Building Trustworthy Semantic Webs Lecture 7 OWL Web

Building Trustworthy Semantic Webs Lecture #7: OWL (Web Ontology Language) and Security Dr. Bhavani Thuraisingham September 2006

11/5/2020 23: 29 7 -2 Objective of the Unit 0 This unit will provide an overview of ontologies, OWL and then discuss some security issues

11/5/2020 23: 29 7 -3 Outline of the Unit 0 What are ontologies 0 Why is RDF not sufficient? 0 What are the security issues for ontologies 0 What is OWL? 0 OWL Syntax and Semantics 0 Summary and Directions

11/5/2020 23: 29 7 -4 Ontology 0 Common definitions for any entity, person or thing 0 Several ontologies have been defined and available for use 0 Defining common ontology for an entity is a challenge 0 Mappings have to be developed for multiple ontologies 0 Specific languages have been developed for ontologies

11/5/2020 23: 29 7 -5 Why RDF is not sufficient? 0 RDF was developed as XML is not sufficient to specify 0 0 semantics - E. g. , class/subclass relationship RDF has issues also - Cannot express several other properties such as Union, Interaction, relationships, etc Need a richer language Ontology languages were developed by the semantic web community for this purpose Essentially RDF is not sufficient to specify ontologies

11/5/2020 23: 29 7 -6 Security and Ontology 0 Ontologies used to specify security policies - Example: OWL to specify security policies - Choice between XML, RDF, OWL, Rules ML, etc. 0 Security for Ontologies - Access control on Ontologies = Give access to certain parts of the Ontology

11/5/2020 23: 29 7 -7 OWL: Background 0 It’s a language for ontologies and relies on RDF 0 DARPA (Defense Advanced Research Projects Agency) developed early language DAML (DARPA Agent Markup Language) 0 Europeans developed OIL (Ontology Interface Language) 0 DAML+OIL combines both and was the starting point for OWL 0 OWL was developed by W 3 C

11/5/2020 23: 29 7 -8 OWL Features 0 Subclass relationship 0 Class membership 0 Equivalence of classes 0 Classification 0 Consistency (e. g. , x is an instance of A, A is a subclass of B, x is not an instance of B) 0 Three types of OWL: OWL-Full, OWL-DL, OWL-Lite 0 Automated tools for managing ontologies - Ontology engineering

11/5/2020 23: 29 7 -9 OWL Specification (e. g. , Classes) < owl: Class rdf: about = “#associate. Professor”> <owl: disjoint. With rdf: resource “#professor”/> <owl: disjoint. With rdf: resource = #assistant. Professor”/> </owl: Class> <owl: Class rdf: ID = “faculty”> <owl: equivalent. Class rdf: resource = “academic. Staff. Member”/> </owl: Class> Faculty and Academic Staff Member are the same Associate Professor is not a professor Associate professor is not an Assistant professor

11/5/2020 23: 29 7 -10 OWL Specification (e. g. , Property) Courses are taught by Academic staff members < owl: Object. Property rdf: about = “#is. Taughtby”> <rdfs domain rdf: resource = “#course”/> <rdfs: range rdf: resource = “#academic. Staff. Member”/> <rdfs: sub. Property. Of rdf: resource = #involves”/> </owl: Object. Property>

11/5/2020 23: 30 7 -11 OWL Specification (e. g. , Property Restriction) All first year courses are taught only by professors < owl: Class rdf: about = “#”firstyear. Course”> <rdfs: sub. Class. Of> <owl: Restriction> <owl: on. Property rdf: resource = “#is. Taught. By”> <owl: all. Values. From rdf: resource = #Professor”/> </rdfs: sub. Class. Of> </owl: Class>

11/5/2020 23: 30 7 -12 Policies in OWL 0 How can policies be specified? 0 Should policies be specified as shown in the examples, extensions to OWL syntax? 0 Should policies be specified as OWL documents? 0 Is there an analogy to XPath expressions for OWL policies? - <policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report. xml” path = “//Patent[@Dept = ‘CS’]//Node()” priv = “VIEW”/>

11/5/2020 23: 30 7 -13 Policies in OWL: Example < owl: Class rdf: about = “#associate. Professor”> <owl: disjoint. With rdf: resource “#professor”/> <owl: disjoint. With rdf: resource = #assistant. Professor”/> Level = L 1 </owl: Class> <owl: Class rdf: ID = “faculty”> <owl: equivalent. Class rdf: resource = “academic. Staff. Member”/> Level = L 2 </owl: Class>

11/5/2020 23: 30 7 -14 Example Policies 0 Temporal Access Control - After 1/1/05, only doctors have access to medical records 0 Role-based Access Control - Manager has access to salary information - Project leader has access to project budgets, but he does not have access to salary information - What happens is the manager is also the project leader? 0 Positive and Negative Authorizations - John has write access to EMP - John does not have read access to DEPT - John does not have write access to Salary attribute in EMP - How are conflicts resolved?

11/5/2020 23: 30 7 -15 Privacy Policies 0 Privacy constraints processing - Simple Constraint: an attribute of a document is private - Content-based constraint: If document contains information about X, then it is private - Association-based Constraint: Two or more documents taken together is private; individually each document is public - Release constraint: After X is released Y becomes private 0 Augment a database system with a privacy controller for constraint processing

11/5/2020 23: 30 7 -16 Access Control Strategy 0 Subjects request access to OWL documents under two modes: Browsing and authoring - With browsing access subject can read/navigate documents - Authoring access is needed to modify, delete, append documents 0 Access control module checks the policy based and applies policy specs 0 Views of the document are created based on credentials and policy specs 0 In case of conflict, least access privilege rule is enforced 0 Works for Push/Pull modes 0 Query Modification?

11/5/2020 23: 30 7 -17 System Architecture for Access Control Pull/Query User RDFAccess Policy base Push/result RDF-Admin Tools Credential base OWL Documents

11/5/2020 23: 30 7 -18 OWL Databases 0 Data is presented as OWL documents 0 Query language? OWL=QL? 0 Query optimization (depends on query language) 0 Managing transactions on OWL documents 0 Metadata management: OWL schemas? 0 Access methods and index strategies 0 OWL security and integrity management

11/5/2020 23: 30 7 -19 Inference/Privacy Control Technology By UTD Interface to the Semantic Web Inference Engine/ Rules Processor (Reasoning in OWL? ) Policies Ontologies Rules OWL Data Management OWL Documents Web Pages, Databases

11/5/2020 23: 30 7 -20 Summary and Directions 0 Ontologies are a necessity for the web 0 OWL is getting recognition; several other ontology languages (DAML, OIL, etc. ) 0 Very little work on security and ontologies? 0 How can we specify the policies in OWL? 0 How can query modification be carried out for OWL documents? 0 Design access control for OWL databases