Access Control for RDF Graphs using Abstract Models

Vassilis Papakonstantinou, Maria Michou, Irini Fundulaki, Giorgos Flouris, Grigoris Antoniou

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

17 Citations (Scopus)


The Resource Description Framework (RDF) has become the defacto standard for representing information in the Semantic Web. Given the increasing amount of sensitive RDF data available on the Web, it becomes increasingly critical to guarantee secure access to this content. In this paper we advocate the use of an abstract access control model to ensure the selective exposure of RDF information. The model is defined by a set of abstract operators and tokens. Tokens are used to label RDF triples with access information. Abstract operators model RDF Schema inference rules and propagation of labels along the RDF Schema (RDFS) class and property hierarchies. In this way, the access label of a triple is a complex expression that involves the labels of the triples and the operators applied to obtain said label. Different applications can then adopt different concrete access policies that encode an assignment of the abstract tokens and operators to concrete (specific) values. Following this approach, changes in the interpretation of abstract tokens and operators can be easily implemented resulting in a very flexible mechanism that allows one to easily experiment with different concrete access policies (defined per context or user). To demonstrate the feasibility of the approach, we implemented our ideas on top of the MonetDB and Post-greSQL open source database systems. We conducted an initial set of experiments which showed that the overhead for using abstract expressions is roughly linear to the number of triples considered; performance is also affected by the characteristics of the dataset, such as the size and depth of class and property hierarchies as well as the considered concrete policy.

Original languageEnglish
Title of host publicationSACMAT'12
Subtitle of host publicationProceedings of the 17th ACM Symposium on Access Control Models and Technologies
Place of PublicationNew York
PublisherAssociation for Computing Machinery (ACM)
Number of pages10
ISBN (Print)9781450312950
Publication statusPublished - 1 Jun 2012
Event17th ACM Symposium on Access Control Models and Technologies - Newark, United States
Duration: 20 Jun 201222 Jun 2012
Conference number: 17


Conference17th ACM Symposium on Access Control Models and Technologies
Abbreviated titleSACMAT'12
Country/TerritoryUnited States


Dive into the research topics of 'Access Control for RDF Graphs using Abstract Models'. Together they form a unique fingerprint.

Cite this