Controlling Access to RDF Data using Abstract Models

The number of applications that publish and exchange possibly sensitive RDF data continuously increases in a large number of domains ranging from bioinformatics to e-government. In light of the sensitive nature of the available information, the issue of securing RDF content and ensuring the selective exposure of information to different classes of users is becoming all the more important. This thesis studies the problem of providing secure access to RDF data taking into account RDFS inference and propagation of access labels along the RDFS class and property hierarchies. The majority of the state of the art approaches for RDF access control use annotation models where each triple is assigned a concrete value as access label that determines whether the triple is accessible or not. In these models the computation of the access label of a triple (via implication or propagation) is done once, in a fixed manner according to predefined semantics. Hence, when the initial assignment of the access labels to triples or the semantics on how the implied labels are computed change, then the labels of all the implied triples in the dataset must be recomputed. This also holds when data, or even the way that labels are assigned to triples change. To address those shortcomings, we propose the use of abstract access control models, in which the access label of a triple is not a concrete value, but an algebraic expression that encodes exactly how the access label of an implied or propagated triple was computed, that is which triples were involved in the implication or propagation thereof. This way, we can easily determine the triples that are affected by each change in the dataset or in the authorizations, and act accordingly, by recomputing only the affected labels, rather than the labels of entire dataset. The flexibility of the proposed model to handle different applications with diversified needs, simplifies the maintenance of an access control-enhanced dataset. The abstract approach generalizes in a straightforward manner the existing RDF access control models that consider RDFS semantics since they can be considered as specific concretizations of the general model. More specifically, the model can be used in situations that consider different and/or dynamic datasets, authorizations, application requirements and access control semantics.