Building Trustworthy Semantic Webs Lecture 1 Introduction to Trustworthy Semantic Web Dr Bhavani Thuraisingham January 14 2011 01 14 19 08 59 12 2 Outline 0 Data and Applications Security Developments and Directions 0 Secure Semantic Web XML Security Other directions 0 Some Emerging Secure DAS Technologies Secure Sensor Information Management Secure Dependable Information Management 0 Some Directions for Privacy Research Data Mining for handling security problems Privacy vs National Security Privacy Constraint Processing Foundations of the Privacy Problem 0 What are the Challenges 01 14 19 08 59 12 3 Developments in Data and Applications Security 1975 Present 0 Access Control for Systems R and Ingres mid 1970s 0 Multilevel secure database systems 1980 present Relational database systems research prototypes and products Distributed database systems research prototypes and some operational systems Object data systems Inference problem and deductive database system Transactions 0 Recent developments in Secure Data Management 1996 Present Secure data warehousing Role based access control RBAC Ecommerce XML security and Secure Semantic Web Data mining for intrusion detection and national security Privacy Dependable data management Secure knowledge management and collaboration 01 14 19 08 59 12 4 Developments in Data and Applications Security Multilevel Secure Databases I 0 Air Force Summer Study in 1982 0 Early systems based on Integrity Lock approach 0 Systems in the mid to late 1980s early 90s E g Seaview by SRI Lock Data Views by Honeywell ASD and ASD Views by TRW Prototypes and commercial products Trusted Database Interpretation and Evaluation of Commercial Products 0 Secure Distributed Databases late 80s to mid 90s Architectures Algorithms and Prototype for distributed query processing Simulation of distributed transaction management and concurrency control algorithms Secure federated data management 01 14 19 08 59 12 5 Developments in Data and Applications Security Multilevel Secure Databases II 0 Inference Problem mid 80s to mid 90s Unsolvability of the inference problem Security constraint processing during query update and database design operations Semantic models and conceptual structures 0 Secure Object Databases and Systems late 80s to mid 90s Secure object models Distributed object systems security Object modeling for designing secure applications Secure multimedia data management 0 Secure Transactions 1990s Single Level Multilevel Transactions Secure recovery and commit protocols 01 14 19 08 59 12 6 Some Directions and Challenges for Data and Applications Security I 0 Secure semantic web Security models 0 Secure Information Integration How do you securely integrate numerous and heterogeneous data sources on the web and otherwise 0 Secure Sensor Information Management Fusing and managing data information from distributed and autonomous sensors 0 Secure Dependable Information Management Integrating Security Real time Processing and Fault Tolerance 0 Data Sharing vs Privacy Federated database architectures 01 14 19 08 59 12 7 Some Directions and Challenges for Data and Applications Security II 0 Data mining and knowledge discovery for intrusion detection Need realistic models real time data mining 0 Secure knowledge management Protect the assets and intellectual rights of an organization 0 Information assurance Infrastructure protection Access Control Insider cyber threat analysis Protecting national databases Rolebased access control for emerging applications 0 Security for emerging applications Geospatial Biomedical E Commerce etc 0 Other Directions Trust and Economics Trust Management Negotiation Secure Peerto peer computing 01 14 19 08 59 12 8 Coalition Data and Policy Sharing Data Policy for Federation Export Data Policy Export Data Policy Export Data Policy Component Data Policy for Agency A Component Data Policy for Agency C Component Data Policy for Agency B 01 14 19 08 59 12 9 Other Topics 0 Secure Semantic Web 0 Secure Cloud Computing 0 Mobile code security 0 Vulnerability Analysis 0 Infrastructure security Power grid 0 Healthcare Security 0 Financial Security 01 14 19 08 59 12 10 Semantic Web Overview 0 According to Tim Berners Lee The Semantic Web supports Machine readable and understandable web pages Enterprise application integration Nodes and links that essentially form a very large database Premise Semantic Web Technologies XML RDF Ontologies Rules Applications Web Database Management Web Services Information Integration 01 14 19 08 59 12 11 Layered Architecture for Dependable Semantic Web 0Adapted from Tim Berners Lee s description of the Semantic Web T R U S T P R I V A C Y Logic Proof and Trust Rules Query RDF Ontologies XML XML Schemas URI UNICODE Other Services 01 14 19 08 59 12 12 Relationships between Dependability Confidentiality Privacy Trust Privacy Confidentiality Dependability Trust Dependability Security Privacy Trust Real time Processing Fault Tolerance also sometimes referred to as Trustworthiness Confidentiality Preventing the release of unauthorized information considered sensitive Privacy Preventing the release of unauthorized information about individuals considered sensitive Trust Confidence one has that an individual will give him her correct information or an individual will protect sensitive information 01 14 19 08 59 12 13 What is XML all about 0 XML is needed due to the limitations of HTML and 0 0 0 0 complexities of SGML It is an extensible markup language specified by the W3C World Wide Web Consortium Designed to make the interchange of structured documents over the Internet easier Key to XML is Document Type Definitions DTDs Defines the role of each element of text in a formal model Allows users to bring multiple files together to form compound documents 01 14 19 08 59 12 14 Example XML Document Year 2002 Asset report Assets Dept Patents Name U Of X Equipment Other assets Funds Patent news Name Expenses CS Contracts Grants ID Author title 01 14 19 08 59 12 15 Specifying User Credentials in XML Professor credID 9 subID 16 CIssuer 2 name Alice Brown name university University of X university department CS department research group Security research group Professor Secretary credID 12 subID 4 CIssuer 2 name John James name university University of X university department CS department level Senior level Secretary 01 14 19 08 59 12 16 Specifying Security Policies in XML Xml VERSION 1 0 ENCODING utf 8 Policy base policy spec cred