Integrated security framework for semantically enhanced semi-structured data

This dissertation studies the inference problem in the context of Semantic Web and proposes the design and implementation of a security framework to detect and prevent unwanted inferences. The proposed security solution has two main functionalities: prevent undesired inferences via XML query answers, and detect undesired inferences via correlating public domain information. The undesired inference via XML query answers violates data confidentiality requirement by disclosing unauthorized XML document structure. The undesired inference via public domain information violates data confidentiality requirement by correlating related public data to disclose unauthorized information.; There is a separate module for each function of the security engine: the data access control module and the global data privacy control module. The data access control module provides access to the XML database using secure and semantically consistent partial views. The views are constructed by changing the structure of the XML document to remove vulnerabilities to undesired inferences. The changes in the XML structure are guided by metadata representing semantic data correlations.; The module for global data privacy control places the XML document in the context of public information selected from the same knowledge domain. The security engine performs two inference procedures to detect inference channels that lead from the public information to the protected data within an organization. The inference procedures detect conflicting security classifications from (1) semantically similar replicated information, and (2) semantically similar replicated data correlations. An ontology concept hierarchy defines the metadata that guides the inference process. The data inference from the replicated and correlated data inference procedures is formalized in Prolog. The Prolog knowledge base is a representation of the XML documents and the associated ontology.; This research is the first step towards developing security mechanisms to protect semantically enhanced, distributed information from indirect disclosure. In the Semantic Web, the ontologies provide the conceptualization for the external knowledge modeling to prevent inference channels that violate the privacy of protected data.