Self-Enforcing Access Control for Encrypted RDF

Javier D. Fernández1, Sabrina Kirrane1, Axel Polleres1, and Simon Steyskal1,2


1. Vienna University of Economics and Business (Austria)
2. Siemens AG Österreich, Vienna (Austria)
firstname.lastname@wu.ac.at


Go to Source Code

This work has been submitted to ESWC 2017. In the following, we provide a brief overview of the proposal and the source code of its protoype.

1. Introduction
2. Source Code


1. Introduction

The Linked Data infrastructure could potentially be used not only to distributedly share public data but also to selectively share data, perhaps of a sensitive nature (e.g. personal data, health data, financial data, etc.), with specific individuals or organisations (i.e. closed data). In order to realise this vision, we must first extend the existing Linked Data infrastructure with suitable security mechanisms. More specifically, encryption is needed to protect data in case the server is compromised, while access control is needed to ensure that only authorised individuals can access specific data. Apart from the need to protect data, robustness in terms of usability, performance and scalability is a major consideration.

Beyond RDF, novel cryptography mechanisms have been developed that enable the flexible specification and enforcement of access policies over encrypted data. Predicate-based Encryption (PBE) – which we refer to as Functional Encryption (FE) in order to avoid confusion with RDF predicates – enables searching over encrypted data, mainly for keywords or the conjunction of keyword queries, while alleviating the re-encryption burden associated with adding additional data.

Herein, we extend recent findings on FE to RDF, and demonstrate how FE can be used for fine-grained access control based on triples patterns over encrypted RDF datasets. Summarising our contributions, we: (i) adapt functional encryption to RDF such that it is possible to enforce access control over encrypted RDF data in a self enforcing manner; (ii) demonstrate how encryption keys based on triple patterns can be used to specify flexible access control for Linked Data sources; and (iii) propose an indexing strategy that enhances query performance and scalability.


2. Source Code

We provide a first alpha version of our prototype. While this build has been extensively tested, the current alpha state is still subject to bugs and optimizations.

Our protoype is licensed by Lesser General Public License.

Please find the queries of our evaluation, and the datasets (in NT.gz format).