Ontology Based Access Control: A Case Study through Ontology Based Data Access

Yıl 2023, Cilt: 25 Sayı: 74, 417 - 432, 15.05.2023

Özgü Can , Murat Ünalır

https://doi.org/10.21205/deufmd.2023257413

Öz

Ontology Based Data Access (OBDA) is the provision of data access and data integration as a result of the mapping that is established between an ontology and a data source. Thus, storing large amounts of data becomes easier, more powerful queries can be written, and management of complex information systems can be performed quickly and effectively by using Semantic Web technologies. Ontology Based Access Control (OBAC) uses Semantic Web technologies to enable the enforcement of access control mechanism. Therefore, only authorized persons can access data to protect data privacy. In this study, OBDA and OBAC are integrated to improve security while providing data virtualization with a data model-independent access control approach. Therefore, a use case study for the healthcare domain is presented. Hence, a relational database for the hospital domain, a Hospital Ontology for the related hospital database and an access control policy are created. Also, the relevant mappings between the hospital database and the Hospital Ontology are established by using the Ontop framework and finally, various queries are executed by using Ontop SPARQL to evaluate mappings and access rules.

Anahtar Kelimeler

Access Control, Data Access, Privacy, Ontology, Semantic Web, Knowledge Engineering

Destekleyen Kurum

Ege University Scientific Research Projects Committee

Proje Numarası

18-MUH-036

Ontoloji Tabanlı Erişim Denetimi: Ontoloji Tabanlı Veri Erişimi yoluyla Bir Durum Çalışması

Öz

Ontoloji Tabanlı Veri Erişimi (OBDA), bir ontoloji ile bir veri kaynağı arasında kurulan eşleme sonucunda veri erişiminin ve veri entegrasyonunun sağlanmasıdır. Böylece, Anlamsal Web teknolojileri kullanılarak büyük miktarda verinin depolanması kolaylaşmakta, daha güçlü sorgular yazılabilmekte ve karmaşık bilgi sistemlerinin yönetimi hızlı ve etkin bir şekilde yapılabilmektedir. Ontoloji Tabanlı Erişim Denetimi (OBAC), Anlamsal Web teknolojilerini kullanarak erişim denetim düzeneklerinin uygulanmasını sağlamaktadır. Bu nedenle, veri mahremiyetini korumak için yalnızca yetkilendirilmiş kişiler verilere erişebilmektedir. Bu çalışmada, veri modelinden bağımsız bir erişim denetim yaklaşımı ile veri sanallaştırmayı sağlarken güvenliği artırmak için OBDA ve OBAC entegre edilmiştir. Bu amaçla, sağlık alanı için bir durum çalışması sunulmuştur. Böylelikle, hastane alanı için ilişkisel bir veri tabanı, ilgili hastane veri tabanı için bir Hastane Ontolojisi ve bir erişim denetim politikası oluşturulmaktadır. Ayrıca, hastane veri tabanı ile Hastane Ontolojisi arasındaki ilgili eşleştirmeler Ontop çerçevesi kullanılarak oluşturulmakta ve son olarak, eşleştirmeleri ve erişim kurallarını değerlendirmek için Ontop SPARQL kullanılarak çeşitli sorgular yürütülmektedir.

Anahtar Kelimeler

Erişim Denetim, Veri Erişimi, Mahremiyet, Ontolji, Anlamsal Web, Bilgi Mühendisliği

Proje Numarası

18-MUH-036

Kaynakça

• [1] Haw, S.C, May, J.W., Subramaniam, S. 2017. Mapping Relational Databases to Ontology Representation: A Review. In: Proceedings of the International Conference on Digital Technology in Education (ICDTE'17), pp.54-55. DOI: 10.1145/ 3134847.3134852
• [2] Kalayci E.G. et al. 2020. Semantic Integration of Bosch Manufacturing Data Using Virtual Knowledge Graphs. In: Pan J.Z. et al. (eds) The Semantic Web- International Semantic Web Conference (ISWC 2020). Lecture Notes in Computer Science, Vol 12507, pp. 464-481. Springer, Cham. DOI: 10.1007/978-3-030-62466-8_29
• [3] Kontchakov, R., Rodrguez-Muro, M., Zakharyaschev, M. 2013. Ontology-Based Data Access with Databases: A Short Course. In: Rudolph, S., Gottlob, G., Horrocks, I., van Harmelen, F. (eds) Reasoning Web-Semantic Technologies for Intelligent Data Access (Reasoning Web 2013). Lecture Notes in Computer Science, Vol 8067, pp. 194-229. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-39784-4_5
• [4] Can, O. 2009. Personalizable Ontology Based Access Control for Semantic Web and Policy Management (Anlamsal Web için Kişiselleştirilebilir Ontoloji Tabanlı Erişim Denetimi ve Politika Yönetimi). PhD Thesis, Ege University, Department of Computer Engineering.
• [5] Can, O., and Unalir, M.O. 2010. Ontology Based Access Control. Pamukkale University Journal of Engineering Sciences, 162:197-206.
• [6] Can, O., Bursa, O., and Unalir, M.O. 2010. Personalizable Ontology Based Access Control. Gazi University Journal of Science, 23(4):465-474.
• [7] Can, O., and Unalir, M.O. 2022. Revisiting Ontology Based Access Control: The Case for Ontology Based Data Access. In: Proceedings of the 8th International Conference on Information Systems Security and Privacy (ICISSP 2022), 515-518. DOI: 10.5220/0010898100003120
• [8] Spanos, D.E., Stavrou, P., and Mitrou, N. 2012. Bringing relational databases into the Semantic Web: A survey Semantic Web, 3(2):169-209.
• [9] Lanti, D., Xiao, G., Calvanese, D. 2016. Fast and Simple Data Scaling for OBDA Benchmarks. In: Proceedings of the Workshop on Benchmarking Linked Data (BLINK 2016), Volume 1700 of CEUR Workshop Proceedings.
• [10] Kogalovsky, M.R. 2012. Ontology-based data access systems. Programming and Computer Software, 38:167–182.
• [11] Mikheev, A.V. 2018. Ontology-based Data Access for Energy Technology Forecasting. In: Proceedings of the Vth International workshop on Critical infrastructures: Contingency management, Intelligent, Agent-based, Cloud computing and Cyber security (IWCI 2018), Vol. 158. DOI: 10.2991/iwci-18.2018.26
• [12] Kharlamov E. et al. 2013. Optique: Towards OBDA Systems for Industry. In: Cimiano, P., Fernández, M., Lopez, V., Schlobach, S., Völker, J. (eds) The Semantic Web: ESWC 2013 Satellite Events, LNCS, Vol 7955, 125-140, Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-41242-4_11
• [13] Giese, M. et al. 2013. Scalable End-user Access to Big Data. Rajendra Akerkar (Edt) Big Data Computing. 1st Edition. Chapman and Hall/CRC , New York.
• [14] Kharlamov, E. et al. 2017. Ontology Based Data Access in Statoil. Journal of Web Semantics, 44, pp. 3-36.
• [15] Calvanese, D. et al. 2016. Ontology-based data integration in EPNet: Production and distribution of food during the Roman Empire. Engineering Applications of Artificial Intelligence, 51:212-229.
• [16] Brüggemann, S., Bereta, K., Xiao, G., and Koubarakis, M. 2016. Ontology-Based Data Access for Maritime Security. In: Sack, H., Blomqvist, E., d'Aquin, M., Ghidini, C., Ponzetto, S., Lange, C. (eds) European Semantic Web Conference (ESWC2016): The Semantic Web-Latest Advances and New Domains. Lecture Notes in Computer Science, Vol 9678, pp. 741-757. Springer, Cham. DOI: 10.1007/978-3-319-34129-3_45
• [17] Pokharel, S., Sherif, M. A., and Lehmann, J. 2014. Ontology Based Data Access and Integration for Improving the Effectiveness of Farming in Nepal, In: 2014 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT), pp. 319-326.
• [18] Kirrane, S., Villata, S., and d’Aquin, M. 2018. Privacy, security and policies: A review of problems and solutions with semantic web technologies. Semantic Web, 9(2):153-161.
• [19] Kagal, L., Finin, T., and Joshi, A. 2003. A Policy Based Approach to Security for the Semantic Web. In: Fensel D., et al. (eds) The Semantic Web - International Semantic Web Conference (ISWC 2003), LNCS, Vol 2870, pp. 402-418. DOI: 10.1007/978-3-540-39718-2_26
• [20] Agarwal, S., and Sprick, B. 2004. Access control for semantic Web services. In: Proceedings of IEEE International Conference on Web Services, pp. 770-773.
• [21] Yagüe, M.I., Gallardo, M.M., and Mana, A. 2005. Semantic Access Control Model: A Formal Specification. In: In: di Vimercati, S.d.C., Syverson, P., Gollmann, D. (eds) Computer Security – ESORICS 2005. Lecture Notes in Computer Science, Vol 3679, pp. 24-43. Springer, Berlin, Heidelberg. DOI: 10.1007/ 11555827_3
• [22] He Z., Huang, K., Wu, L., Li, H., and Lai, H.. 2010. Using Semantic Web Techniques to Implement Access Control for Web Service. In: Zhu R., et al. (eds) International Conference on Information Computing and Applications (ICICA 2010), CCIS, Vol 105, pp 258-266. Springer, Berlin, Heidelberg. DOI: 10.1007/978-3-642-16336-4_34
• [23] Daraio, C., Lenzerini, M., Leporelli, C. et al. 2016. The advantages of an Ontology-Based Data Management approach: openness, interoperability and data quality. Scientometrics, 108:441-455.
• [24] W3C Recommendation: R2RM. 2012. https://www.w3.org/TR/r2rml (Access Date: 25.07.2022)
• [25] W3C Recommendation: SPARQL Query Language for RDF. 2008. https://www.w3.org/TR/rdf-sparql-query (Access Date: 25.07.2022)
• [26] G. Tonti, J.M. Bradshaw, R. Jeffers, R. Montanari, N. Suri, A. Uszok, A., ``Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder,'' in ISWC 2003, Vol 2870, pp. 419--437, Springer, 2003.
• [27] Kagal, L. 2002. Rei: A Policy Language for the Me-Centric Project. TechReport.
• [28] Sequeda, J.F. 2017. Integrating Relational Databases with the Semantic Web: A Reflection. In: Ianni G. et al. (eds) Reasoning Web 2017: Semantic Interoperability on the Web. LNCS, Vol 10370, pp. 68-120, Springer, Cham. DOI: 10.1007/978-3-319-61033-7_4
• [29] Ontop Framework. 2022. https://ontop-vkg.org. (Access Date: 25.07.2022)
• [30] Calvanese, D., Cogrel, B. Komla-Ebri, S., Kontchakov, R., Lanti, D., Rezk, M., Rodriguez-Muro, M., Xiao, G. 2017. Ontop: Answering SPARQL Queries over Relational Databases. Semantic Web Journal, 8(3):471–487.
• [31] Protégé Ontology Editor. 2022. https://protege.stanford.edu (Access Date: 25.07.2022)
• [32] MySQL. 2022. https://www.mysql.com (Access Date: 25.07.2022)