1 / 20

Dr. Bhavani Thuraisingham

Building Trustworthy Semantic Webs Lecture #7: OWL (Web Ontology Language) and Security. Dr. Bhavani Thuraisingham. September 2006. Objective of the Unit. This unit will provide an overview of ontologies, OWL and then discuss some security issues. Outline of the Unit. What are ontologies

nay
Download Presentation

Dr. Bhavani Thuraisingham

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building Trustworthy Semantic Webs Lecture #7: OWL (Web Ontology Language) and Security Dr. Bhavani Thuraisingham September 2006

  2. Objective of the Unit • This unit will provide an overview of ontologies, OWL and then discuss some security issues

  3. Outline of the Unit • What are ontologies • Why is RDF not sufficient? • What are the security issues for ontologies • What is OWL? • OWL Syntax and Semantics • Summary and Directions

  4. Ontology • Common definitions for any entity, person or thing • Several ontologies have been defined and available for use • Defining common ontology for an entity is a challenge • Mappings have to be developed for multiple ontologies • Specific languages have been developed for ontologies

  5. Why RDF is not sufficient? • RDF was developed as XML is not sufficient to specify semantics • E.g., class/subclass relationship • RDF has issues also • Cannot express several other properties such as Union, Interaction, relationships, etc • Need a richer language • Ontology languages were developed by the semantic web community for this purpose • Essentially RDF is not sufficient to specify ontologies

  6. Security and Ontology • Ontologies used to specify security policies • Example: OWL to specify security policies • Choice between XML, RDF, OWL, Rules ML, etc. • Security for Ontologies • Access control on Ontologies • Give access to certain parts of the Ontology

  7. OWL: Background • It’s a language for ontologies and relies on RDF • DARPA (Defense Advanced Research Projects Agency) developed early language DAML (DARPA Agent Markup Language) • Europeans developed OIL (Ontology Interface Language) • DAML+OIL combines both and was the starting point for OWL • OWL was developed by W3C

  8. OWL Features • Subclass relationship • Class membership • Equivalence of classes • Classification • Consistency (e.g., x is an instance of A, A is a subclass of B, x is not an instance of B) • Three types of OWL: OWL-Full, OWL-DL, OWL-Lite • Automated tools for managing ontologies • Ontology engineering

  9. OWL Specification (e.g., Classes) < owl: Class rdf: about = “#associateProfessor”> <owl: disjointWith rdf: resource “#professor”/> <owl: disjointWith rdf: resource = #assistantProfessor”/> </owl:Class> <owl: Class rdf: ID = “faculty”> <owl: equivalentClass rdf: resource = “academicStaffMember”/> </owl: Class> Faculty and Academic Staff Member are the same Associate Professor is not a professor Associate professor is not an Assistant professor

  10. OWL Specification (e.g., Property) Courses are taught by Academic staff members < owl: ObjectProperty rdf: about = “#isTaughtby”> <rdfs domain rdf: resource = “#course”/> <rdfs: range rdf: resource = “#academicStaffMember”/> <rdfs: subPropertyOf rdf: resource = #involves”/> </owl: ObjectProperty>

  11. OWL Specification (e.g., Property Restriction) All first year courses are taught only by professors < owl: Class rdf: about = “#”firstyearCourse”> <rdfs: subClassOf> <owl: Restriction> <owl: onProperty rdf: resource = “#isTaughtBy”> <owl: allValuesFrom rdf: resource = #Professor”/> </rdfs: subClassOf> </owl: Class>

  12. Policies in OWL • How can policies be specified? • Should policies be specified as shown in the examples, extensions to OWL syntax? • Should policies be specified as OWL documents? • Is there an analogy to XPath expressions for OWL policies? • <policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report.xml” path = “//Patent[@Dept = ‘CS’]//Node()” priv = “VIEW”/>

  13. Policies in OWL: Example < owl: Class rdf: about = “#associateProfessor”> <owl: disjointWith rdf: resource “#professor”/> <owl: disjointWith rdf: resource = #assistantProfessor”/> Level = L1 </owl:Class> <owl: Class rdf: ID = “faculty”> <owl: equivalentClass rdf: resource = “academicStaffMember”/> Level = L2 </owl: Class>

  14. Example Policies • Temporal Access Control • After 1/1/05, only doctors have access to medical records • Role-based Access Control • Manager has access to salary information • Project leader has access to project budgets, but he does not have access to salary information • What happens is the manager is also the project leader? • Positive and Negative Authorizations • John has write access to EMP • John does not have read access to DEPT • John does not have write access to Salary attribute in EMP • How are conflicts resolved?

  15. Privacy Policies • Privacy constraints processing • Simple Constraint: an attribute of a document is private • Content-based constraint: If document contains information about X, then it is private • Association-based Constraint: Two or more documents taken together is private; individually each document is public • Release constraint: After X is released Y becomes private • Augment a database system with a privacy controller for constraint processing

  16. Access Control Strategy • Subjects request access to OWL documents under two modes: Browsing and authoring • With browsing access subject can read/navigate documents • Authoring access is needed to modify, delete, append documents • Access control module checks the policy based and applies policy specs • Views of the document are created based on credentials and policy specs • In case of conflict, least access privilege rule is enforced • Works for Push/Pull modes • Query Modification?

  17. System Architecture for Access Control User Pull/Query Push/result RDF- Access RDF-Admin Admin Tools Credential base Policy base OWL Documents

  18. OWL Databases • Data is presented as OWL documents • Query language? OWL=QL? • Query optimization (depends on query language) • Managing transactions on OWL documents • Metadata management: OWL schemas? • Access methods and index strategies • OWL security and integrity management

  19. Inference/Privacy Control Interface to the Semantic Web Technology By UTD Inference Engine/ Rules Processor (Reasoning in OWL?) Policies Ontologies Rules OWL Documents Web Pages, Databases OWL Data Management

  20. Summary and Directions • Ontologies are a necessity for the web • OWL is getting recognition; several other ontology languages (DAML, OIL, etc.) • Very little work on security and ontologies? • How can we specify the policies in OWL? • How can query modification be carried out for OWL documents? • Design access control for OWL databases

More Related