动态的RDF数据摘要的访问控制模型Abstract Access Control Model for Dynamic RDF Datasets |
|
课程网址: | http://videolectures.net/dataforum2012_fundulaki_rdf_datasets/ |
主讲教师: | Irini Fundulaki |
开课单位: | 研究与技术基金会 |
开课时间: | 2012-06-12 |
课程语种: | 英语 |
中文简介: | 鉴于Web上可用的敏感RDF数据量不断增加,保证对此内容的安全访问变得越来越重要。当需要考虑RDFS推理规则和三元组访问权限之间的其他依赖关系时,访问控制很复杂;这是必要的,例如,当我们想要将推断的三元组的访问权限与导致前者的含义的访问权限相关联时。强制选择性访问敏感信息的标准方法是使用访问控制标记。不幸的是,这个简单的方案在上面的设置中是有问题的,因为在数据集中的每次更改之后,或者在访问控制标签中,必须重新计算整个数据集的访问权限。为了解决这个问题,我们考虑抽象访问控制模型,它使用抽象令牌和运算符来描述三元组的访问权限。这样,三元组的访问标签是一个复杂的表达式,它编码所述标签的生成方式。这使我们能够准确地知道任何可能的变化的影响,从而避免在更改后完全重新计算标签。我们的方法的另一个副作用是它允许不同的应用程序访问相同的数据同时执行不同的访问控制策略,以及由同一应用程序轻松实验不同的策略。这是通过具体的访问控制策略使用访问标签和操作员的不同具体化来实现的,这些策略用于确定三元组的访问权限。 |
课程简介: | Given the increasing amount of sensitive RDF data available on the Web, it becomes increasingly critical to guarantee secure access to this content. Access control is complicated when RDFS inference rules and other dependencies between access permissions of triples need to be considered; this is necessary, e.g., when we want to associate the access permissions of inferred triples with the access permissions of the ones that contributed to the implication of the former. The standard way to enforce selective access to sensitive information is using access control tags. Unfortunately, this simple scheme is problematic in the above setting, because after every change in the dataset, or in the access control tags, one has to recompute the access permissions for the entire dataset. To address this problem, we consider abstract access control models, which use abstract tokens and operators to describe the access permission of a triple. This way, the access label of a triple is a complex expression that encodes how said label was produced. This allows us to know exactly the effects of any possible change, thereby avoiding a complete recomputation of the labels after a change. An additional side-effect of our approach is that it allows the simultaneous enforcement of different access control policies by different applications accessing the same data, as well as the easy experimentation with different policies by the same application. This is achieved using the different concretization of the access labels and operators through concrete access control policies, that are used to determine the access permissions of triples. |
关 键 词: | 敏感信息; RDF数据; 访问权限 |
课程来源: | 视频讲座网 |
最后编审: | 2020-06-18:zyk |
阅读次数: | 52 |