Secrecy-preserving Query Answering for Instance Checking in EL

We consider the problem of answering queries against a knowledge base (KB) using secrets, whenever it is possible to do so without compromising secrets. We study query answering against EL knowledge bases. We provide a polynomial time algorithm that, given an EL KB Sigma, a set S of secrets to be protected and a query q or the form C(a) or r(a,b), outputs ``Yes\u27\u27 whenever Sigma entails q and the answer to q, together with the answers to any previous queries answered by the KB, does not allow the querying agent to deduce any of the secrets in S. This approach allows more flexible information sharing than is possible with traditional access control mechanisms

Topics in Knowledge Bases: Epistemic Ontologies and Secrecy-preserving Reasoning

Applications of ontologies/knowledge bases (KBs) in many domains (healthcare, national security, intelligence) have become increasingly important. In this dissertation, we focus on developing techniques for answering queries posed to KBs under the open world assumption (OWA). In the first part of this dissertation, we study the problem of query answering in KBs that contain epistemic information, i.e., knowledge of different experts. We study ALCKm, which extends the description logic ALC by adding modal operators of the basic multi-modal logic Km. We develop a sound and complete tableau algorithm for answering ALCKm queries w.r.t. an ALCKm knowledge base with an acyclic TBox. We then consider answering ALCKm queries w.r.t. an ALCKm knowledge base in which the epistemic operators correspond to those of classical multi-modal logic S4m and provide a sound and complete tableau algorithm. Both algorithms can be implemented in PSpace. In the second part, we study problems that allow autonomous entities or organizations (collectively called querying agents) to be able to selectively share information. In this scenario, the KB must make sure its answers are informative but do not disclose sensitive information. Most of the work in this area has focused on access control mechanisms that prohibit access to sensitive information (secrets). However, such an approach can be too restrictive in that it prohibits the use of sensitive information in answering queries against knowledge bases even when it is possible to do so without compromising secrets. We investigate techniques for secrecy-preserving query answering (SPQA) against KBs under the OWA. We consider two scenarios of increasing difficulty: (a) a KB queried by a single agent; and (b) a KB queried by multiple agents where the secrecy policies can differ across the different agents and the agents can selectively communicate the answers that they receive from the KB with each other subject to the applicable answer sharing policies. We consider classes of KBs that are of interest from the standpoint of practical applications (e.g., description logics and Horn KBs). Given a KB and secrets that need to be protected against the querying agent(s), the SPQA problem aims at designing a secrecy-preserving reasoner that answers queries without compromising secrecy under OWA. Whenever truthfully answering a query risks compromising secrets, the reasoner is allowed to hide the answer to the query by feigning ignorance, i.e., answering the query as Unknown . Under the OWA, the querying agent is not able to infer whether an Unknown answer to a query is obtained because of the incomplete information in the KB or because secrecy protection mechanism is being applied. In each scenario, we provide a general framework for the problem. In the single-agent case, we apply the general framework to the description logic EL and provide algorithms for answering queries as informatively as possible without compromising secrecy. In the multiagent case, we extend the general framework for the single-agent case. To model the communication between querying agents, we use a communication graph, a directed acyclic graph (DAG) with self-loops, where each node represents an agent and each edge represents the possibility of information sharing in the direction of the edge. We discuss the relationship between secrecy-preserving reasoners and envelopes (used to protect secrets) and present a special case of the communication graph that helps construct tight envelopes in the sense that removing any information from them will leave some secrets vulnerable. To illustrate our general idea of constructing envelopes, Horn KBs are considered

Table Search Using a Deep Contextualized Language Model

Pretrained contextualized language models such as BERT have achieved impressive results on various natural language processing benchmarks. Benefiting from multiple pretraining tasks and large scale training corpora, pretrained models can capture complex syntactic word relations. In this paper, we use the deep contextualized language model BERT for the task of ad hoc table retrieval. We investigate how to encode table content considering the table structure and input length limit of BERT. We also propose an approach that incorporates features from prior literature on table retrieval and jointly trains them with BERT. In experiments on public datasets, we show that our best approach can outperform the previous state-of-the-art method and BERT baselines with a large margin under different evaluation metrics.Comment: Accepted at SIGIR 2020 (Long

Secrecy-preserving reasoning in simple description logic knowledge bases

In this dissertation, we study the problem of secrecy-preserving query answering (SPQA) against knowledge bases (KBs) under the open world assumption (OWA) - the assumption that typical KBs are incomplete. Protection of secret information is a critical requirement for the design of information systems in semantic web applications. Recently, semantic web technolo- gies are widely used in many application domains like healthcare, bioinformatics, intelligence and national security. So, there is a pressing need for developing robust secret protection mech- anisms suitable for ontology-based information systems. In our work, we use a logical approach to enforce secrecy where the domain knowledge is represented in an appropriate description logic (DL). In particular, to protect secret information we take advantage of OWA. Under OWA, a querying agent cannot distinguish whether a query is being protected or it cannot be inferred from the KB. The central idea in our approach to protect the secret information is to build a logical shield called “envelope” around the confidential information and answers queries correctly as much as possible without compromising the secrecy. We have chosen lightweight DL languages like DL-LiteR and ELH for studying SPQA problem with single querying agent in the first half of this dissertation. We have considered DL-LiteR KB with acyclic TBox and the secrecy set containing both assertional queries and Boolean Conjunctive Queries (BCQs). By computing a suitable envelope, we protect the secrets in the secrecy set. We have used Kleenes 3-valued semantics to prove the correctness of the query answering procedure. We have also performed a detailed analysis of computational complexities of various algorithms used in this dissertation. In ELH logic, we define a secrecy set that contains both assertional and general concept inclusion queries. A new strategy has been employed to construct the SPQA system for the given ELH KB. This includes designing efficient query answering algorithms based on recursive decomposition of queries and have shown that the query answering algorithms are sound and complete, thus providing correctness proof. In the second half of this dissertation, we have studied the SPQA problem in ELH♦ (ELH augmented with modal operator ♦). Given a ELH♦ KB and a finite secrecy set, we compute a SPQA system in the form of a tree, called secrecy-preserving tree. In this case the secrecy set contains only assertions. Since the information available in secrecy-preserving tree is not sufficient to answer all the queries, we further augment the query answering procedure with a recursive procedure. The recursive procedure is based on th idea of breaking the query into smaller assertions all the way until the information in the secrecy-preserving tree can be used

A Semantic Hierarchy for Erasure Policies

We consider the problem of logical data erasure, contrasting with physical erasure in the same way that end-to-end information flow control contrasts with access control. We present a semantic hierarchy for erasure policies, using a possibilistic knowledge-based semantics to define policy satisfaction such that there is an intuitively clear upper bound on what information an erasure policy permits to be retained. Our hierarchy allows a rich class of erasure policies to be expressed, taking account of the power of the attacker, how much information may be retained, and under what conditions it may be retained. While our main aim is to specify erasure policies, the semantic framework allows quite general information-flow policies to be formulated for a variety of semantic notions of secrecy.Comment: 18 pages, ICISS 201

The capacity of symmetric Private information retrieval

Private information retrieval (PIR) is the problem of retrieving as efficiently as possible, one out of K messages from N non-communicating replicated databases (each holds all K messages) while keeping the identity of the desired message index a secret from each individual database. Symmetric PIR (SPIR) is a generalization of PIR to include the requirement that beyond the desired message, the user learns nothing about the other K - 1 messages. The information theoretic capacity of SPIR (equivalently, the reciprocal of minimum download cost) is the maximum number of bits of desired information that can be privately retrieved per bit of downloaded information. We show that the capacity of SPIR is 1-1/N regardless of the number of messages K, if the databases have access to common randomness (not available to the user) that is independent of the messages, in the amount that is at least 1/(N - 1) bits per desired message bit, and zero otherwise

Privacy-Preserving Secret Shared Computations using MapReduce

Data outsourcing allows data owners to keep their data at \emph{untrusted} clouds that do not ensure the privacy of data and/or computations. One useful framework for fault-tolerant data processing in a distributed fashion is MapReduce, which was developed for \emph{trusted} private clouds. This paper presents algorithms for data outsourcing based on Shamir's secret-sharing scheme and for executing privacy-preserving SQL queries such as count, selection including range selection, projection, and join while using MapReduce as an underlying programming model. Our proposed algorithms prevent an adversary from knowing the database or the query while also preventing output-size and access-pattern attacks. Interestingly, our algorithms do not involve the database owner, which only creates and distributes secret-shares once, in answering any query, and hence, the database owner also cannot learn the query. Logically and experimentally, we evaluate the efficiency of the algorithms on the following parameters: (\textit{i}) the number of communication rounds (between a user and a server), (\textit{ii}) the total amount of bit flow (between a user and a server), and (\textit{iii}) the computational load at the user and the server.\BComment: IEEE Transactions on Dependable and Secure Computing, Accepted 01 Aug. 201