Authorization Control for a Semantic Data Repository through an Inference Policy Engine

Semantic models help in achieving semantic interoperability among sources of data and applications. The necessity to efficiently manage these types of objects has increased the number of specialized repositories, usually referred to as semantic databases. An increasing number of project initiatives have been recorded that choose to formalize application knowledge using ontologies and semantic data representation. Due to the various sensitivities of data, suitable access control mechanisms pertaining to the semantic repository should be put in place to ensure that only authorized users can obtain access to the information in its entirety. In fact, deciding what can be made available to the user without revealing confidential information is made even more difficult because the user may be able to apply logic and reasoning to infer confidential information from the knowledge being provided. In this paper, we design an authorization security model enforced on a semantic model´s entities (concepts) and also propagate on their individuals in the OWL database through an inference policy engine. We provide TBox access control for the construction of a TBox family and propagate this based on the construction of concept taxonomies. We also provide ABox label-based access control for facts in the domain knowledge and report experiments to evaluate the effects of access control on reasoning and modularization.