In querying semantic data, access control must take into account the information that is implicitly entailed by the accessible part of triple stores and ontologies. While there exist inference control frameworks for this purpose, they still have a limitation: the confidentiality criterion does not take into account the probabilistic knowledge of the attacker. Therefore, the existing controlled query evaluation methods may return answers that actually reveal that a secret is true with very high probability. Given that such probabilistic knowledge is becoming more and more widely available as a result of analytics of various sorts, it is im- portant to develop a refined confidentiality framework where probabilistic knowl- edge is taken into due account. Accordingly, in this paper, we extend and gener- alize an abstract data filtering framework for confidentiality-preserving, policy- based data publishing. The confidentiality requirement is strengthened so that the probability that a secret is true is bounded by a small constant ε. We formally de- fine such a probabilistic setting, then we study two greedy data publishing meth- ods based on refusals and lies, respectively. The refusal-based method is proved to be secure and maximally cooperative among a class of “reasonable” methods. We prove also that the natural generalization of the lying method is not secure. Furthermore, we extend the complexity hardness results from the deterministic framework to the probabilistic one.

Inference-proof Data Filtering for a Probabilistic Setting

Clemente Galdi;
2017-01-01

Abstract

In querying semantic data, access control must take into account the information that is implicitly entailed by the accessible part of triple stores and ontologies. While there exist inference control frameworks for this purpose, they still have a limitation: the confidentiality criterion does not take into account the probabilistic knowledge of the attacker. Therefore, the existing controlled query evaluation methods may return answers that actually reveal that a secret is true with very high probability. Given that such probabilistic knowledge is becoming more and more widely available as a result of analytics of various sorts, it is im- portant to develop a refined confidentiality framework where probabilistic knowl- edge is taken into due account. Accordingly, in this paper, we extend and gener- alize an abstract data filtering framework for confidentiality-preserving, policy- based data publishing. The confidentiality requirement is strengthened so that the probability that a secret is true is bounded by a small constant ε. We formally de- fine such a probabilistic setting, then we study two greedy data publishing meth- ods based on refusals and lies, respectively. The refusal-based method is proved to be secure and maximally cooperative among a class of “reasonable” methods. We prove also that the natural generalization of the lying method is not secure. Furthermore, we extend the complexity hardness results from the deterministic framework to the probabilistic one.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4721022
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? ND
social impact