DOC PREVIEW
UTD CS 7301 - A Token-Based Access Control System for RDF Data in the Clouds

This preview shows page 1-2-17-18-19-36-37 out of 37 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

A Token-Based Access Control System for RDF Data in the CloudsOutlineMotivationSemantic WebSemantic Web TechnologiesCurrent TechnologiesCloud Computing FrameworksCloud as RDF StoresSystem ArchitectureStorage SchemaExampleSpace GainSPARQL QuerySPAQL Query by MapReduceInside Hadoop MapReduce JobAccess Control in Our ArchitectureSlide 17Access Control TerminologySix Access Control LevelsAccess Control Levels (Cont.)Slide 21Access Token AssignmentConflictConflict TypeSlide 25Conflict Resolution AlgorithmExperimentDataset And QueriesOur ClustersResultsSlide 31Future WorksReferencesSlide 34Slide 35Slide 36Slide 37A Token-Based Access Control System for RDF Data in the CloudsArindam KhaledMohammad Farhan HusainLatifur KhanKevin HamlenBhavani ThuraisinghamDepartment of Computer ScienceUniversity of Texas at DallasResearch Funded by AFOSR1CloudCom 2010Outline•Motivation and Background–Semantic Web–Security–Scalability•Access control•Proposed Architecture•Results2CloudCom 2010Motivation•Semantic web is gaining immense popularity•Resource Description Framework (RDF) is one of the ways to represent data in Semantic web.•But most of the existing frameworks either lack scalability or don’t incorporate security.•Our framework incorporates both of those.CloudCom 20103Semantic Web•Originally proposed by Sir Tim Berners-Lee who envisioned it as a machine-understandable web.•Powerful since it allows relationships between web resources.•Semantic web and Ontologies are used to represent knowledge.•Resource Description Framework (RDF) is used for its expressive power, semantic interoperability, and reusability.4CloudCom 2010Semantic Web Technologies•Data in machine understandable format•Infer new knowledge•Standards–Data representation – RDF•Triples–Example: –Ontology – OWL, DAML–Query language - SPARQLSubject Predicate Objecthttp://test.com/s1 foaf:name “John Smith”5CloudCom 2010Current Technologies•Joseki [15], Kowari [17], 3store [10], and Sesame [5] are few RDF stores.•Security is not addressed for these.•In Jena [14, 20], efforts have been made to incorporate security.•But Jena lacks scalability – often queries over large data become intractable [12, 13].6CloudCom 2010Cloud Computing Frameworks•Proprietary–Amazon S3–Amazon EC2–Force.com•Open source tool–Hadoop – Apache’s open source implementation of Google’s proprietary GFS file system•MapReduce – functional programming paradigm using key-value pairs7CloudCom 2010Cloud as RDF Stores•Large RDF graphs can be efficiently stored and queried in the clouds [6, 12, 13, 18].•These stores lack access control.•We address this problem by generating tokens for specified access levels.•Agents are assigned these tokens based on their business requirements and restrictions.8CloudCom 2010System ArchitectureLUBM Data GeneratorPreprocessorN-Triples ConverterPredicate Based SplitterObject Type Based SplitterHadoop Distributed File System / Hadoop ClusterRDF/XMLPreprocessed Data2. Jobs3. Answer3. Answer1. QueryMapReduce FrameworkQuery RewriterQuery Plan GeneratorPlan ExecutorAccess Control9CloudCom 2010Storage Schema•Data in N-Triples•Using namespaces–Example:•http://utdallas.edu/res1 utd:resource1•Predicate based Splits (PS)–Split data according to Predicates•Predicate Object based Splits (POS)–Split further according to rdf:type of Objects10CloudCom 2010ExampleD0U0:GraduateStudent20 rdf:type lehigh:GraduateStudentlehigh:University0 rdf:type lehigh:UniversityD0U0:GraduateStudent20 lehigh:memberOf lehigh:University0PFile: rdf_typeD0U0:GraduateStudent20 lehigh:GraduateStudentlehigh:University0 lehigh:UniversityFile: lehigh_memberOfD0U0:GraduateStudent20 lehigh:University0PSFile: rdf_type_GraduateStudentD0U0:GraduateStudent20File: rdf_type_UniversityD0U0:University0File: lehigh_memberOf_UniversityD0U0:GraduateStudent20 lehigh:University0POS11CloudCom 2010Space Gain•ExampleSteps Number of Files Size (GB) Space GainN-Triples 20020 24 --Predicate Split (PS) 17 7.1 70.42%Predicate Object Split (POS) 41 6.6 72.5%Data size at various steps for LUBM100012CloudCom 2010SPARQL Query•SPARQL – SPARQL Protocol And RDF Query Language•ExampleSELECT ?x ?y WHERE{ ?z foaf:name ?x ?z foaf:age ?y} QueryDataResult13CloudCom 2010SPAQL Query by MapReduce•Example querySELECT ?p WHERE{ ?x rdf:type lehigh:Department ?p lehigh:worksFor ?x ?x subOrganizationOf http://University0.edu}•Rewritten querySELECT ?p WHERE{ ?p lehigh:worksFor_Department ?x ?x subOrganizationOf http://University0.edu}14CloudCom 2010Inside Hadoop MapReduce JobsubOrganizationOf_UniversityDepartment1 http://University0.eduDepartment2 http://University1.eduworksFor_DepartmentProfessor1 Deaprtment1Professor2 Department2MapMapMapMapReduceReduceOutputWF#Professor1Department1 SO#http://University0.edu Department1 WF#Professor1Department2 WF#Professor2FilteringObject == http://University0.eduINPUTMAPSHUFFLE&SORTREDUCEOUTPUTDepartment1 SO#http://University0.edu WF#Professor1Department2 WF#Professor215CloudCom 2010Access Control in Our ArchitectureCloudCom 201016MapReduce FrameworkQuery RewriterQuery Plan GeneratorPlan ExecutorAccess ControlAccess control module is linked to all the components of MapReduce FrameworkMotivation•It’s important to keep the data safe from unwanted access.•Encryption can be used, but it has no or small semantic value.•By issuing and manipulating different levels of access control, the agent could access the data intended for him or make infereneces. CloudCom 201017Access Control Terminology•Access Tokens (AT): Denoted by integer numbers allow agents to access security-relevant data. •Access Token Tuples (ATT): Have the form <AccessToken, Element, ElementType, ElementName> where Element can be Subject, Object, or Predicate, and ElementType can be described as URI , DataType, Literal , Model (Subject), or BlankNode.18CloudCom 2010Six Access Control Levels•Predicate Data Access: Defined for a particular predicate. An agent can access the predicate file. For example: An agent possessing ATT <1, Predicate, isPaid, _> can access the entire predicate file isPaid.•Predicate and Subject Data Access: More restrictive than the previous one. Combining one of these Subject ATT’s with a Predicate data access ATT having the same AT grants the agent access to a specific subject of a specific predicate. For example, having ATT’s <1, Predicate, isPaid,


View Full Document

UTD CS 7301 - A Token-Based Access Control System for RDF Data in the Clouds

Documents in this Course
Load more
Download A Token-Based Access Control System for RDF Data in the Clouds
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view A Token-Based Access Control System for RDF Data in the Clouds and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view A Token-Based Access Control System for RDF Data in the Clouds 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?