Abstract
RDF is an increasingly used framework for describing Web resources, including sensitive and confidential resources. In this context, we need an expressive language to query RDF databases. SPARQL has been defined to easily localize and extract data in an RDF graph. Since confidential data are accessed, SPARQL queries must be filtered so that only authorized data are returned with respect to some confidentiality policy. In this paper, we model a confidentiality policy as a set of positive and negative filters (corresponding respectively to permissions and prohibitions) that apply to SPARQL queries. We then define rewriting algorithms that transform the queries so that the results returned by transformed queries are compliant with the confidentiality policy.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Klyne, G., Carroll, J.: Resource description framework (rdf): Concepts and abstract syntax, http://www.w3.org/TR/2004/REC-rdf-concepts-20040210/
Prud Hommeaux, E., Seaborne, A.: Sparql query language for rdf (January 2008), http://www.w3.org/TR/rdf-sparql-query/
Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proc. ACM Sigmod Conf. (June 2004)
Huey, P.: Oracle database security guide: Ch. 7, using oracle virtual private database to control data access, http://download.oracle.com/docs/cd/E11882_01/network.112/e10574.pdf
Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: Proceedings of the 1974 annual conference, June 1974, pp. 180–186 (1974)
Wang, Q., Yu, T., Li, N., Lobo, J., Bertino, E., Irwin, K., Byun, J.: On the correctness criteria of fine-grained access control in relational databases. In: Proceedings of the 33rd international conference on Very large data bases (September 2007)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)
Gabillon, A.: A formal access control model for xml databases. In: Proc. Of the 2005 VLDB Workshop on Secure Data Management, SDM (2005)
Finance, B., Medjdoub, S., Pucheral, P.: The case for access control on xml relationships. In: Proc. of CIKM (2005)
Kudo, M., Hada, S.: Xml document security based on provisional authorization. In: Proc. of ACM CCS (2000)
Stoica, A., Farkas, C.: Secure xml views. In: Proc. of the 16th IFIP WG11.3 Working Conference on Database and Application Security (2002)
Cuppens, F., Cuppens-Boulahia, N., Sans, T.: Protection of relationships in xml documents with the xml-bb model. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2005. LNCS, vol. 3803, pp. 148–163. Springer, Heidelberg (2005)
Damiani, E., Fansi, M., Gabillon, A., Marrara, S.: A general approach to securely querying xml. In: Proc. of the 5th International Workshop on Security in Information Systems, WOSIS 2007 (2007)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and Systems Security (TISSEC) 4(3) (2001)
Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: 8th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy (June 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Oulmakhzoune, S., Cuppens-Boulahia, N., Cuppens, F., Morucci, S. (2010). fQuery: SPARQL Query Rewriting to Enforce Data Confidentiality. In: Foresti, S., Jajodia, S. (eds) Data and Applications Security and Privacy XXIV. DBSec 2010. Lecture Notes in Computer Science, vol 6166. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13739-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-13739-6_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13738-9
Online ISBN: 978-3-642-13739-6
eBook Packages: Computer ScienceComputer Science (R0)