Auerbach Publications
478 pages | 156 B/W Illus.
With an ever-increasing amount of information on the web, it is critical to understand the pedigree, quality, and accuracy of your data. Using provenance, you can ascertain the quality of data based on its ancestral data and derivations, track back to sources of errors, allow automatic re-enactment of derivations to update data, and provide attribution of the data source.
Secure Data Provenance and Inference Control with Semantic Web supplies step-by-step instructions on how to secure the provenance of your data to make sure it is safe from inference attacks. It details the design and implementation of a policy engine for provenance of data and presents case studies that illustrate solutions in a typical distributed health care system for hospitals. Although the case studies describe solutions in the health care domain, you can easily apply the methods presented in the book to a range of other domains.
The book describes the design and implementation of a policy engine for provenance and demonstrates the use of Semantic Web technologies and cloud computing technologies to enhance the scalability of solutions. It covers Semantic Web technologies for the representation and reasoning of the provenance of the data and provides a unifying framework for securing provenance that can help to address the various criteria of your information systems.
Illustrating key concepts and practical techniques, the book considers cloud computing technologies that can enhance the scalability of solutions. After reading this book you will be better prepared to keep up with the on-going development of the prototypes, products, tools, and standards for secure data management, secure Semantic Web, secure web services, and secure cloud computing.
Introduction
Overview
Background
Motivation
Our Solutions and Contributions
Outline of the Book
Next Steps
References
Section I: Supporting Technologies
Introduction to Section I
Security and Provenance
Overview
Scalability and Security of Provenance
Access Control Languages and Provenance
Graph Operations and Provenance
Summary and Directions
References
Access Control and Semantic Web
Overview
Access Control
Semantic Web
Semantic Web and Security
Summary and Directions
References
The Inference Problem
Overview
The Inference Problem
Functions of an Inference Controller
Inference Strategies
Security Constraints
Machine Learning and Inference
Our Approach
Historical Perspective
A Note on the Privacy Problem
Summary and Directions
References
Inference Engines
Overview
Concepts for Inference Engines
Software Systems
Summary and Directions
References
Inferencing Examples
Overview
Inference Function
Classification of a Knowledge Base
Inference Strategies and Examples
Approaches to the Inference Problem
Inferences in Provenance
Summary and Directions
References
Cloud Computing Tools and Frameworks
Overview
Cloud Computing Tools
Cloud Computing Framework
RDF Integration
Provenance Integration
Secure Query Processing in a Cloud Environment
The Web Application Layer
The ZQL Parser Layer
The XACML Policy Layer
The Hive Layer
HDFS
Summary and Directions
References
Section I Conclusion
Section II Secure Data Provenance
Introduction to Section II
Scalable and Efficient RBAC for Provenance
Overview
Motivation and Contributions
Unified and Flexible Policies
Supporting Inferences in RBAC
Overview of Our Approach
Extending RBAC to Support Provenance
A Query-Retrieval Process
Example of a Policy Query
Example of a SWRL Rule
Example of a Trace
Output of the Trace
Comment
Experimental Evaluation
Summary and Directions
References
A Language for Provenance Access Control
Overview
Challenges and Drawbacks
Drawbacks of Current Access Control Mechanisms
Policy Language
Solution Based on Regular Expression Queries
Data Representation
Graph Data Model
Provenance Vocabulary
Path Queries
Graph Analysis
Analysis of Digraphs
Composition of Digraphs
Access Control Policy Architecture
Modules in Access Control Policy Architecture
Use Case: Medical Example
Query Templates
Additional Templates
Access Control Example
Prototype
Summary and Directions
References
Transforming Provenance Using Redaction
Overview
Graph Grammar
An Example Graph Transformation Step
Valid Provenance Graph
Discussion
Redaction Policy Architecture
Experiments
Summary and Directions
References
Section II Conclusion
Section III Inference Control
Introduction to Section III
Architecture for an Inference Controller
Overview
Design of an Inference Controller
Modular Design
Policy Processing
Parsing Process
High-Level Policy Translation
DL Rule Assembler
DL Policy Translation
Access Control Policy Assembler
Redaction Policy Assembler
Explanation Service Layer
Summary and Directions
References
Inference Controller Design
Overview
Design Philosophy
Inference Controller Process
Overview of a Query Process
Summary and Directions
References
Provenance Data Representation for Inference Control
Overview
Data Models for the Inference Controller
Separate Stores for Data and Provenance
Summary and Directions
References
Queries with Regular Path Expressions
Overview
Background
Regular Expressions
SPARQL Queries
Summary and Directions
References
Inference Control through Query Modification
Overview
Query Modification with Relational Data
SPARQL Query Modification
Query Modification for Enforcing Constraints
Overview of Query Modification
Graph Transformation of a SPARQL Query BGP
Match Pattern/Apply Pattern
Summary and Directions
References
Inference and Provenance
Overview
Invoking Inference Rules
Approaches to the Inference Problem
Inferences in Provenance
Implicit Information in Provenance
Use Cases of Provenance
Use Case: Who Said That?
Use Case: Cheating Dictator
Processing Rules
Summary and Directions
References
Implementing the Inference Controller
Overview
Implementation Architecture
Provenance in a Health Care Domain
Populating the Provenance Knowledge Base
Generating and Populating the Knowledge Base
Generating Workflows
Policy Management
Supporting Restrictions
Explanation Service Layer
Generators
Selecting Background Information
Background Generator Module
Annotating the Workflow
Generating Workflows
Incomplete Information in the Databases
Use Case: Medical Example
Semantic Associations in the Workflow
Implementing Constraints
Query Modification for Enforcing Constraints
Summary and Directions
References
Section III Conclusion
Section IV Unifying Framework
Introduction to Section IV
Risk and Inference Control
Overview
Risk Model
User’s System
Internal Knowledge Base System
Controller
Adding Provenance
Semantic Framework for Inferences
Ontologies
Rules
Query Logs
Summary and Directions
References
Novel Approaches to Handle the Inference Problem
Overview
Motivation for Novel Approaches
Inductive Inference
Learning by Examples
Security Constraints and Inductive Inference
Probabilistic Deduction
Formulation of the Inference Problem
Probabilistic Calculus
Probabilistic Calculus and Database Security
A Note on Algorithmic Information Theory
Mathematical Programming
Nonmonotonic Reasoning
Inferencing in an MP Environment
Mathematical Programming and Database Security
Game Theory
Noncooperative and Cooperative Games
Query Processing as a Noncooperative Game
Ehrenfeucht–Fraisse Game
Adversarial Mining and Inference
Summary and Directions
References
A Cloud-Based Policy Manager for Assured Information Sharing
Overview
Architecture
Overview
Modules in Our Architecture
User Interface Layer
Policy Engines
Data Layer
Features of Our Policy Engine Framework
Develop and Scale Policies
Justification of Resources
Policy Specification and Enforcement
Cloud-Based Inference Control
Summary and Directions
References
Security and Privacy with Respect to Inference
Introduction
Trust, Privacy, and Confidentiality
Current Successes and Potential Failures
Motivation for a Framework
CPT Framework
Role of the Server
CPT Process
Advanced CPT
Trust, Privacy, and Confidentiality Inference Engines
Confidentiality Management
Privacy Management
Trust Management
Integrated System
Summary and Directions
References
Big Data Analytics and Inference Control
Overview
Big Data Management and Analytics
Security and Privacy for Big Data
Inference Control for Big Data
Summary and Directions
References
Unifying Framework
Overview
Design of Our Framework
Global Inference Controller
Inference Tools
Summary and Directions
References
Summary and Directions
About This Chapter
Summary of the Book
Directions for Secure Data Provenance and Inference Control
Where Do We Go from Here?
Section IV Conclusion
Appendix A: Data Management Systems, Developments, and Trends
Overview
Developments in Database Systems
Status, Vision, and Issues
Data Management Systems Framework
Building Information Systems from the Framework
From Data to Big Data
Relationship between the Texts
Summary and Directions
References
Appendix B: Database Management and Security
Overview
Database Management
Overview
Relational Data Model
Database Management Functions
Query Processing
Transaction Management
Storage Management
Metadata Management
Database Integrity
Distributed Data Management
Discretionary Security
Overview
Access Control Policies
Authorization Policies
RBAC Policies
Administration Policies
SQL Extensions for Security
Query Modification
Other Aspects
Identification and Authentication
Auditing a Database System
Views for Security
MAC
Overview
MAC Policies
Granularity of Classification
Summary and Directions
References
Appendix C: A Perspective of the Inference Problem
Overview
Statistical Database Inference
Approaches to Handling the Inference Problem in an MLS/DBMS
Complexity of the Inference Problem
Summary and Directions
References
Appendix D: Design and Implementation of a Database Inference Controller
Overview
Background
Security Constraints
Approach to Security Constraint Processing
Consistency and Completeness of the Constraints
Design of the Query Processor
Security Policy
Functionality of the Query Processor
Query Modification
Response Processing
Design of the Update Processor
Security Policy
Functionality of the Update Processor
Handling Security Constraints during Database Design
Overview
Security Control Processing and Release Control
Distributed Inference Control
Summary and Directions
References
Index