More Web Proxy on the site http://driver.im/

research-article

Towards a security and privacy protection model for semantic query engines

Authors:

Abdelkader Magdy,

A. Baith Mohamed,

Gerald Quirchmayr,

Erich SchikutaAuthors Info & Claims

iiWAS '17: Proceedings of the 19th International Conference on Information Integration and Web-based Applications & Services

Pages 198 - 207

https://doi.org/10.1145/3151759.3151776

Published: 04 December 2017 Publication History

Abstract

The semantic web aims to describe information in terms of well-defined vocabularies and comprehends both data and knowledge to cope with meaning of data. Advanced search engines are used to retrieve precise information out of these knowledge resources. The main challenge is not only retrieving data but also how to keep data safe and protected against any form of attacks.

In this paper, we propose a security aware based model for semantic search engines. Our work aims to combine advances in information technology, such as cloud technology, while addressing security issues which threaten the integrity of information. In particular security gaps and countermeasures of the semantic web are identified. ISO/IEC security requirements for the protection of personally identifiable information (PII) are presented to cover security vulnerabilities of the proposed model. Finally, the feasibility of our proposed model is checked against the N2Sky use case, a multi-cloud knowledge information management system for the computational intelligence community.

References

[1]

Enterprise Architect. http://www.sparxsystems.com/products/ea/. Accessed: 2017-07-14.

[2]

Fine-Grained Access Control for RDF Data. https://docs.oracle.com/cd/E11882_01/appdev.112/e25609/fine_grained_acc.htm#RDFRM99941. Accessed: 2017-07-17.

[3]

RDF4J. http://rdf4j.org/. Accessed: 2017-07-18.

[4]

The Security of the Semantic Web - Secrecy, Trust and Rationality. https://www.w3.org/People/n-shiraishi/work/Security-of-RDF.html#2.2. Accessed: 2017-08-06.

[5]

Threats and Countermeasures for Web Services. https://msdn.microsoft.com/en-us/library/ff650168.aspx#MessageEncryption. Accessed: 2017-08-09.

[6]

World Wide Web Consortium (W3C). https://www.w3.org. Accessed: 2017-07-11.

[7]

XML Encryption WG. https://www.w3.org/Encryption/2001/. Accessed: 2017-08-06.

[8]

H. Asghar, Z. Anwar, and K. Latif. A deliberately insecure rdf-based semantic web application framework for teaching sparql/sparul injection attacks and defense mechanisms. computers & security, 58:63--82, 2016.

Digital Library

[9]

P. P. Beran, E. Vinek, E. Schikuta, and T. Weishaupl. Vinnsl-the vienna neural network specification language. In Neural Networks, 2008. IJCNN 2008.(IEEE World Congress on Computational Intelligence). IEEE International Joint Conference on, pages 1872--1879. IEEE, 2008.

[10]

J. Bogaerts, M. Decat, B. Lagaisse, and W. Joosen. Entity-based access control: supporting more expressive access control policies. In Proceedings of the 31st Annual Computer Security Applications Conference, pages 291--300. ACM, 2015.

Digital Library

[11]

N. G. Canbek and M. Mutlu. On the track of artificial intelligence: Learning with intelligent personal assistants. Journal of Human Sciences, 13(1):592--601, 2016.

[12]

J. chaurasia and P. J. Raikwal. Survey on semantic web search engine: Using domain ontology. In International Research Journal of Engineering and Technology (IRJET), volume 02, pages 1--5. IEEE, 2014.

[13]

L. Ding, T. Finin, A. Joshi, R. Pan, R. S. Cost, Y. Peng, P. Reddivari, V. Doshi, and J. Sachs. Swoogle: A semantic web search and metadata engine. In Proc. 13th ACM Conf. on Information and Knowledge Management, volume 304, pages 10--1145, 2004.

Digital Library

[14]

D. Eastlake 3rd, J. Reagle, and D. Solo. Xml-signature syntax and processing. Technical report, 2001.

Digital Library

[15]

A. A. El-Aziz and A. Kannan. Literature review on xml security and access control to xml documents.

[16]

Information security management systems: Overview and vocabulary. International standard, International Organization for Standardization - ISO and International Electrotechnical Commission - IEC, Geneva-Switzerland, Jan. 2014.

[17]

Code of practice for information security controls. International standard, International Organization for Standardization - ISO and International Electrotechnical Commission - IEC, Geneva-Switzerland, Oct. 2013.

[18]

Code of practice for protection of personally identifiable information (pii) in public clouds acting as pii processors. International standard, Aug. 2014.

[19]

R. Jain, N. Duhan, and A. Sharma. Comparative study on semantic search engines. International Journal of Computer Applications, ISSN, pages 0975--8887, 2015.

[20]

K. M. Kabir and K. Himran. Preserving privacy in semantic web applications.

[21]

L. Kagal, T. Finin, M. Paolucci, N. Srinivasan, K. Sycara, and G. Denker. Authorization and privacy for semantic web services. IEEE Intelligent Systems, 19(4):50--56, 2004.

Digital Library

[22]

E. Kandogan, R. Krishnamurthy, S. Raghavan, S. Vaithyanathan, and H. Zhu. Avatar semantic search: a database approach to information retrieval. In Proceedings of the 2006 ACM SIGMOD international conference on Management of data, pages 790--792. ACM, 2006.

Digital Library

[23]

M. S. Kumar, M. R. K. Prajapati, M. Singh, and A. De. Realization of threats and countermeasure in semantic web services. International Journal of Computer Theory and Engineering, 2(6):919, 2010.

[24]

S. Kumar and S. Kumar. Semantic web attacks and countermeasures. In Advances in Engineering and Technology Research (ICAETR), 2014 International Conference on, pages 1--5. IEEE, 2014.

[25]

Z. Ma, A. Hudic, A. Shaaban, and S. Plosz. Security viewpoint in a reference architecture model for cyber-physical production systems. In Security and Privacy Workshops (EuroS&PW), 2017 IEEE European Symposium on, pages 153--159. IEEE, 2017.

[26]

R. A. Popa, C. Redfield, N. Zeldovich, and H. Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pages 85--100. ACM, 2011.

Digital Library

[27]

K. Punithasurya and S. Jeba Priya. Analysis of different access control mechanism in cloud. International Journal of Applied Information Systems (IJAIS), Foundation of Computer Science FCS, 4(2), 2012.

[28]

E. Schikuta, A. Magdy, I. U. Haq, A. B. Mohamed, B. Pittl, and W. Mach. Searching the sky for neural networks. In International Work-Conference on Artificial Neural Networks, pages 167--178. Springer, 2017.

[29]

E. Schikuta, A. Magdy, and A. B. Mohamed. A framework for ontology based management of neural network as a service. 2016.

[30]

E. Schikuta and E. Mann. N2sky---neural networks as services in the clouds. In Neural Networks (IJCNN), The 2013 International Joint Conference on, pages 1--8. IEEE, 2013.

[31]

A. Sotona, S. Negru, M. Prague, et al. How to feed apache hbase with petabytes of rdf data: An extremely scalable rdf store based on eclipse rdf4j.

[32]

A. Stamos and S. Stender. Attacking web services: The next generation of vulnerable enterprise apps. BlackHat2005, pages 1--20, 2005.

[33]

S. Thomas and L. Williams. Using automated fix generation to secure sql statements. In Proceedings of the Third International Workshop on Software Engineering for Secure Systems, page 9. IEEE Computer Society, 2007.

Digital Library

[34]

B. Thuraisingham. Security standards for the semantic web. Computer Standards & Interfaces, 02, 2015.

Digital Library

[35]

X. Yang, Y. Chen, W. Zhang, and S. Zhang. Exploring injection prevention technologies for security-aware distributed collaborative manufacturing on the semantic web. The International Journal of Advanced Manufacturing Technology, 54(9):1167--1177, 2011.

Cited By

Shaaban ASchmittner CGruber TMohamed AQuirchmayr GSchikuta E(2018)CloudWoT - A Reference Model for Knowledge-based IoT SolutionsProceedings of the 20th International Conference on Information Integration and Web-based Applications & Services10.1145/3282373.3282400(272-281)Online publication date: 19-Nov-2018
https://dl.acm.org/doi/10.1145/3282373.3282400

Index Terms

Towards a security and privacy protection model for semantic query engines
1. Information systems
  1. Information retrieval
    1. Specialized information retrieval
2. Security and privacy
  1. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

Towards semantic faceted search
WWW '14 Companion: Proceedings of the 23rd International Conference on World Wide Web

In this paper we present limitations of conventional faceted search in the way data, facets, and queries are modelled. We discuss how these limitations can be addressed with Semantic Web technologies such as RDF, OWL 2, and SPARQL 1.1. We also present a ...
The mediator authorization-security model for heterogeneous semantic knowledge bases

Many organizations often need to share semantic knowledge base content with selected members of other organizations. However, sharing semantic knowledge across different organizations is a critical problem. This is because the differences in the ...
Authorization Control for a Semantic Data Repository through an Inference Policy Engine

Semantic models help in achieving semantic interoperability among sources of data and applications. The necessity to efficiently manage these types of objects has increased the number of specialized repositories, usually referred to as semantic ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

iiWAS '17: Proceedings of the 19th International Conference on Information Integration and Web-based Applications & Services

December 2017

609 pages

ISBN:9781450352994

DOI:10.1145/3151759

Editors:
Maria Indrawan-Santiago
Monash University, Australia
,
Matthias Steinbauer
Johannes Kepler University Linz, Austria
,
Ivan Luiz Salvadori
Federal University of Santa Catarina, Brazil
,
Ismail Khalil
Johannes Kepler University Linz, Austria
,
Gabriele Anderst-Kotsis
Johannes Kepler University Linz, Austria

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 December 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Austrian Institute of Technology

Conference

iiWAS2017

iiWAS2017: The 19th International Conference on Information Integration and Web-based Applications & Services

December 4 - 6, 2017

Salzburg, Austria

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
75
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Shaaban ASchmittner CGruber TMohamed AQuirchmayr GSchikuta E(2018)CloudWoT - A Reference Model for Knowledge-based IoT SolutionsProceedings of the 20th International Conference on Information Integration and Web-based Applications & Services10.1145/3282373.3282400(272-281)Online publication date: 19-Nov-2018
https://dl.acm.org/doi/10.1145/3282373.3282400

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents