Monday, September 15, 2014

Security RDS graph

By: Sushanta Pradhan.

Inference and Reasoning

RDF stores information in the form statements, given a set of statements one can derive additional statements. Inference & reasoning engine makes use of the class and property definitions, their relationships and additional rules to derive additional statements. Apart from deriving additional statements, inference engine also validates the data contained in the RDF graph for example the range and domain of a property.

Kinds of Reasoner

Ontology Reasoner

This reasoner derives additional statements by looking into the class/property definitions and their relations. For example if we have the below class hierarchy”

 
And the following RDF statement (Ram’s mother is Kausilya):

An ontology reasoner will derive another RDF statement (Ram’s parent is Kausilya):
 

Rule Based Reasoner

A rule is a representation of knowledge in machine-readable form which a reasoner makes use of to derive additional information with existing information. For example the rule:
?person rdf:type , ?person >60, ?person ‘yes’, states that all person with age greater that 60 are senior citizens.
A rule-based reasoner applies such set of rules to RDF data and derives additional RDF statements. Rules can also be used to validate and secure RDF data.

Classification of Data from User’s perspective.

Private Data

Data that is owned only by one user and is accessible only to him. In RDF graph this data can be one of the following:
   Private Class
Visible only to the owner and instances can be created only by the owner. Can be considered as a database table/collection that is visible only to few users of the system say system administrators.
   Private Instance
An instance of either a Private Class or a Public class. Accessible only to the owner. Can be considered as a protected row in a database table/collection.
   Private Property (link)
Can be created only by the owner and can be a property of either a public or a private instance. Can be considered as a protected column/attribute in a database table /collection.

Public Data

Data that is accessible to all users in the system. In RDF graph this data can be one of the following:
   Public Class
Class that is visible to all and instances can be created by all users in the system
   Public Instance
An instance of a Public Class and is accessible to all.
   Public Property (link)
Can be created by anyone in the system and can be associated only to a public instance.

Shared Data

Private data that is shared by the owner to another user(s) in the system. Only the owner can share a private object with another user. In RDF graph this data can be one of the following:
   Shared Class
Visible to all shared members. Instances can be created only by the owner and accessed by all shared members.
   Shared Instance
An instance of either a Private Class or a Shared class. Can be created only by the owner and accessed by all shared members.
   Shared Property(link)
Can be created only by the owner and accessed by all shared members.

 
The below figure defines these rules, red arrow shows that the two entities can’t be associated with each other and the green arrows signifies a possible and must association between entities. At any given point of time all objects & links in the RDF graph must adhere to these rules to maintain sanity.

 

Categorization of accessibility

Implicit Access

Users are not given direct access to objects but are given indirectly by means of roles.
Various roles are defined by the application based on accessibility criteria and objects are given access to one or many roles. Users automatically get access to the objects that their corresponding role has. Consider the below role definitions & accessibility rules illustrated as RDF graph. As per the illustration ‘Accounts’ is only accessible to ‘Ram‘ while ‘UserData’ is only accessible to ‘Sham’.


Figure 1: Impicit definition

Explicit Access

Users are given direct access to objects as illustrated in the below RDF graph. 

 



Securing the RDF graph

SuperUser

Owner of all classes, instances and properties present in the RDF graph.  All security related classes, instances and properties that the superuser maintains for accessibility controls belong to the  ‘Private Data’ category of the user.

Explicit Access in the RDF graph

Explicit access is given to either private data or shared data in the RDF graph.

Explicit Access to private data

The property ‘hasAccess’ is attached to the private node with value as a node with type - ‘Person’. The below illustration shows a part of a graph where the private data - ‘Ram’s payslip’ has access only to Ram.

 

Explicit Access to shared data

Sharing data in the RDF graph needs creation of a shared node whose links decide which node is shared by whom and for whom. For example, the below illustration shows that ‘Ram’ the owner of ‘Ram’s PaySlip’ has shared this node with ‘Shyam’.




Implicit Access in the RDF graph

Implicit access is given to only public data in the RDF graph. The property ‘belongsTo’ is attached to the public node with value as a node with type - ‘Role’ as illustrated in  figure 1.

The ‘belongsTo’ property is private data of ‘superUser’ so as to prevent users from mistakenly make their data public. Hence it can be attached to nodes only by the ‘superUser’ OR by a user with whom this property has been shared by ‘superUser’ (typically would be administrators).

Retrieving data from secured RDF Graph

As all data in the RDF graph is classified into three categories viz. private, shared and public; a query run on the graph by an user should return public, private and shared data of the user. Therefore every query run on RDF is subdivided into three parts:


A.   Public - returns data that has explicit access to the user. Query:
SELECT ?s ?p ?o where {
                                ?p ‘hasAcess’ <userURI>
                                ?s ?p ?o
                                <additional query filters>
                      }
B.   Private - returns data that has implicit access to the user. Query:
SELECT ?s ?p ?o where {
                                
<userURI> ‘belongsTO’ ?role
                                ?p ‘hasAcess’ ?role
                                ?s ?p ?o    
                               
<additional query filters>
                      }
C.   Shared - returns data that was shared with this user by other users. Query:
SELECT ?s ?p ?o where {
                                ?p ’with’
<%s>
                                ?s ‘share’ ?p
                                ?s ?p ?o    
                                
<additional query filters>
                      }
        Union of above three is returned to user as result to the query.