语义Web技术的本体安全性研究

【作者】 孔鸿滨；

【导师】 姚绍文；

【作者基本信息】 云南大学 ， 通信与信息系统， 2012， 博士

【摘要】 语义Web是万维网创始人Tim Berners-Lee提出的下一代网络,其目的在于让机器理解Web页面内容并为人类提供智能化的服务。经过十来年的发展,语义Web的基础理论和技术得到了长足的发展。然而,随着语义Web应用系统的逐渐增多,它所面临的安全性挑战却日益突显。在开放的互联网环境中,未经授权的访问、恶意修改和使用不当都是网络攻击的主要方式,如何有效地保护数据已经成了当前的迫切所需。目前,语义Web安全方面的研究明显滞后于元数据描述和数据互操作的发展,业界一致认为,安全性是语义Web成为主流技术之前必须解决的一个关键问题。鉴于本体是构建语义Web的核心技术,本文的主要工作是针对本体安全存在的薄弱环节,对其中的一些关键领域及应用技术进行了深入研究。论文所研究的内容主要涉及本体的访问控制、完整性保护和可用性等方面的问题,取得了如下创新性成果：·针对RBAC策略显示表达易受攻击的问题,将主动数字水印技术引入到本体的访问控制研究。在分析OWL文档语法结构的基础上,提出了多种基于OWL语言的文本信息隐藏的方法,构建了基于主动数字水印的本体角色授权访问控制模型WORBAC及相关实现算法。·在开放、分布式的Internet中,基于身份授权的传统安全机制已经无法适合语义Web的应用。为此,在形式化ABAC模型的基础上,构建了本体ABAC安全模型,用易于用户理解和编程实现的N3Logic来描述模型中的规则,利用语义Web的推理能力提供了基于证明的本体访问控制,从而大大提高了系统的安全性。·围绕本体中敏感数据被非法篡改后难以检测和发现的问题,将零水印思想及信息隐藏技术引入本体的完整性研究,设计了本体数据完整性校验模型及实现算法,用JAVA编程验证了该思路的正确性。·本体异质的普遍存在已经成为本体互操作和语义通信的主要障碍,对本体的正常使用构成了严重的安全威胁。论文深入分析了本体异质中语义异质的本质原因,提出了基于模糊逻辑的语义异质消解方法,通过构造模糊公共本体来消解语义异质,为提高本体的可用性提供了新的思路。研究结果丰富了数字水印、N3Logic、零水印、模糊逻辑在语义Web安全领域的应用研究,取得了具有一定理论价值和实用价值的研究成果,为进一步解决语义Web在实际应用中所面临的安全问题作了相关的理论和方法铺垫。本文的研究结果对于本体在Internet环境下的访问控制、机密信息传递、完整性检验、信息系统集成、电子政务和电子商务等领域的应用具有一定的应用价值。更多还原

【Abstract】 Semantic Web is the next generation network which was proposed by the founder of the World Wide Web Tim Berners-Lee, whose aim is to get the machine to understand Web page content and provide intelligent services for human being. After10years of development, the Semantic Web on basic theory and technology got rapid progress. However, with Semantic Web applications on the rise, it is increasingly highlighting the security challenges that it faces. In the open Internet environment, unauthorized access, malicious modification and improper use are the main method of network attacks, how to effectively protect data has become our urgent needs. At present, the Semantic Web security research has lagged far behind in the metadata descriptions and data interoperability development, the industry consensus agree that security is the key issue must be solved before Semantic Web becomes the mainstream technology.Since ontology is the core technology to construct Semantic Web, the dissertation mainly targets at the existing weak links of ontology security; some of the key areas and application technology are thoroughly studied. The content of the research work mainly involves access control, integrity protection, ontology availability and other aspects of the problem. The innovative results achieved are as follows:●According to the fact that explicit expression of RBAC strategy is vulnerable, active digital watermarking technology is introduced into the research of access control to the ontology. On the basis of syntax analysis of OWL document structure, several text information hiding method based on the OWL language are proposed to build active watermark based authorization Ontology model using RBAC and related algorithms.●In the open. distributed Internet environment, traditional identity-based security mechanisms cannot fit the application of Semantic Web. Therefore, on the basis of ABAC model formalization. ontology ABAC security model is constructed, programming with easier for users to understand and implement N3Logic to describe rules in the model, using the reasoning ability of Semantic Web to provide proof of access control based on ontology, which greatly improve the safety of the system.●Concerning the problem that modification of sensitive data in ontologies is difficult to be detected and discovered after being illegal tampered, zero-watermarking and information hiding technology are brought into the research of ontology integrity. Ontology data integrity verification model and related algorithms are designed with JAVA programming to verify the soundness of the method.●The universal existence of Ontology heterogeneous has become the major obstacles of ontology interoperability and semantic communication, causing a serious security threat to the normal usage of ontology. Paper thoroughly analyzed the essence of semantic heterogeneity in the ontology heterogeneity, and proposed semantic heterogeneity digestion method based on fuzzy logic. Digestion by constructing a fuzzy public ontology to solve the problem of semantic heterogeneity, which provides a new way of thinking to increase the availability of ontology.Research findings enrich the digital watermark, N3Logic, zero-watermark, fuzzy logic in the field of Semantic Web security application. A number of certain theoretical and practical values of research results are obtained which has laid the foundation of theory and methods to solve the security problems that the Semantic Web in practice faced.The results of this dissertation may have certain value in the applation area of Internet environment for ontology access control, confidential information transmission, integrity testing, information systems integration, e-government and e-commerce and other fields.更多还原