CAREER: Semantic Web: Interoperation versus Security - The New Paradigm of Confidentiality Threats

Principal Investigator

Csilla Farkas
Department of Computer Science and Engineering
University of South Carolina
Columbia, SC 29208

Phone: 803-576-5762
Fax: 803-777-377

Email: mailto:farkas@cse.sc.edu
URL: http://www.cse.sc.edu/~farkas

 

Keywords

Semantic Web security, XML, RDF, ontology, access control, inference problem, privacy

Award Information

Award Number: IDM-0237782
Duration: 9/1/2003-8/31/2008

Project Summary

The focus of this project is to investigate security problems in the context of Semantic Web and to incorporate the research findings in security education.  To provide information assurance in the context of Semantic Web, several issues – technological, managerial, and legal – need to be addressed.  The project is aimed mainly at technological development concerned with information confidentiality and privacy.  There are three main phases of the research: 1) develop an authorization model and access control language for XML and RDF data, 2) investigate security threats via undesired inferences in the context of the Semantic Web and develop technologies to prevent specific types of inferences, and 3) study conceptual, judicial, and practical security implications of a global, semantically enabled Web.  In particular, security issues created by large-scale and focused data integration will be evaluated and architectures, targeting defensive and offensive modes of deployment, developed.

The educational component of the proposed research involves the development of new courses in Semantic Web security and a new textbook.  Students will be involved in research activities and testing.

Publications and Products

·       C. Farkas and A. Stoica, “Correlated Data Inference in Ontology Guided XML Security Engine,” IFIP 17th WG 11.3 working conference on Data and Application Security, 2003

·       A. Stoica and C. Farkas, “Ontology guided Security Engine,” Submitted for publication

·       V. Gowadia, C. Farkas, “RDF Metadata for XML Access Control,” Submitted for publication

Project Impact

The research addresses the important problem of providing data security on the Web, thus its results impact a wide range of Web applications.  The proposed solutions guarantee information confidentiality and privacy; filling an existing research gap.  The proposed research overlaps different principles, including database, Web, and Agent technologies.  Collaboration with researchers in these fields increases the security awareness of these scientific communities.

The teaching plan of the proposal ensures sufficient coverage of security related topics that are currently not part of the curriculum.  The educational plan addresses both undergraduate and graduate students.  Research results and prototypes will be incorporated in the security education of the University of South Carolina (USC) and disseminated among higher educational institutes.  The proposed outreach program for middle and high school students may motivate qualified students to pursue a degree in information security.

Finally, the PI is one of the few female researchers and faculty members in the field of engineering and computer science.  Her career success, demonstrated by receiving the prestigious CAREER award, would serve as a role-model for young female high school and college students.

Goals, Objectives and Targeted Activities

Research

The research goal of the project is to develop high-assurance technologies and frameworks to ensure data security and privacy in the context of Semantic Web.  During this project, formal security models and techniques will be developed to address Semantic Web security problems, including XML and RDF access control, ontology driven inferences, and secure information integration.  In addition to theoretical research, the developed techniques will be implemented and disseminated among the research community.  Success of the research will be evaluated based on the number and quality of publications and the performance of the developed systems.  Research results will be available to the research community via the project’s website.

Teaching

The teaching goal of the proposed project is to increase the security awareness of students, motivate high school and college students to pursue graduate degrees in information assurance, and increase undergraduate and graduate student involvement in research.  Moreover, the outreach program to K-12 students may reduce the number of cyber crimes exploiting juvenile users.  Success of the educational plan will be evaluated based on statistics on security education at USC, student and peer evaluation of security courses, textbook development, and number and quality of educational publications.

Area Background

During the last few years, the concept of Semantic Web, a Web, designed for machine processing has emerged [LHL01, W3C].  eXtensible Markup Language (XML) and Resource Description Framework (RDF) has become widely accepted formats to support data exchange and integration.  Works on ontologies [DAML+OIL, OWL] provide common grounds among web-based databases, thus allowing interoperation among different applications.  While research on developing standards and tools that ultimately will lead to the existence of the Semantic Web is increasing, security impacts of these new technologies have not been addressed sufficiently [THUR02].  Providing controlled accesses to XML data has been studied by both industry experts and academia researchers (see [DOUR01, BCFM00] for representative samples). Although the Web inferences have been studied to support interoperation, they have not been investigated from the perspective of information security; similar to the inference problem in relational databases [BFJ00].

Area References

[BCFM00]      E. Bertino, S. Castano, E. Ferrari, M.Mesiti, “Specifying and Enforcing Access Control Policies for XML Document Sources,” World Wide Web Journal, Vol.3, N.3, 2000

[BFJ00]           A. Brodsky, C. Farkas, and S. Jajodia, “Secure Databases: Constraints, inference channels, and monitoring disclosure,” IEEE Trans. Knowledge and Data Eng., November 2000

[DAML+OIL]  DAML+OIL, http://www.daml.org/2001/03/daml+oil-index.html, 2003

[DOUR02]      B. Dournaee, XML Security, McGraw-Hill, 2002

[LHL01]          T. B.-Lee, J. Hendler and O. Lassila, “The Semantic Web,” Scientific American, May 2001

[OWL]             Web-Ontology Language, http://www.w3.org/2001/sw/WebOnt/, 2003

[SF02]             A. Stoica and C. Farkas, “Secure XML Views,” IFIP WG 11.3 Database and Application Security Conference, 2002

[THUR02]       B. Thuraishingham, XML Databases and the Semantic Web, CRC Press, 2002

[W3C]             W3C – Semantic Web, http://www.w3.org/2001/sw/, 2003

Project Websites

Information Security Laboratory (ISL) – Secure Semantic Web Project  
The Secure Semantic Web website provides information about the ongoing information security research in the context of the Semantic Web.  The PI is the director and founder of the Information Security Laboratory as well as the initiator of the security program at USC.  The ISL web site provides links to the research and educational activities at the Department of Computer Science and Engineering of USC.