Faculty of Computer Science Institute of Theoretical Computer Science, Chair of Automata Theory Martin Knechtel Access Restrictions to and with Description Logic Web Ontologies Access Restrictions to and with Description Logic Web Ontologies Dissertation zur Erlangung des akademischen Grades Doktoringenieur (Dr.-Ing.) vorgelegt an der Technischen Universität Dresden Fakultät Informatik eingereicht von Dipl.-Ing. Martin Knechtel geboren am 21. Juli 1982 in Dresden verteidigt am 10. Dezember 2010 Gutachter: Prof. Dr.-Ing. Franz Baader, Technische Universität Dresden Prof. Dr. Heiner Stuckenschmidt, Universität Mannheim Dresden im Dezember 2010 To those who inspired me. Abstract Access restrictions are essential in standard information systems and became an issue for ontologies in the following two aspects. Ontologies can represent explicit and im- plicit knowledge about an access policy. For this aspect we provided a methodology to represent and systematically complete role-based access control policies. Orthogonally, an ontology might be available for limited reading access. Independently of a specific ontology language or reasoner, we provided a lattice-based framework to assign labels to an ontology’s axioms and consequences. We looked at the problems to compute and repair one or multiple consequence labels and to assign a query-based access restric- tion. An empirical evaluation has shown that the algorithms perform well in practical scenarios with large-scale ontologies. vii Contents List of Algorithms xi List of Figures xiv List of Tables xv List of Acronyms xvii 1Introduction 1 1.1 Access Restrictions to and with Description Logic Web Ontologies . 2 1.2 Case Study: Access Restricted Semantic Product Documentation . 4 1.3 Requirements ................................ 6 1.4 ResearchQuestions............................. 10 1.5 ArchitectureandDissertationOutline . 11 2Preliminaries 17 2.1 Knowledge Representation with Description Logics . 17 2.2 Lattices and Formal Concept Analysis . 25 2.3 AccessControl ............................... 31 2.4 Inference Control . 35 3 Representing and Completing Role-Based Access Control Policies 37 3.1 Representing an RBAC Policy with Object Class Hierarchy in DL . 38 3.1.1 ExistingApproaches . 38 3.1.2 Extending RBAC by an Object Class Hierarchy . 40 3.1.3 An Improved DL Representation of RBAC-CH . 41 3.1.4 Computing the RBAC-CH Matrix for an RBAC-CH Policy . 42 3.2 Policy Completion Starting From an RBAC Matrix . 44 3.2.1 The RBAC Matrix as Formal Context . 45 ix 3.2.2 Expressing the Formal Context by GCIs . 48 3.2.3 AttributeExplorationforRBACMatrices . 50 3.2.4 Evaluation of the Approach for a Real-Life-Example . 54 3.3 Reusing Role and Object Class Hierarchy at Policy Completion . 56 3.4 Conclusions of the Chapter . 58 4 Access Restrictions to Explicit and Implicit Knowledge 61 4.1 Access Restrictions to Explicit Knowledge . 61 4.2 Access Restrictions to Implicit Knowledge . 62 4.2.1 ApplicableOntologyLanguages . 64 4.2.2 Sub-OntologiesandLabels. 64 4.2.3 RestrictionstoUserLabels . 65 4.2.4 Computing a Consequence’s Label . 67 4.3 Repairing Access Restrictions to a Consequence . 76 4.3.1 Modifying a Consequence’s Label . 77 4.3.2 ComputingaSmallestChangeSet . 80 4.4 Conclusions of the Chapter . 86 5 User Support to Assign Access Restrictions to Ontology Axioms 89 5.1 Document-Based Access Restrictions . 90 5.2 Query-Based Access Restrictions . 91 5.2.1 Access Restrictions as Queries . 92 5.2.2 Query Rewriting vs. Label Filtering . 93 5.2.3 Repairing Access Restrictions to Multiple Consequences . 94 5.2.4 ConflictResolution......................... 99 5.3 Conclusions of the Chapter . 100 6EmpiricalEvaluation 103 6.1 TestDataandTestEnvironment . 103 6.2 ExperimentalResults............................ 107 6.2.1 Access Restrictions to Implicit Knowledge . 107 6.2.2 Repairing Access Restrictions to Implicit Knowledge . 113 6.2.3 Query-Based Access Restrictions . 114 6.3 Conclusions of the Chapter . 117 7 Conclusions 121 7.1 DiscussionofAchievedResults . 121 7.1.1 Representing and Completing RBAC Policies . 122 7.1.2 Access Restrictions to Explicit and Implicit Knowledge . 123 7.1.3 User Support to Assign Access Restrictions to Ontology Axioms 124 7.1.4 EmpiricalEvaluation. 125 7.2 DirectionsforFutureWork . 126 Bibliography 129 List of Algorithms 4.1 ComputeaminimallabelsetofoneMinA . 70 4.2 ComputeaboundarybyaHSTalgorithm . 71 4.3 Computeaboundarybybinarysearch.. 75 4.4 Computea(partial)IAS. 82 4.5 Computea(partial)RAS ......................... 82 4.6 Computea(partial)MinCS . 83 4.7 ComputeasmallestCSbyaHSTalgorithm . 84 5.1 Computea(partial)cMCS. 97 5.2 ComputeasmallestMCSbyaHSTalgorithm. 98 5.3 ComputeasmallestRMCSbyaHSTalgorithm. 100 xi List of Figures 1.1 Access restricted semantic document store . 3 1.2 User roles with permission inheritance relation . 6 1.3 Lattice with 4 user labels and an assignment of 5 axioms to labels . 7 1.4 Userstories ................................. 8 1.5 Distribution of product knowledge across security domains . 9 1.6 User dependent responses to one and the same query . 9 1.7 Architecture of an access restricted semantic document store . 12 2.1 AnexampleSemanticNetwork . 19 2.2 Basic architecture of a DL system interacting with an application . 20 2.3 A lattice . 27 2.4 A context for 6 digital cameras and its concept lattice . 28 2.5 Acontextforsomenaturalnumbers . 31 2.6 A context for natural numbers and its concept lattice . 31 3.1 Workflow for representing an RBAC-CH policy . 39 3.2 RBAC.................................... 41 3.3 RBAC with Object Class Hierarchy . 41 3.4 Subsumption hierarchy of user role concepts and object class concepts 43 3.5 Workflow for representing and completing an RBAC policy . 45 mayRead 3.6 Concept lattice for context KR,D and an extension . 51 3.7 The instantiation context KD R,A and its concept lattice . 55 × 3.8 Workflow for representing and completing with known implications . 57 4.1 AnexpansionoftheHSTmethod. 73 4.2 Hide consequence, make it available, or both at the same time . 78 4.3 Hitting Set Trees to compute all MinAs and a smallest change set . 85 6.1 Histogram of required MinAs or MinLabs to compute a boundary . 110 xiii 6.2 Histograms of time needed to compute a consequence’s boundary . 111 6.3 Histograms of time needed to compute a consequence’s boundary . 112 6.4 Time-quality diagram comparing variants to compute a smallest CS . 114 6.5 Cumulative distribution of time to repair a consequence’s boundary . 115 6.6 Gained assertions over goal set size . 115 6.7 Required time to compute a smallest MCS . 117 6.8 Overpermissive and overrestrictive conflict resolution . 119 List of Tables 1.1 OurexampleRBACmatrix ........................ 5 2.1 Some OWL 2 concept constructors . 23 2.2 SomeOWL2axiomconstructors . 24 3.1 Explicit permissions of user roles on object classes . 43 3.2 RBAC-CHmatrix ............................. 44 3.3 Variantshowtointerpretacrossinthecontext . 47 mayWrite 3.4 The context KR,D and one possible instantiation. 49 5.1 Axioms and their containment in document ontologies . 91 6.1 Test sets consisting of ontologies and goal sets . 107 6.2 BoundarycomputationbyFPvs. LP. 108 6.3 BoundarycomputationbyLPvs. BS. 112 6.4 Results comparing variants to compute a smallest CS . 113 6.5 Comparison of gained assertions and performance . 116 6.6 Conflictresolution ............................. 118 xv List of Acronyms cMCS candidate MCS.......................................................96 CS change set............................................................78 DAC discretionary access control...........................................32 DL Description Logic......................................................1 FCA Formal Concept Analysis.............................................11 FP full axiom pinpointing...............................................104 GCI general concept inclusion . 21 HST Hitting Set Tree......................................................25 IAS minimal inserted axiom set...........................................79 KR knowledge representation..............................................2 LBAC lattice-based access control . 17 LP label-optimized axiom pinpointing...................................105 MCS minimal multiple change set..........................................95 MinA minimal axiom set....................................................24 MinCS minimal CS...........................................................78 MinLab minimal label set.....................................................69 OWL Web Ontology Language...............................................2 RAS minimal removed axiom set...........................................79 RBAC role-based access control...............................................1 RBAC-CH RBAC with object class hierarchy . 38 RMCS relaxed MCS.........................................................99 W3C World Wide Web Consortium..........................................2 xvii 1 Introduction Access control is an essential operation in standard information systems to prevent unauthorized access and use of information. As semantic technology is more and more applied in real-world applications, access control also becomes an issue for ontologies in the following two ways. Ontologies can, on the one hand, be a great help in representing knowledge about an access policy, e.g. including the definition of user roles based on the attributes of persons. An ontology might, on the other hand, be an object of a computing system which is available