Semantics-aware security policy specification for the semantic web data

摘要

The semantic web has been envisioned as a machine-interpretable web, where data instances are described through concepts defined and related in ontologies. Though ontologies are publicly available as a crucial component of the semantic web infrastructure, many data instances are sensitive and should be kept confidential. Sensitive information can be illegally inferred from other seemingly unclassified information in combination with the underlying data semantics and interrelationships revealed by ontologies. In other words, the visibility of ontologies can pose inference threats to the security of data instances, and this requires that security policies be specified in such a way that the semantic relationships among data instances are taken into account. To protect the semantic web data or other semantics-rich data, this paper presents semantics-aware security policy specification. We propose concept-level, association-level and property-level access control models for different security objects, and that authorisations be propagated based on different inference patterns. These propagation policies can be used to generate safe and consistent access control authorisations.