With an ever-increasing amount of information on the web, it is critical to understand the pedigree, quality, and accuracy of your data. Using provenance, you can ascertain the quality of data based on its ancestral data and derivations, track back to sources of errors, allow automatic re-enactment of derivations to update data, and provide attribution of the data source. Secure Data Provenance and Inference Control with Semantic Web supplies step-by-step instructions on how to secure the provenance of your data to make sure it is safe from inference attacks. It details the design and implementation of a policy engine for provenance of data and presents case studies that illustrate solutions in a typical distributed health care system for hospitals. Although the case studies describe solutions in the health care domain, you can easily apply the methods presented in the book to a range of other domains. The book describes the design and implementation of a policy engine for provenance and demonstrates the use of Semantic Web technologies and cloud computing technologies to enhance the scalability of solutions.
It covers Semantic Web technologies for the representation and reasoning of the provenance of the data and provides a unifying framework for securing provenance that can help to address the various criteria of your information systems. Illustrating key concepts and practical techniques, the book considers cloud computing technologies that can enhance the scalability of solutions. After reading this book you will be better prepared to keep up with the on-going development of the prototypes, products, tools, and standards for secure data management, secure Semantic Web, secure web services, and secure cloud computing.
Introduction Overview Background Motivation Our Solutions and Contributions Outline of the Book Next Steps References Section I: Supporting Technologies Introduction to Section I Security and Provenance Overview Scalability and Security of Provenance Access Control Languages and Provenance Graph Operations and Provenance Summary and Directions References Access Control and Semantic Web Overview Access Control Semantic Web Semantic Web and Security Summary and Directions References The Inference Problem Overview The Inference Problem Functions of an Inference Controller Inference Strategies Security Constraints Machine Learning and Inference Our Approach Historical Perspective A Note on the Privacy Problem Summary and Directions References Inference Engines Overview Concepts for Inference Engines Software Systems Summary and Directions References Inferencing Examples Overview Inference Function Classification of a Knowledge Base Inference Strategies and Examples Approaches to the Inference Problem Inferences in Provenance Summary and Directions References Cloud Computing Tools and Frameworks Overview Cloud Computing Tools Cloud Computing Framework RDF Integration Provenance Integration Secure Query Processing in a Cloud Environment The Web Application Layer The ZQL Parser Layer The XACML Policy Layer The Hive Layer HDFS Summary and Directions References Section I Conclusion Section II Secure Data Provenance Introduction to Section II Scalable and Efficient RBAC for Provenance Overview Motivation and Contributions Unified and Flexible Policies Supporting Inferences in RBAC Overview of Our Approach Extending RBAC to Support Provenance A Query-Retrieval Process Example of a Policy Query Example of a SWRL Rule Example of a Trace Output of the Trace Comment Experimental Evaluation Summary and Directions References A Language for Provenance Access Control Overview Challenges and Drawbacks Drawbacks of Current Access Control Mechanisms Policy Language Solution Based on Regular Expression Queries Data Representation Graph Data Model Provenance Vocabulary Path Queries Graph Analysis Analysis of Digraphs Composition of Digraphs Access Control Policy Architecture Modules in Access Control Policy Architecture Use Case: Medical Example Query Templates Additional Templates Access Control Example Prototype Summary and Directions References Transforming Provenance Using Redaction Overview Graph Grammar An Example Graph Transformation Step Valid Provenance Graph Discussion Redaction Policy Architecture Experiments Summary and Directions References Section II Conclusion Section III Inference Control Introduction to Section III Architecture for an Inference Controller Overview Design of an Inference Controller Modular Design Policy Processing Parsing Process High-Level Policy Translation DL Rule Assembler DL Policy Translation Access Control Policy Assembler Redaction Policy Assembler Explanation Service Layer Summary and Directions References Inference Controller Design Overview Design Philosophy Inference Controller Process Overview of a Query Process Summary and Directions References Provenance Data Representation for Inference Control Overview Data Models for the Inference Controller Separate Stores for Data and Provenance Summary and Directions References Queries with Regular Path Expressions Overview Background Regular Expressions SPARQL Queries Summary and Directions References Inference Control through Query Modification Overview Query Modification with Relational Data SPARQL Query Modification Query Modification for Enforcing Constraints Overview of Query Modification Graph Transformation of a SPARQL Query BGP Match Pattern/Apply Pattern Summary and Directions References Inference and Provenance Overview Invoking Inference Rules Approaches to the Inference Problem Inferences in Provenance Implicit Information in Provenance Use Cases of Provenance Use Case: Who Said That? Use Case: Cheating Dictator Processing Rules Summary and Directions References Implementing the Inference Controller Overview Implementation Architecture Provenance in a Health Care Domain Populating the Provenance Knowledge Base Generating and Populating the Knowledge Base Generating Workflows Policy Management Supporting Restrictions Explanation Service Layer Generators Selecting Background Information Background Generator Module Annotating the Workflow Generating Workflows Incomplete Information in the Databases Use Case: Medical Example Semantic Associations in the Workflow Implementing Constraints Query Modification for Enforcing Constraints Summary and Directions References Section III Conclusion Section IV Unifying Framework Introduction to Section IV Risk and Inference Control Overview Risk Model User's System Internal Knowledge Base System Controller Adding Provenance Semantic Framework for Inferences Ontologies Rules Query Logs Summary and Directions References Novel Approaches to Handle the Inference Problem Overview Motivation for Novel Approaches Inductive Inference Learning by Examples Security Constraints and Inductive Inference Probabilistic Deduction Formulation of the Inference Problem Probabilistic Calculus Probabilistic Calculus and Database Security A Note on Algorithmic Information Theory Mathematical Programming Nonmonotonic Reasoning Inferencing in an MP Environment Mathematical Programming and Database Security Game Theory Noncooperative and Cooperative Games Query Processing as a Noncooperative Game Ehrenfeucht-Fraisse Game Adversarial Mining and Inference Summary and Directions References A Cloud-Based Policy Manager for Assured Information Sharing Overview Architecture Overview Modules in Our Architecture User Interface Layer Policy Engines Data Layer Features of Our Policy Engine Framework Develop and Scale Policies Justification of Resources Policy Specification and Enforcement Cloud-Based Inference Control Summary and Directions References Security and Privacy with Respect to Inference Introduction Trust, Privacy, and Confidentiality Current Successes and Potential Failures Motivation for a Framework CPT Framework Role of the Server CPT Process Advanced CPT Trust, Privacy, and Confidentiality Inference Engines Confidentiality Management Privacy Management Trust Management Integrated System Summary and Directions References Big Data Analytics and Inference Control Overview Big Data Management and Analytics Security and Privacy for Big Data Inference Control for Big Data Summary and Directions References Unifying Framework Overview Design of Our Framework Global Inference Controller Inference Tools Summary and Directions References Summary and Directions About This Chapter Summary of the Book Directions for Secure Data Provenance and Inference Control Where Do We Go from Here? Section IV Conclusion Appendix A: Data Management Systems, Developments, and Trends Overview Developments in Database Systems Status, Vision, and Issues Data Management Systems Framework Building Information Systems from the Framework From Data to Big Data Relationship between the Texts Summary and Directions References Appendix B: Database Management and Security Overview Database Management Overview Relational Data Model Database Management Functions Query Processing Transaction Management Storage Management Metadata Management Database Integrity Distributed Data Management Discretionary Security Overview Access Control Policies Authorization Policies RBAC Policies Administration Policies SQL Extensions for Security Query Modification Other Aspects Identification and Authentication Auditing a Database System Views for Security MAC Overview MAC Policies Granularity of Classification Summary and Directions References Appendix C: A Perspective of the Inference Problem Overview Statistical Database Inference Approaches to Handling the Inference Problem in an MLS/DBMS Complexity of the Inference Problem Summary and Directions References Appendix D: Design and Implementation of a Database Inference Controller Overview Background Security Constraints Approach to Security Constraint Processing Consistency and Completeness of the Constraints Design of the Query Processor Security Policy Functionality of the Query Processor Query Modification Response Processing Design of the Update Processor Security Policy Functionality of the Update Processor Handling Security Constraints during Database Design Overview Security Control Processing and Release Control Distributed Inference Control Summary and Directions References Index