\contentsline {chapter}{\numberline {1}Introduction}{15}{chapter.1}
\contentsline {section}{\numberline {1.1}Motivating Example}{17}{section.1.1}
\contentsline {subsection}{\numberline {1.1.1}Sample Usage Scenario}{17}{subsection.1.1.1}
\contentsline {section}{\numberline {1.2}System Components}{18}{section.1.2}
\contentsline {section}{\numberline {1.3}Outline}{19}{section.1.3}
\contentsline {chapter}{\numberline {2}Policy Assurance}{21}{chapter.2}
\contentsline {section}{\numberline {2.1}Introduction to Policy Assurance}{21}{section.2.1}
\contentsline {section}{\numberline {2.2}User Roles and Perspectives}{23}{section.2.2}
\contentsline {subsection}{\numberline {2.2.1}The Administrator}{23}{subsection.2.2.1}
\contentsline {subsection}{\numberline {2.2.2}The User}{24}{subsection.2.2.2}
\contentsline {subsection}{\numberline {2.2.3}The Auditor}{24}{subsection.2.2.3}
\contentsline {section}{\numberline {2.3}Modes of Operation}{25}{section.2.3}
\contentsline {section}{\numberline {2.4}Demonstration}{25}{section.2.4}
\contentsline {subsection}{\numberline {2.4.1}Describing a Free-Text Policy}{25}{subsection.2.4.1}
\contentsline {subsection}{\numberline {2.4.2}Checking a Compliant Query}{26}{subsection.2.4.2}
\contentsline {subsection}{\numberline {2.4.3}Checking an Incompliant Query}{31}{subsection.2.4.3}
\contentsline {subsection}{\numberline {2.4.4}Demo Notes}{37}{subsection.2.4.4}
\contentsline {section}{\numberline {2.5}Summary}{37}{section.2.5}
\contentsline {chapter}{\numberline {3}System Detail}{39}{chapter.3}
\contentsline {section}{\numberline {3.1}SPARQL Query Translation}{39}{section.3.1}
\contentsline {subsection}{\numberline {3.1.1}SPARQL to N3 Web Page}{41}{subsection.3.1.1}
\contentsline {subsection}{\numberline {3.1.2}Query Conversion Ontology}{41}{subsection.3.1.2}
\contentsline {subsection}{\numberline {3.1.3}swobjects: Parsing and Serializing}{43}{subsection.3.1.3}
\contentsline {subsection}{\numberline {3.1.4}SPARQL Language Translation}{43}{subsection.3.1.4}
\contentsline {subsubsection}{Namespaces and URIs: BASE and PREFIX}{44}{section*.6}
\contentsline {subsubsection}{Query Identification}{44}{section*.7}
\contentsline {subsubsection}{SELECT}{45}{section*.8}
\contentsline {subsubsection}{SELECT *}{45}{section*.9}
\contentsline {subsubsection}{CONSTRUCT}{46}{section*.10}
\contentsline {subsubsection}{ASK}{47}{section*.11}
\contentsline {subsubsection}{DESCRIBE}{48}{section*.12}
\contentsline {subsubsection}{Query Modifiers: ORDER BY, LIMIT, OFFSET, DISTINCT, REDUCED}{48}{section*.13}
\contentsline {subsubsection}{OPTIONAL}{49}{section*.14}
\contentsline {subsubsection}{UNION}{49}{section*.15}
\contentsline {subsubsection}{Boolean Functions}{50}{section*.16}
\contentsline {subsubsection}{Built-in Functions: STR, LANG, LANGMATCHES, DATATYPE, BOUND, sameTERM, isURI, isIRI, isLITERAL, REGEX, true, false}{51}{section*.17}
\contentsline {subsubsection}{FILTER}{51}{section*.18}
\contentsline {subsubsection}{GRAPH}{52}{section*.19}
\contentsline {subsection}{\numberline {3.1.5}Lost in Translation}{52}{subsection.3.1.5}
\contentsline {subsection}{\numberline {3.1.6}Translator Summary}{54}{subsection.3.1.6}
\contentsline {section}{\numberline {3.2}AIR Policy Generation}{54}{section.3.2}
\contentsline {subsection}{\numberline {3.2.1}Templates for Policy Generation}{54}{subsection.3.2.1}
\contentsline {subsection}{\numberline {3.2.2}Supported Policy Types}{54}{subsection.3.2.2}
\contentsline {subsubsection}{To USE and to RETRIEVE}{55}{section*.20}
\contentsline {subsubsection}{Restriction}{59}{section*.21}
\contentsline {subsubsection}{Inclusion}{59}{section*.22}
\contentsline {subsubsection}{Exclusion}{60}{section*.23}
\contentsline {subsubsection}{Chaining}{61}{section*.24}
\contentsline {subsubsection}{Default Deny}{62}{section*.25}
\contentsline {subsection}{\numberline {3.2.3}Automatic Policy Generation}{63}{subsection.3.2.3}
\contentsline {subsection}{\numberline {3.2.4}Query History with check-compliance}{67}{subsection.3.2.4}
\contentsline {subsection}{\numberline {3.2.5}Policy Generation User Interface}{68}{subsection.3.2.5}
\contentsline {subsection}{\numberline {3.2.6}Compliance Testing and Browser Presentation in Tabulator}{68}{subsection.3.2.6}
\contentsline {subsection}{\numberline {3.2.7}Implementation Note}{68}{subsection.3.2.7}
\contentsline {section}{\numberline {3.3}Summary}{72}{section.3.3}
\contentsline {chapter}{\numberline {4}Performance}{73}{chapter.4}
\contentsline {chapter}{\numberline {5}Related and Prior Work}{77}{chapter.5}
\contentsline {section}{\numberline {5.1}Policy Awareness}{77}{section.5.1}
\contentsline {section}{\numberline {5.2}Methodologies of Access Control}{78}{section.5.2}
\contentsline {subsection}{\numberline {5.2.1}Mandatory and Discretionary Access Control}{78}{subsection.5.2.1}
\contentsline {subsection}{\numberline {5.2.2}Role Based Access Control}{79}{subsection.5.2.2}
\contentsline {subsection}{\numberline {5.2.3}Rule- and Policy-Based Access Control}{80}{subsection.5.2.3}
\contentsline {section}{\numberline {5.3}Prior Work in Relational Databases}{80}{section.5.3}
\contentsline {subsection}{\numberline {5.3.1}Access Control Lists}{80}{subsection.5.3.1}
\contentsline {subsection}{\numberline {5.3.2}Access Control Features In A Modern RDBMS}{81}{subsection.5.3.2}
\contentsline {subsection}{\numberline {5.3.3}Misuse and Intrusion Detection}{82}{subsection.5.3.3}
\contentsline {section}{\numberline {5.4}Alteration of Data}{83}{section.5.4}
\contentsline {chapter}{\numberline {6}Future Directions}{85}{chapter.6}
\contentsline {section}{\numberline {6.1}SPARQL Endpoint Integration}{85}{section.6.1}
\contentsline {section}{\numberline {6.2}SQL Support}{86}{section.6.2}
\contentsline {section}{\numberline {6.3}Completing and Porting the N3 Translator}{86}{section.6.3}
\contentsline {section}{\numberline {6.4}Policy Generation from Natural Language}{87}{section.6.4}
\contentsline {section}{\numberline {6.5}Semantic Policies}{87}{section.6.5}
\contentsline {section}{\numberline {6.6}Database Description}{87}{section.6.6}
\contentsline {chapter}{\numberline {7}Concluding Thoughts}{89}{chapter.7}
\contentsline {chapter}{\numberline {A}Background Technologies}{91}{appendix.A}
\contentsline {section}{\numberline {A.1}Semantic Web Overview}{91}{section.A.1}
\contentsline {subsection}{\numberline {A.1.1}The Vision}{91}{subsection.A.1.1}
\contentsline {subsection}{\numberline {A.1.2}The URI}{93}{subsection.A.1.2}
\contentsline {subsection}{\numberline {A.1.3}HTML, the Hyper\discretionary {-}{}{}Text Mark\discretionary {-}{}{}up Language, and XML, the eX\discretionary {-}{}{}ten\discretionary {-}{}{}si\discretionary {-}{}{}ble Mark\discretionary {-}{}{}up Language}{94}{subsection.A.1.3}
\contentsline {section}{\numberline {A.2}RDF}{95}{section.A.2}
\contentsline {subsection}{\numberline {A.2.1}Notation 3}{97}{subsection.A.2.1}
\contentsline {section}{\numberline {A.3}OWL}{97}{section.A.3}
\contentsline {section}{\numberline {A.4}Tabulator}{98}{section.A.4}
\contentsline {section}{\numberline {A.5}SPARQL}{98}{section.A.5}
\contentsline {section}{\numberline {A.6}Reasoning}{100}{section.A.6}
\contentsline {subsection}{\numberline {A.6.1}Forward Chaining}{100}{subsection.A.6.1}
\contentsline {subsection}{\numberline {A.6.2}Production Rule Systems}{101}{subsection.A.6.2}
\contentsline {subsection}{\numberline {A.6.3}The Rete Algorithm}{101}{subsection.A.6.3}
\contentsline {subsection}{\numberline {A.6.4}Semantic Web Application Platform}{101}{subsection.A.6.4}
\contentsline {subsection}{\numberline {A.6.5}cwm and cwmrete}{101}{subsection.A.6.5}
\contentsline {section}{\numberline {A.7}AIR}{102}{section.A.7}
\contentsline {subsection}{\numberline {A.7.1}Introduction}{102}{subsection.A.7.1}
\contentsline {subsection}{\numberline {A.7.2}A Brief AIR Tutorial}{103}{subsection.A.7.2}
\contentsline {subsection}{\numberline {A.7.3}Changes to the AIR language}{106}{subsection.A.7.3}
\contentsline {subsection}{\numberline {A.7.4}AIR Summary}{108}{subsection.A.7.4}
\contentsline {section}{\numberline {A.8}Summary}{108}{section.A.8}
\contentsline {chapter}{\numberline {B}Supporting Code}{109}{appendix.B}
\contentsline {section}{\numberline {B.1}MIT Prox Card Policy}{109}{section.B.1}
\contentsline {section}{\numberline {B.2}SSN Policy - Original Ontology}{110}{section.B.2}
\contentsline {section}{\numberline {B.3}SSN Policy - Current Ontology}{115}{section.B.3}
\contentsline {section}{\numberline {B.4}A sample SPARQL Query}{117}{section.B.4}
\contentsline {section}{\numberline {B.5}Abstract SPARQL to N3 Ontology}{117}{section.B.5}
\contentsline {section}{\numberline {B.6}Sample Restriction Policy}{119}{section.B.6}
\contentsline {section}{\numberline {B.7}Sample Inclusion Policy}{121}{section.B.7}
\contentsline {section}{\numberline {B.8}Sample Exclusion Policy}{124}{section.B.8}
\contentsline {section}{\numberline {B.9}Sample History-Aware Exclusion Policy}{125}{section.B.9}
\contentsline {section}{\numberline {B.10}Sample Chaining Policy}{127}{section.B.10}
\contentsline {section}{\numberline {B.11}Sample Default Deny Policy}{129}{section.B.11}
\contentsline {section}{\numberline {B.12}No-Address Restriction Policy for Sample Scenario}{130}{section.B.12}