Existing algorithms for signing graph data typically do not cover the whole signing process. In addition, they lack distinctive features such as signing graph data at different levels of granularity, iterative signing of graph data, and signing multiple graphs. In this paper, we introduce a novel framework for signing arbitrary graph data provided, e g., as RDF(S), Named Graphs, or OWL. We conduct an extensive theoretical and empirical analysis of the runtime and space complexity of different framework configurations. The experiments are performed on synthetic and real-world graph data of different size and different number of blank nodes. We investigate security issues, present a trust model, and discuss practical considerations for using our signing framework.
Es wird ein Referenzmodell ontologisch sinnvoll organisierter Begriffe der IT-Sicherheit vorgestellt und gezeigt, wie dieses eine Begründung zur systematischen Durchführung von IT-Sicherheitsanalysen liefert. Das Referenzmodell besteht aus vier Ebenen: erstens die vorhandene Welt aus Gütern und Interessenkonflikten mit den bestehenden Systemen und ihren Schwachstellen; zweitens das Potenzial aus Bedrohungen und Sicherheitsanforderungen; drittens das planvolle Vorgehen mit Sicherheitsmaßnahmen zum Schutz von Geschäftszielen; und viertens die aktuellen Ereignisse aus Angriffen, Unfällen und Abwehroperationen. Das Referenzmodell wird in bestehende Verfahren der Sicherheitsanalyse eingeordnet und anhand des Beispiels Online-Banking erläutert
Distributed Identity Management (DIM) refers to the ability of defining distributed identities of agents and roles, i.e. a single agent is represented using multiple unique identifiers managed in different namespaces and may have various roles across those namespaces. We propose semDIM, a novel approach for Semantic DIM based on a Semantic Web architecture. For the first time, semDIM provides a framework for a distributed definition and management of entities such as persons being part of an organization, groups, and roles across namespaces. It is suitable for informal, i.e. social networks, as well as for professional networks such as cross-organizational collaborations. In addition, the framework ensures authenticity, authorization and integrity for such distributed identities by featuring certificate-based graph signatures. Beyond the capabilities of existing Identity Management solutions, we allow distributed identifiers and management of groups (consisting of agents and sub-groups) and roles as “first-class entities”. semDIM uses owl:sameAs relations to represent and verify distributed identities via formal reasoning. This concept enables novel functionalities for DIM, as these entities can be identified, related to one another, as well as be managed across namespaces. Our semDIM approach consists of a modular software architecture, a process model using a novel approach for pattern-based concurrency control, as well as a set of state-of-the-art formal OWL ontology patterns. The use of formal patterns ensures semantic interoperability, and extensibility for future requirements. Thereby, our approach can be combined with other applications based on the same or related patterns. We evaluate semDIM in the context of a real-world scenario of securely exchanging DIM information across organizations.
Information flow control on the Internet is a desirable feature when it comes to content such as neo-Nazi propaganda, child pornography, or material showing extreme violence or crimes. In order to provide for a flexible control of information flow on the Internet, we present the pattern system InFO (short for: Information Flow Ontology). InFO provides a common support for different enforcing systems such as routers, proxies, or name servers by abstracting from existing as well as possible future regulation types. Thus, unlike existing solutions, InFO provides information flow control on the Internet-layer, transport-layer, as well as application-layer. In addition, InFO allows for linking the technical implementation of a flow control policy with a human-readable representation including its legal background (law) and organizational motivation (code of conduct). Besides a detailed description of the pattern system, we also provide various examples demonstrating the practical applicability of InFO. InFO has been implemented for name servers, routers, as well as application-level proxy servers. Its source code is available to the public.
When publishing graph data on the web such as vocabularies using RDF(S) or OWL, one has only limited means to verify the authenticity and integrity of the graph data. Today's approaches require a high signature overhead and do not support iterative signing of graph data. This paper describes a first step towards a framework for signing arbitrary graph data provided in RDF(S), Named Graphs, or OWL. Our framework supports signing graph data at different levels of granularity: minimum self-contained graphs (MSG), sets of MSGs, and entire graphs. It supports iteratively signing graph data, e. g., when different parties provide different parts of a common graph, and allows for signing multiple graphs. Both can be done with a constant, low overhead for the resulting signature statements, even when iteratively signing.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.