:publisher>
0
Level = Confidential
8/1/2017 00:35
18
Policy Specification
0
<book:year>2007</book:year>
0
Level = Unclassified
0
<book:ISBN>0849350808</book:ISBN>
0
Level = Confidential
0
</book:Book>
0
0
<book:Book rdf:ID="Managing_and_Mining_Multimedia_Databases">
0
Level = Confidential
0
<book:author>Bhavani Thuraisingham</book:author>
0
Level = Secret
0
<book:publisher>CRC Press</book:publisher>
0
Level = Unclassified
8/1/2017 00:35
19
Policy Specification
0
<book:year>2001</book:year>
0
Level = Unclassified
0
<book:ISBN>0849300371</book:ISBN>
0
Level = Unclassified
0
</book:Book>
0
</rdf:RDF>
8/1/2017 00:35
20
RDF Schema: Security Policies
0 How can security policies be specified?
<rdfs: Class rdf: ID = “professor”
<rdfs: comment>
The class of Professors
All professors are Academic Staff Members.
<rdfs: comment>
<rdfs: subClassof rdf: resource = “academicStaffMember”/>
Level = L
<rdfs: Class>
8/1/2017 00:35
21
RDF Axiomatic Semantics
0 First order logic to specify formulas and inferencing
- Built in functions (First) and predicates (Type)
- Modus Ponens
- From A and If A then B, deduce B
0 Example: All containers are Resources
- Type(?C, Container) Type(?c, Resource)
- If we have Type(A, Container) then we can infer
(Type A, Resource)
8/1/2017 00:35
22
RDF Inferencing
0 While first order logic provides a proof system, it will be
computationally infeasible
0 As a result horn clause logic was developed for logic
programming; this is still computationally expensive
0 RDF uses If then Rules
0 IF E contains the triples (?u, rdfs: subClassof, ?v)
and (?v, rdfs: subClassof ?w)
THEN
E also contains the triple (?u, rdfs: subClassOf, ?w)
That is, if u is a subclass of v, and v is a subclass of w, then u is
a subclass of w
8/1/2017 00:35
23
Policies in RDF
0 How can policies be specified?
0 Should policies be specified as shown in the examples,
extensions to RDF syntax?
0 Should policies be specified as RDF documents?
0 Is there an analogy to XPath expressions for RDF policies?
- <policy-spec cred-expr = “//Professor[department = ‘CS’]”
target =
“annual_ report.xml” path = “//Patent[@Dept =
‘CS’]//Node()” priv = “VIEW”/>
- Can reification be used to specify policies?
8/1/2017 00:35
24
Example Policies
0 Temporal Access Control
- After 1/1/05, only doctors have access to medical records
0 Role-based Access Control
- Manager has access to salary information
- Project leader has access to project budgets, but he does not
have access to salary information
- What happens is the manager is also the project leader?
0 Positive and Negative Authorizations
- John has write access to EMP
- John does not have read access to DEPT
- John does not have write access to Salary attribute in EMP
- How are conflicts resolved?
8/1/2017 00:35
25
Privacy Policies
0 Privacy constraints processing
- Simple Constraint: an attribute of a document is private
- Content-based constraint: If document contains information
about X, then it is private
- Association-based Constraint: Two or more documents taken
together is private; individually each document is public
- Release constraint: After X is released Y becomes private
0 Augment a database system with a privacy controller for constraint
processing
8/1/2017 00:35
26
Policies,in RDF
0 Now, in previous examples, we have specified policies for RDF documents.
Now, can we use RDF to specify policies? That is, how can RDF be used to
specify the following policy?
0 “Only those attending a class from a professor has read access to the lecture
notes of the professor”
0 Below we specify this policy in RDF.
0
</rdf:RDF>
0
xmlns:uni=http://www.w3.org/2002/07/universityonto#
0
xmlns:policy="http://www.example.com/policyonto#"
0
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
0
<uni:LectureNotes rdf:ID="Data_Quality.doc">
0
<uni:Author>Bhavani Thuraisingham</uni:author>
0
<policy:AccessBy rdf:resource=http://localhost/bhavani/cs609/>
0
</rdf:RDF>
8/1/2017 00:35
27
Policies in RDF
0
<rdf:RDF
0
xmlns:uni=http://www.w3.org/2002/07/universityonto#
0
xmlns:policy="http://www.example.com/policyonto#"
0
xmlns:rdf=http://www.w3.org/1999/02/22-rdf-syntax-ns#>
0
0
0
<uni:Class rdf:ID="cs609">
<uni:taughtyBy>Bhavani Thuraisingham</book:author>
</rdf:RDF>
8/1/2017 00:35
28
Access Control Strategy
0 Subjects request access to RDF documents under two modes: Browsing and
authoring
- With browsing access subject can read/navigate documents
- Authoring access is needed to modify, delete, append documents
0 Access control module checks the policy based and applies policy specs
0 Views of the document are created based on credentials and policy specs
0 In case of conflict, least access privilege rule is enforced
0 Works for Push/Pull modes
0 Query Modification?
8/1/2017 00:35
29
System Architecture for Access Control
Pull/Query
User
Push/result
RDFAccess
Policy
base
RDF-Admin
Admin
Tools
Credential
base
RDF
Documents
8/1/2017 00:35
30
RDF Databases
0 Data is presented as RDF documents
0 Query language: RQL, SPARQL
0 Query optimization
0 Managing transactions on RDF documents
0 Metadata management: RDF Schemas?
0 Access methods and index strategies
0 RDF security and integrity management
8/1/2017 00:35
31
RDF Query
0 One can query RDF using XML, but this will be very difficult
0
0
0
0
as RDF is much richer than XML
Is there an analogy between say XQuery and a query
language for RDF?
RQL – an SQL-like language has been developed for RDF
Select from “RDF document” where some “condition”
SPARQL is the current query language for RDF
8/1/2017 00:35
32
SPARQL
0 RDF is a directed, labeled graph data format for representing
information in the Web.
0 SARQL specification defines the syntax and semantics of the
SPARQL query language for RDF.
0 SPARQL can be used to express queries across diverse data
sources, whether the data is stored natively as RDF or viewed as
RDF via middleware.
0 SPARQL contains capabilities for querying required and optional
graph patterns along with their conjunctions and disjunctions.
0 SPARQL also supports extensible value testing and constraining
queries by source RDF graph.
0 The results of SPARQL queries can be results sets or RDF graphs.
0 http://www.w3.org/TR/rdf-sparql-query/
8/1/2017 00:35
33
RDF Databases
0 select Book, NumInStock
0 from {Book} book:authoredBy {Author}
. book:Stock {NumInStock}
0
0 Where Author Like “Bhavani*”
0 using namespace
0
book = http://www.example.com/book#
0 The requestor does not have access to the number of book copies in
the stock. Therefore, new modified Query:
0 select Book
0 from {Book} book:authoredBy {Author}
0 Where Author Like “Bhavani*”
0 using namespace
0
book = http://www.example.com/book#
8/1/2017 00:35
34
Inference/Privacy Control
Technology
By UTD
Interface to the Semantic Web
Inference Engine/
Rules Processor
Policies
Ontologies
Rules
RDF Database
RDF
Documents
Web Pages,
Databases
8/1/2017 00:35
35
Semantic Social Networks
0 The latest breed of social networking services combine social networks
with the sharing of content such as bookmarks, documents, photos,
reviews.
0 The use of of Semantic Web technology facilitated distributed control.
-
The friend-of-a-friend (FOAF) project is a first attempt at a formal,
machine processable representation of user profiles and friendship
networks. (Unlike with Friendster and similar sites that have central
control)
-
FOAF profiles are created and controlled by the individual user and
shared in a distributed fashion.
- http://www.foaf-project.org.
8/1/2017 00:35
36
FOAF
0 The Friend of a Friend (FOAF) project is creating a Web of
machine-readable pages describing people, the links between
them and the things they create and do; it is a contribution to
the linked information system known as the Web.
0 FOAF defines an open, decentralized technology for
connecting social Web sites, and the people they describe.
0 FOAF is part of a shift towards a Web where we can choose
the sites and tools we like, without being cut off from friends
who made different choices.
0 FOAF lets you share and inter-connect information from
diverse sources, move it around, and use it in unexpected
new ways.
Sharif University of
Technology,
8/1/2017 00:35
37
FOAF Example
0 <foaf:Person rdf:about="#me“
xmlns:foaf="http://xmlns.com/foaf/0.1/">
<foaf:name>Dan Brickley</foaf:name>
<foaf:mbox_sha1sum>241021fb0e6289f92815fc210f9e9137262c252e<
/foaf:mbox_sha1sum>
<foaf:homepage rdf:resource="http://danbri.org/" /> <foaf:img
rdf:resource="/images/me.jpg" />
</foaf:Person>
8/1/2017 00:35
38
Summary and Directions
0 RDF is beginning to be used
0 Very little work on RDF security
0 How can we specify the policies discussed in this unit in RDF?
0 How can query modification be carried out for RDF documents?
0 Design access control for RDF databases
© Copyright 2026 Paperzz