Privacy-Preserving Ontology Publishing:: The Case of Quantified ABoxes w.r.t. a Static Cycle-Restricted EL TBox: Extended Version

We review our recent work on how to compute optimal repairs, optimal compliant anonymizations, and optimal safe anonymizations of ABoxes containing possibly anonymized individuals. The results can be used both to remove erroneous consequences from a knowledge base and to hide secret information before publication of the knowledge base, while keeping as much as possible of the original information.Updated on August 27, 2021. This is an extended version of an article accepted at DL 2021

Reasoning in Description Logic Ontologies for Privacy Management

A rise in the number of ontologies that are integrated and distributed in numerous application systems may provide the users to access the ontologies with different privileges and purposes. In this situation, preserving confidential information from possible unauthorized disclosures becomes a critical requirement. For instance, in the clinical sciences, unauthorized disclosures of medical information do not only threaten the system but also, most importantly, the patient data. Motivated by this situation, this thesis initially investigates a privacy problem, called the identity problem, where the identity of (anonymous) objects stored in Description Logic ontologies can be revealed or not. Then, we consider this problem in the context of role-based access control to ontologies and extend it to the problem asking if the identity belongs to a set of known individuals of cardinality smaller than the number k. If it is the case that some confidential information of persons, such as their identity, their relationships or their other properties, can be deduced from an ontology, which implies that some privacy policy is not fulfilled, then one needs to repair this ontology such that the modified one complies with the policies and preserves the information from the original ontology as much as possible. The repair mechanism we provide is called gentle repair and performed via axiom weakening instead of axiom deletion which was commonly used in classical approaches of ontology repair. However, policy compliance itself is not enough if there is a possible attacker that can obtain relevant information from other sources, which together with the modified ontology still violates the privacy policies. Safety property is proposed to alleviate this issue and we investigate this in the context of privacy-preserving ontology publishing. Inference procedures to solve those privacy problems and additional investigations on the complexity of the procedures, as well as the worst-case complexity of the problems, become the main contributions of this thesis.:1. Introduction 1.1 Description Logics 1.2 Detecting Privacy Breaches in Information System 1.3 Repairing Information Systems 1.4 Privacy-Preserving Data Publishing 1.5 Outline and Contribution of the Thesis 2. Preliminaries 2.1 Description Logic ALC 2.1.1 Reasoning in ALC Ontologies 2.1.2 Relationship with First-Order Logic 2.1.3. Fragments of ALC 2.2 Description Logic EL 2.3 The Complexity of Reasoning Problems in DLs 3. The Identity Problem and Its Variants in Description Logic Ontologies 3.1 The Identity Problem 3.1.1 Description Logics with Equality Power 3.1.2 The Complexity of the Identity Problem 3.2 The View-Based Identity Problem 3.3 The k-Hiding Problem 3.3.1 Upper Bounds 3.3.2 Lower Bound 4. Repairing Description Logic Ontologies 4.1 Repairing Ontologies 4.2 Gentle Repairs 4.3 Weakening Relations 4.4 Weakening Relations for EL Axioms 4.4.1 Generalizing the Right-Hand Sides of GCIs 4.4.2 Syntactic Generalizations 4.5 Weakening Relations for ALC Axioms 4.5.1 Generalizations and Specializations in ALC w.r.t. Role Depth 4.5.2 Syntactical Generalizations and Specializations in ALC 5. Privacy-Preserving Ontology Publishing for EL Instance Stores 5.1 Formalizing Sensitive Information in EL Instance Stores 5.2 Computing Optimal Compliant Generalizations 5.3 Computing Optimal Safe^{\exists} Generalizations 5.4 Deciding Optimality^{\exists} in EL Instance Stores 5.5 Characterizing Safety^{\forall} 5.6 Optimal P-safe^{\forall} Generalizations 5.7 Characterizing Safety^{\forall\exists} and Optimality^{\forall\exists} 6. Privacy-Preserving Ontology Publishing for EL ABoxes 6.1 Logical Entailments in EL ABoxes with Anonymous Individuals 6.2 Anonymizing EL ABoxes 6.3 Formalizing Sensitive Information in EL ABoxes 6.4 Compliance and Safety for EL ABoxes 6.5 Optimal Anonymizers 7. Conclusion 7.1 Main Results 7.2 Future Work Bibliograph

Computing Safe Anonymisations of Quantified ABoxes w.r.t. EL Policies: Extended Version

In recent work, we have shown how to compute compliant anonymizations of quantified ABoxes w.r.t. EL policies. In this setting, quantified ABoxes can be used to publish information about individuals, some of which are anonymized. The policy is given by concepts of the Description Logic (DL) EL, and compliance means that one cannot derive from the ABox that some non-anonymized individual is an instance of a policy concept. If one assumes that a possible attacker could have additional knowledge about some of the involved non-anonymized individuals, then compliance with a policy is not sufficient. One wants to ensure that the quantified ABox is safe in the sense that none of the secret instance information is revealed, even if the attacker has additional compliant knowledge. In the present paper, we show that safety can be decided in polynomial time, and that the unique optimal safe anonymization of a non-safe quantified ABox can be computed in exponential time, provided that the policy consists of a single EL concept.This is an extended version of an article published in: Proceedings of the 36th ACM/SIGAPP Symposium on Applied Computing (SAC ’21), AC

Data Spaces

This open access book aims to educate data space designers to understand what is required to create a successful data space. It explores cutting-edge theory, technologies, methodologies, and best practices for data spaces for both industrial and personal data and provides the reader with a basis for understanding the design, deployment, and future directions of data spaces. The book captures the early lessons and experience in creating data spaces. It arranges these contributions into three parts covering design, deployment, and future directions respectively. The first part explores the design space of data spaces. The single chapters detail the organisational design for data spaces, data platforms, data governance federated learning, personal data sharing, data marketplaces, and hybrid artificial intelligence for data spaces. The second part describes the use of data spaces within real-world deployments. Its chapters are co-authored with industry experts and include case studies of data spaces in sectors including industry 4.0, food safety, FinTech, health care, and energy. The third and final part details future directions for data spaces, including challenges and opportunities for common European data spaces and privacy-preserving techniques for trustworthy data sharing. The book is of interest to two primary audiences: first, researchers interested in data management and data sharing, and second, practitioners and industry experts engaged in data-driven systems where the sharing and exchange of data within an ecosystem are critical

Formalizing Problem Solving in Computational Thinking : an Ontology approach

International audienceWe introduce the idea of a symbolic description of a complex human learning task, in order to contribute to better understand how we learn. The learner is modeled on the basis of knowledge from learning sciences with the contribution of cognitive neurosciences, including machine learning formalism, in the very precise framework of a task, named #CreaCube reviewed here, related to initiation to computational thinking presented as an open-ended problem, which involves solving a problem and appealing to creativity. We target problem-solving tasks using tangible interfaces for computational thinking initiation, and describe in details how we model the task and the learner behavior in this task, including goal-driven versus stimulus-driven behavior and the learner knowledge construction. We show how formalizing these elements using an ontology offers a well-defined computational model and the possibility of inferences about model elements, analyzing and predicting the learner behavior. This operationalization of a creative problem-solving task is still at a preliminary stage, but an effective proof of concept is described in this study

Parasitic Order Machine. A Sociology and Ontology of Information Securing

This study examines information security as a process (information securing) in terms of what it does, especially beyond its obvious role of protector. It investigates concepts related to ‘ontology of becoming’, and examines what it is that information securing produces. The research is theory driven and draws upon three fields: sociology (especially actor-network theory), philosophy (especially Gilles Deleuze and Félix Guattari’s concept of ‘machine’, ‘territory’ and ‘becoming’, and Michel Serres’s concept of ‘parasite’), and information systems science (the subject of information security). Social engineering (used here in the sense of breaking into systems through non-technical means) and software cracker groups (groups which remove copy protection systems from software) are analysed as examples of breaches of information security. Firstly, the study finds that information securing is always interruptive: every entity (regardless of whether or not it is malicious) that becomes connected to information security is interrupted. Furthermore, every entity changes, becomes different, as it makes a connection with information security (ontology of becoming). Moreover, information security organizes entities into different territories. However, the territories – the insides and outsides of information systems – are ontologically similar; the only difference is in the order of the territories, not in the ontological status of entities that inhabit the territories. In other words, malicious software is ontologically similar to benign software; they both are users in terms of a system. The difference is based on the order of the system and users: who uses the system and what the system is used for. Secondly, the research shows that information security is always external (in the terms of this study it is a ‘parasite’) to the information system that it protects. Information securing creates and maintains order while simultaneously disrupting the existing order of the system that it protects. For example, in terms of software itself, the implementation of a copy protection system is an entirely external addition. In fact, this parasitic addition makes software different. Thus, information security disrupts that which it is supposed to defend from disruption. Finally, it is asserted that, in its interruption, information security is a connector that creates passages; it connects users to systems while also creating its own threats. For example, copy protection systems invite crackers and information security policies entice social engineers to use and exploit information security techniques in a novel manner.Parasiittinen järjestyskone – tietoturvaamisen sosiologia ja ontologia Tämä tutkimus tarkastelee tietoturvaa prosessina eli tietoturvaamisena. Se keskittyy erityisesti kysymykseen siitä, mitä muuta tietoturva tekee kuin suojaa. Tutkimus ponnistaa ”tulemisen ontologiasta” ja sen käsitteistä ja ruotii, mitä tietoturva toimiessaan tuottaa. Tutkimus ammentaa kolmesta eri tieteen haarasta: sosiologiasta (erityisesti toimijaverkostoteoriasta), filosofiasta (erityisesti Gilles Deleuzen ja Félix Guattarin koneen, territorion ja tulemisen käsitteistä sekä Michel Serresin parasiitin käsitteestä) ja tietojärjestelmätieteestä, josta väitöstutkimuksen kohde juontaa juurensa. Sosiaalista hakkerointia ja ohjelmistomurtajia – kräkkereitä – analysoidaan tietoturvan murtumisen esimerkkeinä. Yhtenä olennaisimmista tutkimustuloksista on, että tietoturva on itsessään aina keskeyttävää ja häiritsevää: tietoturva analysoi ja näin keskeyttää jokaisen sen kanssa kosketuksiin tulevan entiteetin siitä huolimatta, oli kyseinen entiteetti sitten haitallinen tai ei. Tämän väliintulon seurauksena entiteetistä tulee aina erilainen (tulemisen ontologia). Tietoturvaaminen pyrkii järjestämään suojeltavat ja suojelevat entiteetit erilaisiksi hallittaviksi alueiksi, territorioiksi. Tietojärjestelmien alueet (esimerkiksi järjestelmän järjestetty sisäpuoli ja järjestämätön ulkopuoli) ovat kuitenkin ontologisesti samantasoisia. Ainoa ero territorioiden välille syntyy siitä, miten ne ovat järjestettyjä. Toisin sanoen haittaohjelmat ovat samanlaisia kuin hyötyohjelmatkin – molemmat käyttävät järjestelmää. Ainoa ero muodostuu niiden suhteesta järjestykseen. Kyse on siis siitä, kuka käyttää järjestelmää ja mihin tarkoitukseen. Toiseksi tutkimus osoittaa, että tietoturva on aina ulkopuolinen lisä suhteessa suojattavaan järjestelmään (näin tietoturvaa voidaan serresläisittäin kutsua parasiitiksi). Kun tietoturvaaminen luo suojaa järjestämisen kautta ja kun se yrittää ylläpitää järjestystä, se tulee luoneeksi suojeltavalle järjestelmälle uuden järjestyksen, joka rikkoo aiemmin olemassa olleen järjestyksen. Esimerkiksi kopiosuojaus on suojattavalle ohjelmistolle täysin ulkoinen tekijä. Kun kopiosuojaus lisätään järjestelmään, siitä tulee erilainen. Näin tietoturva, jonka pitäisi olla häiriöiden poistaja, häiritseekin itse suojattiaan. Tutkimus väittää, että tiedon turvaaminen keskeyttämisineenkin luo yhteyksiä. Esimerkiksi tietoturva yhdistää käyttäjät järjestelmiinsä, mutta se luo samoin myös omat uhkansa. Esimerkiksi kopiosuojaus kutsuu luoksensa kräkkereitä ja tietoturvapolitiikat houkuttelevat sosiaalisia hakkereita. Molemmat, kräkkerit ja hakkerit, keksivät tietoturvalle uuden käyttötavan.Siirretty Doriast

28th International Symposium on Temporal Representation and Reasoning (TIME 2021)

The 28th International Symposium on Temporal Representation and Reasoning (TIME 2021) was planned to take place in Klagenfurt, Austria, but had to move to an online conference due to the insecurities and restrictions caused by the pandemic. Since its frst edition in 1994, TIME Symposium is quite unique in the panorama of the scientifc conferences as its main goal is to bring together researchers from distinct research areas involving the management and representation of temporal data as well as the reasoning about temporal aspects of information. Moreover, TIME Symposium aims to bridge theoretical and applied research, as well as to serve as an interdisciplinary forum for exchange among researchers from the areas of artifcial intelligence, database management, logic and verifcation, and beyond

Data Spaces

This open access book aims to educate data space designers to understand what is required to create a successful data space. It explores cutting-edge theory, technologies, methodologies, and best practices for data spaces for both industrial and personal data and provides the reader with a basis for understanding the design, deployment, and future directions of data spaces. The book captures the early lessons and experience in creating data spaces. It arranges these contributions into three parts covering design, deployment, and future directions respectively. The first part explores the design space of data spaces. The single chapters detail the organisational design for data spaces, data platforms, data governance federated learning, personal data sharing, data marketplaces, and hybrid artificial intelligence for data spaces. The second part describes the use of data spaces within real-world deployments. Its chapters are co-authored with industry experts and include case studies of data spaces in sectors including industry 4.0, food safety, FinTech, health care, and energy. The third and final part details future directions for data spaces, including challenges and opportunities for common European data spaces and privacy-preserving techniques for trustworthy data sharing. The book is of interest to two primary audiences: first, researchers interested in data management and data sharing, and second, practitioners and industry experts engaged in data-driven systems where the sharing and exchange of data within an ecosystem are critical