Secrecy-preserving reasoning in simple description logic knowledge bases

In this dissertation, we study the problem of secrecy-preserving query answering (SPQA) against knowledge bases (KBs) under the open world assumption (OWA) - the assumption that typical KBs are incomplete. Protection of secret information is a critical requirement for the design of information systems in semantic web applications. Recently, semantic web technolo- gies are widely used in many application domains like healthcare, bioinformatics, intelligence and national security. So, there is a pressing need for developing robust secret protection mech- anisms suitable for ontology-based information systems. In our work, we use a logical approach to enforce secrecy where the domain knowledge is represented in an appropriate description logic (DL). In particular, to protect secret information we take advantage of OWA. Under OWA, a querying agent cannot distinguish whether a query is being protected or it cannot be inferred from the KB. The central idea in our approach to protect the secret information is to build a logical shield called “envelope” around the confidential information and answers queries correctly as much as possible without compromising the secrecy. We have chosen lightweight DL languages like DL-LiteR and ELH for studying SPQA problem with single querying agent in the first half of this dissertation. We have considered DL-LiteR KB with acyclic TBox and the secrecy set containing both assertional queries and Boolean Conjunctive Queries (BCQs). By computing a suitable envelope, we protect the secrets in the secrecy set. We have used Kleenes 3-valued semantics to prove the correctness of the query answering procedure. We have also performed a detailed analysis of computational complexities of various algorithms used in this dissertation. In ELH logic, we define a secrecy set that contains both assertional and general concept inclusion queries. A new strategy has been employed to construct the SPQA system for the given ELH KB. This includes designing efficient query answering algorithms based on recursive decomposition of queries and have shown that the query answering algorithms are sound and complete, thus providing correctness proof. In the second half of this dissertation, we have studied the SPQA problem in ELH♦ (ELH augmented with modal operator ♦). Given a ELH♦ KB and a finite secrecy set, we compute a SPQA system in the form of a tree, called secrecy-preserving tree. In this case the secrecy set contains only assertions. Since the information available in secrecy-preserving tree is not sufficient to answer all the queries, we further augment the query answering procedure with a recursive procedure. The recursive procedure is based on th idea of breaking the query into smaller assertions all the way until the information in the secrecy-preserving tree can be used

Detecting and resolving redundancies in EP3P policies

Current regulatory requirements on data privacy make it increasingly important for enterprises to be able to verify and audit their compliance with their privacy policies. Traditionally, a privacy policy is written in a natural language. Such policies inherit the potential ambiguity, inconsistency and mis-interpretation of natural text. Hence, formal languages are emerging to allow a precise specification of enforceable privacy policies that can be verified. The EP3P language is one such formal language. An EP3P privacy policy of an enterprise consists of many rules. Given the semantics of the language, there may exist some rules in the ruleset which can never be used, these rules are referred to as redundant rules. Redundancies adversely affect privacy policies in several ways. Firstly, redundant rules reduce the efficiency of operations on privacy policies. Secondly, they may misdirect the policy auditor when determining the outcome of a policy. Therefore, in order to address these deficiencies it is important to identify and resolve redundancies. This thesis introduces the concept of minimal privacy policy - a policy that is free of redundancy. The essential component for maintaining the minimality of privacy policies is to determine the effects of the rules on each other. Hence, redundancy detection and resolution frameworks are proposed. Pair-wise redundancy detection is the central concept in these frameworks and it suggests a pair-wise comparison of the rules in order to detect redundancies. In addition, the thesis introduces a policy management tool that assists policy auditors in performing several operations on an EP3P privacy policy while maintaining its minimality. Formal results comparing alternative notions of redundancy, and how this would affect the tool, are also presented

Enterprise privacy promises and enforcement

Several formal languages have been proposed to encode privacy policies, ranging from the Platform for Privacy Preferences (P3P), intended for communicating privacy policies to consumers over the web, to the Enterprise Privacy Authorization Language (EPAL), intended to enable policy enforcement within an enterprise. However, current technology does not allow an enterprise to determine whether its detailed, internal enforcement policy meets its published privacy promises. We present a data-centric, unified model for privacy, equipped with a modal logic for reasoning about permission inheritance across data hierarchies. We use this model to critique two privacy preference languages (APPEL and XPref), to justify P3P’s policy summarization algorithm, and to connect privacy policy languages, such as P3P, with privacy policy enforcement languages, such as EPAL. Specifically, we characterize when one policy enforces another and provide an algorithm for generating the most specific privacy promises, at a given level of detail, guaranteed by a more detailed enforcement policy