1 / 61

Web Data and Application Security Policies Naren Kodali

Web Data and Application Security Policies Naren Kodali. t 1. t 2. t 3. t 4. Simple Security Object. o.  t i : ( t i ) =  (o). t 1. t 2. t 3. t 4. Association Security Object. o.  t i : ( t i ) <  (o). //. r. d. a. b. c. v 1. v 1. Query Pattern. FOR $x in //r

wilson
Download Presentation

Web Data and Application Security Policies Naren Kodali

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Data and Application Security Policies Naren Kodali

  2. t1 t2 t3 t4 Simple Security Object o  ti :(ti) = (o)

  3. t1 t2 t3 t4 Association Security Object o  ti : (ti) < (o)

  4. // r d a b c v1 v1 Query Pattern FOR $x in //r LET $y := $x/d, $z := $x/a RETURN <answer> {$z/c} </answer> WHERE { $z/b==$y} Query Pattern

  5. Pattern Automata • Pattern Automata X = { S, Q, q0 , Qf , d } • S = E  A  { pcdata, //} • d is a transition function • Q = {q0 , … , qn} • Qf Q, (q0 Ï Qf) • Valid transitions on d are of the following form: s(qi, … ,qj)  qk • If d does not contain a valid transition rule, the default new state is q0

  6. // a b c Pattern Automata - Example • = { a, b, c, //} Q = {q0, qa, qb, qc} Qf = {qa} d= { b( )  qb , c( )  qc , a(qb,qc)  qa , *(qa)  qa } Association object Pattern Automata

  7. Semantic Web From: T.B. Lee

  8. Parallel Operator “PAR” VIDEO AUDIO AUDIO Sequential Operator “SEQ” VIDEO and AUDIO together VIDEO AUDIO VIDEO VIDEO after END of AUDIO Switch Operator “switch” VIDEO SILENCE If Condition A= TRUE, then only VIDEO AUDIO SILENCE If Condition B= TRUE, then only AUDIO SMIL

  9. SMIL vs. XML • In both, document = tree • BUT XML has NO intended semantics, SMIL specify runtime behavior • QoS (timeliness and continuity) specified using synchronization constructs <par>, <seq>, <excl> and others. • No Security for SMIL <smil> <seq> <par> <audio src=“http://www.example.org/Audio1.rm”> <video src=“http://www.example.org/Video1.rm”> </par> <par> <audio src=“http://www.example.org/Audio2.rm”> <video src=“http://www.example.org/Video2.rm”> </par> </seq> </smil> <smil> <seq> <par> <par> Video2 Video1 Audio1 Audio2

  10. t t+7 t+14 SEQ Audio 1 Audio 2 Audio 1 Audio 2 Video 1 Video 2 A1 A2 t t+7 t+14 SEQ Audio 1 Audio 2 Video 1 Video 2 Video 1 Video 2 V1 V2 PAR PAR t t+7 t+14 SEQ SEQ Audio 1 Audio 2 Audio 1 Audio 2 Video 1 Video 2 Video 1 Video 2 V1 V2 A1 A2 Object Identity in SMIL - I

  11. t t+7 t+14 SEQ Audio 1 Audio 2 Audio 1 Video 1 Video 2 Video 2 A1 V2 t t+7 t+14 SEQ Audio 2 Audio 1 Audio 2 Video 1 Video 1 Video 2 A2 V1 Audio 1 PAR Audio 2 Video 1 Video 2 PAR t t+7 t+14 SEQ SEQ Audio 1 Audio 2 Video 1 Video 2 V1 A2 A1 V2 Object Identity in SMIL - II

  12. t t+7 t+14 PAR Audio 1 Audio 2 Audio 1 Video 1 Video 2 Video 1 A1 V1 t t+7 t+14 PAR Audio 2 Audio 1 Audio 2 Video 2 Video 1 Video 2 V2 A2 Audio 1 SEQ Audio 2 Video 1 Video 2 SEQ t t+7 t+14 PAR PAR Audio 1 Audio 2 Video 1 Video 2 A2 V2 V1 A1 Object Identity in SMIL - III

  13. SMIL Normal Form SMIL Normal Form (smilNF) is of the form <seq> <par> C_1,1(s) C_1,2 (s) C_1,3 (s) .. C_1,n (s)</par> <par> ……………………..………………<par> <par> C_ m,1(s) C_m,2(s) C_ m,3 (s)..C_m,n (s)</par> </seq> where C i,j are audio or video, image or text media intervals.

  14. A1 A2 A3 B1 B2 B3 C1 C2 C3 D1 D2 D3 Normalization Algorithm SEQ SEQ 1 2 3 A1 A2 A3 A <PAR> <PAR> <PAR> B1 B2 B3 B <PAR> C1 C2 C3 C A1 B1 D1 C1 A3 B3 D3 C3 D1 D2 D3 D A2 B2 D2 C2 Representation 1 SEQ SEQ 1 2 3 A B <PAR> <PAR> <PAR> <PAR> C A1 C3 D B2 C2 D2 Representation 2

  15. <SEQ> <SEQ> <SEQ> <PAR> <PAR> (r1)<PAR> <PAR> <PAR> <PAR> (Empty) V1 A2 V2 A1 (r3)V1 (r1)A2 (r2)V2 A1 V1 A2 Metadata in SMIL - RBAC Example A1 RBAC metadata decorated SMIL Normal Form SMIL Normal Form Permitted view for Role 1

  16. The Inference Problem General Purpose Database: Non-confidential data + Metadata Undesired Inferences Semantic Web: Non-confidential data + Metadata (data and application semantics) + Computational Power + Connectivity  Undesired Inferences

  17. Air show address fort address fort Association Graph • Association similarity measure • Distance of each node from the association root • Difference of the distance of the nodes from the association root • Complexity of the sub-trees originating at nodes • Example: XML document: Association Graph: Public Public, AC

  18. Public Public ? address fort Water source base district basin Confidential Correlated Inference Concept Generalization: weighted concepts, concept abstraction level, range of allowed abstractions Object[]. waterSource :: Object basin :: waterSource place :: Object district :: place address :: place base :: Object fort :: base

  19. place address fort Water source district basin base Confidential Correlated Inference (cont.) Object[]. waterSource :: Object basin :: waterSource place :: Object district :: place address :: place base :: Object fort :: base Base Place base Public Public Water source Water Source

  20. Inference Removal • Relational databases: limit access to data • Web inferences • Cannot redesign public data outside of protection domain • Cannot modify/refuse answer to already published web page • Protection Options: • Release misleading information • Remove information • Control access to metadata

  21. Web Metadata

  22. Resource Description Framework (RDF) • Representing information about resources in the World Wide Web • Intended for machine processing • Provides a common framework  applications can share data • Identifying things using Web identifiers (URIs) • Describing resources in terms of simple properties and property values • RDF statement: (subject, property, object)

  23. RDF Graph • Individuals • Kinds of things • Properties of those things • Values of those properties • From: RDF Primer, • http://www.w3.org/RDF/

  24. XML syntax for RDF RDF/XML sample: <?xml version="1.0"?> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:contact="http://www.w3.org/2000/10/swap/pim/contact#"> <contact:Person rdf:about="http://www.w3.org/People/EM/contact#me"> <contact:fullName>Eric Miller</contact:fullName> <contact:mailbox rdf:resource="mailto:em@w3.org"/> <contact:personalTitle>Dr.</contact:personalTitle> </contact:Person> </rdf:RDF> From: RDF Primer, http://www.w3.org/RDF/

  25. RDF Entailment • “Meaning" of an RDF graph: depends on many factors • e.g., conventions within a user community, comments in natural language, or links to other content-bearing documents, etc. • Some can be processed by machines, some not • RDF formal semantics: “conclusions” that machines can derive from an RDF graph • Model theory • Can transform an RDF graph into logical expression with the same meaning

  26. RDF Schema • Express classes and their subclasses • Define properties and associate them with classes • Facilitate inferencing Studies-at Student University ISA Grad. student

  27. Ontology • Explicit specification of conceptualization • Philosophical discipline • Formal semantics • Informal conceptual model • Vocabulary used by a logical theory • Etc. • RDF/S, DAML + OIL, OWL, etc.

  28. Ontology Manipulation • Processing • Integration • Federation • Access Control

  29. Metadata Security • No security model exists for metadata • Can we use existing security models to protect metadata? • RDF/S is the Basic Framework for SW • RDF/S supports simple inferences • This is not true of XML: XML Access control cannot be used to protect RDF /S data

  30. RDF/S Entailment Rules Example RDF/S Entailment Rules (http://www.w3.org/TR/rdf-mt/#rules ) • Rdfs2: • (aaa, rdfs:domain, xxx) + (uuu, aaa, yyy)  (uuu, rdf:type, xxx) • Rdfs3: • (aaa, rdfs:range, xxx) + (uuu, aaa, vvv) (vvv, rdf:type, xxx) • Rdfs5: • (uuu, rdfs:subPropertyOf, vvv) + (vvv, rdfs:subPropertyOf, xxx) (uuu,rdfs:subPropertyOf, xxx) • Rdfs11: • (uuu, rdfs:subClassOf, vvv)+(vvv, rdfs:subClassOf, xxx)(uuu,rdfs:subClassOf, xxx)

  31. Example Graph Format • RDF Triples: • (Student, rdfs:subClassOf, Person) • (University, rdfs:subClassOf, GovAgency) • (studiesAt, rdfs:domain, Student) • (studiesAt, rdfs:range,University) • (studiesAt, rdfs:subPropertyOf, memberAt) • (John, studiesAt, USC)

  32. Example Graph Format

  33. Example Graph Format

  34. Example Graph Format

  35. Secure RDF Entailed Data in RDF can cause illegal inferences: • (John, studiesAt, USC) [S] + (studiesAt, rdfs:domain, University) [S]  (USC, rdf:type, University) [S] • (USC, rdf:type, University) [S]+ (University, rdf:subclassOf, GovAgency) [S]  (USC, rdf:type, GovAgency) [TS] Secret User can infer TS information

  36. RDF Access Control • Security Policy • Subject • Object – Object pattern • Access Mode • Default policy • Conflict Resolution • Classification of entailed data • Flexible granularity

  37. Secure XML Updates PathSatisfaction .java MACParser .java MACModel .java NodeSecurity Manager.java NativeElement Index.java Result FilepathAbsoute Table UserName XMLUtil.java UserManagement .java

  38. Secure XML Updates - Example

  39. RDF Access Control Example

  40. Policy-BasedDissemination of Partial Web-Ontologies George Mason University Reused with the permission of D. Wijesekera

  41. Outline • Introduction • Problem of improper disclosure • Overview of our approach • Modeling RDF Graphs as Trees • Protection cases • Formal model • Semantics and results

  42. Semantic web: the problem domain • Objects on the world wide web (WWW) are `described’ by web-ontologies • Meta-information or ontologies help in automatic discovery of `related’ web-objects (URIs) • Ontologies are concepts (or classes) related through properties (or binary relations) with individuals belonging to a concept or a property

  43. E.g.: A simple web-ontology Weapons Binary relationships Conventional Weapons Special Weapons Nuclear Warhead Rocket Launcher Machine Gun Delivery System Trigger Mechanism Size Rounds A weapons taxonomy

  44. The problem of improper disclosure • Ontologies may contain sensitive information • Disclosing complete ontology is insecure • Usual access control techniques can either regulate access to concepts or complete ontologies • Preservingrelationshipsbetween concepts while regulating access to concepts is an unsolved problem

  45. Example scenario Weapons Sensitive portion Conventional Weapons Special Weapons Requested Nuclear Warhead Rocket Launcher Machine Gun Delivery System Trigger Mechanism Size Rounds

  46. Example scenario Weapons Requirement: Conventional Weapons Removal of sensitive portions while preserving other relationships Requested Rocket Launcher Machine Gun Size Rounds

  47. RDF Preliminaries • Vocabulary: A set of URIs forms the vocabulary • Each URI is an instance of an RDF Class or a Property. • Axioms: Triples <S,P,O> form sentences, where S,P and O are constants in the vocabulary and P is a property. • RDF Graph: A set of triples is also called an RDF Graph. • Extension: A mapping relates each class or property to its extension • Semantics: The interpretation is a mapping of resources to their extensions

  48. Overview: Graphs to Trees • We model RDF syntactic and semantic elements as syntactic elements. • Each triple is encoded as a set using von Neumann’s standard set encoding • <A,B> is {A,{A,B}} • <A,B,C> is {A, {A, <B,C>}} or {A, {A, {B,{B,C}}}} • No self-references or cycles are allowed • Consequently, a graph is reduced to a tree

  49. Overview: Protection cases • We enable two use cases: • Disclosure control over parts of ontologies • Based on the attributes of a requester, only parts of an ontology are accessible • Content obfuscation in an ontology • Based on the attributes of a requester, only the ontological structure is made available, but not the names of sensitive concepts and properties

  50. Use-case 1 (a): Remove subtree Weapons Conventional Weapons Remove subtree beyond this concept Rocket Launcher Machine Gun Size Rounds

More Related