Ubiquitous Access Control for SPARQL Endpoints: Lessons Learned and Future Challenges

International audienceWe present and evaluate a context-aware access control framework for SPARQL endpoints queried from mobile

Social Network Analysis on Educational Data Set in RDF Format

The increased usage of information technologies in educational tasks resulted in high volume of data, exploited to build analytical systems that can provide practical insight in the learning process. In this paper, we propose a method of running social network analysis on multiple data sources (academic years, communication tools). To achieve this, the collected data that describe social interactions were converted into a common format by employing a prior developed semantic web educational ontology. Using a mapping language the relational data set was linked to the appropriate concepts defined in the ontology and then it was exported in RDF format. The means for SPARQL access was also provided. Subsequently, query patterns were defined for different social interactions in the educational platform. To prove the feasibility of this approach, Gephi tool set was used to run SNA (Social Network Analysis) on data obtained with the SPARQL queries. The added value of this research lies in the potential of this method to simplify running social network analysis on multiple data sets, on a specific course or the entire academic year, by simply modifying the query pattern

Context-Aware Access Control for RDF Graph Stores

International audienceWe present SHI3LD, an access control framework for RDF stores. Our solution supports access from mobile devices with context-aware policies and is exclusively grounded on stan- dard Semantic Web languages. Designed as a pluggable filter for generic SPARQL endpoints, the module uses RDF named graphs and SPARQL to protect triples. Evaluation shows faster execution time for low-selective queries and less impact on larger datastores

Linked Data Access Goes Mobile: Context-Aware Authorization for Graph Stores

International audienceTo encourage data providers to publish a maximum of data on the Web, we propose a mechanism to define lightweight access control policies for graph stores. Influenced by the steep growth of the mobile web, our Linked Data access control framework features context-aware control policies. The proposed framework is exclusively grounded on standard Semantic Web languages. The framework architecture is designed as a pluggable filter for generic SPARQL endpoints, and it has been evaluated on a test dataset

Challenges and Opportunities in Applying Semantics to Improve Access Control in the Field of Internet of Things

The increased number of IoT devices results in continuously generated massive amounts of raw data. Parts of this data are private and highly sensitive as they reflect owner’s behavior, obligations, habits, and preferences. In this paper, we point out that flexible and comprehensive access control policies are “a must” in the IoT domain. The Semantic Web technologies can address many of the challenges that the IoT access control is facing with today. Therefore, we analyze the current state of the art in this area and identify the challenges and opportunities for improved access control in a semantically enriched IoT environment. Applying semantics to IoT access control opens a lot of opportunities, such as semantic inference and reasoning, easy data sharing, data trading, new approaches to authentication, security policies based on a natural language and enhances the interoperability using a common ontology

Social Semantic Network-Based Access Control

International audienceSocial networks are the basis of the so called Web 2.0, raising many new challenges to the research community. In particular, the ability of these networks to allow the users to share their own personal information with other people opens new issues concerning privacy and access control. Nowadays the Web has further evolved into the Social Semantic Web where social networks are integrated and enhanced by the use of semantic conceptual models, e.g., the ontologies, where the social information and links among the users become semantic information and links. In this paper, we discuss which are the benefits of introducing semantics in social network-based access control. In particular, we analyze and detail two approaches to manage the access rights of the social network users relying on Semantic Web languages only, and we highlight, thanks to these two proposals, what are pros and cons of introducing semantics in social networks access control. Finally, we report on the other existing approaches coupling semantics and access control in the context of social networks

Älykäs tunnistauminen ja käyttöoikeuksien hallinta monimuotoisessa verkotetussa maailmassa

Our living environments are full of various connected computing devices. These environments in homes, offices, public spaces, transportation etc. are gaining abilities to acquire and apply knowledge about the environment and its users in order to improve users' experience in that environment. However, before smart adaptive solutions can be deployed in critical applications, authentication and authorization mechanisms are needed to provide protection against various security threats. These mechanisms must be able to interoperate and share information with different devices. The thesis focuses to questions on how to facilitate the interoperability of authentication and authorization solutions and how to enable adaptability and smartness of these solutions. To address questions, this thesis explores existing authentication and authorizations solutions. Then the thesis builds new reusable, interoperable, and adaptive security solutions. The smart space concept, based on semantic web technologies and publish-and-subscribe architecture, is recognized as a prominent approach for interoperability. We contribute by proposing solutions, which facilitate implementation of smart access control applications. An essential enabler for smart spaces is a secure platform for information sharing. This platform can be based on various security protocols and frameworks, providing diverse security levels. We survey security-levels and feasibility of some key establishment protocols and solutions for authentication and authorization. We also study ecosystem and adaptation issues as well as design and implement a fine-grained and context-based reusable security model, which enables development of self-configuring and adaptive authorization solutions.Ympäristöt, joissa elämme, ovat täynnä erilaisia verkkolaitteita. Nämä koteihin, toimistoihin, julkisiin tiloihin ja ajoneuvoihin muodostuvat ympäristöt ovat oppimassa hyödyntämään ympäriltä saatavilla olevaa tietoa ja sopeuttamaan toimintaansa parantaakseen käyttäjän kokemusta näistä ympäristössä. Älykkäiden ja sopeutuvien tilojen käyttöönotto kriittisissä sovelluksissa vaatii kuitenkin tunnistautumis- ja käyttöoikeuksien hallintamenetelmiä tietoturvauhkien torjumiseksi. Näiden menetelmien pitää pystyä yhteistoimintaan ja mahdollistaa tiedonvaihto erilaisten laitteiden kanssa. Tämä lisensiaatin tutkimus keskittyy kysymyksiin, kuinka helpottaa tunnistautumis- ja käyttöoikeusratkaisujen yhteensopivuutta ja kuinka mahdollistaa näiden ratkaisujen sopeutumiskyky ja älykäs toiminta. Tutkimuksessa tarkastellaan olemassa olevia menetelmiä. Tämän jälkeen kuvataan toteutuksia uusista tietoturvaratkaisuista, jotka ovat uudelleenkäytettäviä, eri laitteiden kanssa yhteensopivia ja eri vaatimuksiin mukautuvia. Älytilat, jotka perustuvat semanttisten web teknologioiden ja julkaise-ja-tilaa arkkitehtuurin hyödyntämiseen, tunnistetaan työssä lupaavaksi yhteensopivuuden tuovaksi ratkaisuksi. Tutkimus esittää ratkaisuja, jotka helpottavat älykkäiden tunnistautumis- ja käyttöoikeuksien hallintaratkaisujen kehitystä. Oleellinen yhteensopivuuden mahdollistaja on tietoturvallinen yhteensopivuusalusta. Tämä alusta voi perustua erilaisiin avaintenhallinta ja tunnistautumisprotokolliin sekä käyttöoikeuksien hallintakehyksiin. Tutkimuksessa arvioidaan joidenkin olemassa olevien ratkaisujen käytettävyyttä ja tietoturvatasoa. Tutkimuksessa myös tutkitaan ekosysteemi- ja sopeutumiskysymyksiä sekä toteutetaan hienojakoinen ja kontekstiin perustuva uudelleen käytettävä tietoturvamalli, joka mahdollistaa itsesääntyvien ja mukautuvien käyttöoikeuksien hallinta sovellusten toteuttamisen

OPTIMIZATION OF NONSTANDARD REASONING SERVICES

The increasing adoption of semantic technologies and the corresponding increasing complexity of application requirements are motivating extensions to the standard reasoning paradigms and services supported by such technologies. This thesis focuses on two of such extensions: nonmonotonic reasoning and inference-proof access control. Expressing knowledge via general rules that admit exceptions is an approach that has been commonly adopted for centuries in areas such as law and science, and more recently in object-oriented programming and computer security. The experiences in developing complex biomedical knowledge bases reported in the literature show that a direct support to defeasible properties and exceptions would be of great help. On the other hand, there is ample evidence of the need for knowledge confidentiality measures. Ontology languages and Linked Open Data are increasingly being used to encode the private knowledge of companies and public organizations. Semantic Web techniques facilitate merging different sources of knowledge and extract implicit information, thereby putting at risk security and the privacy of individuals. But the same reasoning capabilities can be exploited to protect the confidentiality of knowledge. Both nonmonotonic inference and secure knowledge base access rely on nonstandard reasoning procedures. The design and realization of these algorithms in a scalable way (appropriate to the ever-increasing size of ontologies and knowledge bases) is carried out by means of a diversified range of optimization techniques such as appropriate module extraction and incremental reasoning. Extensive experimental evaluation shows the efficiency of the developed optimization techniques: (i) for the first time performance compatible with real-time reasoning is obtained for large nonmonotonic ontologies, while (ii) the secure ontology access control proves to be already compatible with practical use in the e-health application scenario.