# $Date: 2009-04-13 18:57:50 -0400 (Mon, 13 Apr 2009) $ # $Revision: 25833 $ # $Author: jsoltren $ # SSN Policy: No-one can access SSN information from the database # specifically, you cannot query for someone's SSN number # or use it in the filter clause @prefix air: . @prefix owl: . @prefix math: . @prefix log: . @prefix xsd: . @prefix s: . @prefix : . @forAll :Q, :P, :W, :V, :T, :F, :S. @forAll :X, :Y, :Z, :A, :B, :O. :SSNPolicy a air:Policy; air:label "SSN sample policy for IARPA PIR project"; air:rule :SSN_RULE1. :SSN_RULE1 a air:BeliefRule; air:label "SSN policy rule1"; air:pattern { :Q a s:Select; s:POSList :P; s:WhereClause :W. }; air:description (:Q " is a SPARQL query"); air:rule :SSN_RULE2. :SSN_RULE2 a air:BeliefRule; air:label "SSN policy rule2"; air:pattern { :P s:variable :V. :W s:TriplePattern :T. :T log:includes { :X :V }. :W s:Filter :F. :F s:TriplePattern :S. :S log:includes { :V [] [] }. }; #air:description ("The query, " :Q ", uses SSN values in the where clause as a pattern, " :T ", and as a filter, " :S ", and retrieves SSN values as variable," :V ); air:description ("The query, " :Q ", uses SSN values in the where clause, as a filter and retrieves SSN values as well"); air:assert { :Q air:non-compliant-with :SSNPolicy }; air:alt [ air:rule :SSN_RULE3 ]. :SSN_RULE3 a air:BeliefRule; air:label "SSN policy rule3"; air:pattern { :P s:variable :V. :W s:TriplePattern :T. :T log:includes { :X :V } }; #air:description ("The query, " :Q ", uses SSN values in the where clause as a pattern, " :T ", and retrieves SSN values as variable," :V ); air:description ("The query, " :Q ", uses SSN values in the where clause and retrieves SSN values"); air:assert { :Q air:non-compliant-with :SSNPolicy }; air:alt [ air:rule :SSN_RULE5 ]. :SSN_RULE4 a air:BeliefRule; air:label "SSN policy rule4"; air:pattern { :P s:variable :V. :W s:TriplePattern :T. :T log:includes { :X :Y } }; #air:description ("The query, " :Q ", includes reference to SSN number in the where clause as a pattern," :T ); air:description ("The query, " :Q ", includes reference to SSN number in the where clause"); air:assert { :Q air:non-compliant-with :SSNPolicy }; air:alt [ air:rule :SSN_RULE7 ]. :SSN_RULE5 a air:BeliefRule; air:label "SSN policy rule5"; air:pattern { :W s:OptionalGraphPattern :O. :O s:TriplePattern :T. :T log:includes { [] [] } }; #air:description ("The query, " :Q ", includes reference to SSN number in the optional part of the where clause as a pattern," :T ); air:description ("The query, " :Q ", includes reference to SSN number in the optional part of the where clause"); air:assert { :Q air:non-compliant-with :SSNPolicy }; air:alt [ air:rule :SSN_RULE4 ]. :SSN_RULE6 a air:BeliefRule; air:label "SSN policy rule6"; air:pattern { :W s:TriplePattern :T. :T log:notIncludes { [] [] } }; air:description ("The query, " :Q ", does not includes reference to SSN number in the where clause"); #air:assert { :Q air:compliant-with :SSNPolicy }. air:rule :SSN_RULE7. :SSN_RULE7 a air:BeliefRule; air:label "SSN policy rule7"; air:pattern { :W s:OptionalGraphPattern :O. }; air:description ("The query, " :Q ", has an optional part"); air:rule :SSN_RULE8; air:alt :SSN_RULE9. :SSN_RULE9 a air:BeliefRule; air:pattern {}; air:assert { :Q air:compliant-with :SSNPolicy }; air:description ("The query, " :Q ", does not have a reference to SSN number in its optional section as it does not have an optional section"). :SSN_RULE8 a air:BeliefRule; air:label "SSN policy rule8"; air:pattern { :O s:TriplePattern :A. :A log:notIncludes { [] [] } }; air:description ("The query, " :Q ", does not includes reference to SSN number in the optional section of the where clases"); air:assert { :Q air:compliant-with :SSNPolicy }. :SSNPolicy_WhereClause a air:Policy; air:label "SSN where clause policy for IARPA PIR project"; air:rule :SSN_WC01. :SSN_WC01 a air:BeliefRule; air:label "SSN where clause rule 01"; air:pattern { :Q a s:Select; s:POSList :P; s:WhereClause :W. }; air:description (:Q " is a SPARQL query"); air:rule :SSN_WC02. :SSN_WC02 a air:BeliefRule; air:label "SSN where clause rule 02"; air:pattern { :P s:variable :V. :W s:TriplePattern :T. :T log:includes { :X :Y } }; air:description ("The query, " :Q ", includes reference to SSN number in the where clause"); air:assert { :Q air:non-compliant-with :SSNPolicy_WhereClause }. :SSNPolicy_OptionalClause a air:Policy; air:label "SSN optional clause policy for IARPA PIR project"; air:rule :SSN_OP01. :SSN_OP01 a air:BeliefRule; air:label "SSN optional clause rule 01"; air:pattern { :Q a s:Select; s:POSList :P; s:WhereClause :W. }; air:description (:Q " is a SPARQL query"); air:rule :SSN_OP02. :SSN_OP02 a air:BeliefRule; air:label "SSN optional clause rule 02"; air:pattern { :W s:OptionalGraphPattern :O. :O s:TriplePattern :T. :T log:includes { [] [] } }; air:description ("The query, " :Q ", includes reference to SSN number in the optional part of the where clause"); air:assert { :Q air:non-compliant-with :SSNPolicy_OptionalClause }. :SSNPolicy_OutputRule a air:Policy; air:label "SSN output rule policy for IARPA PIR project"; air:rule :SSN_OR01. :SSN_OR01 a air:BeliefRule; air:label "SSN output rule 01"; air:pattern { :Q a s:Select; s:POSList :P; s:WhereClause :W. }; air:description (:Q " is a SPARQL query"); air:rule :SSN_OR02. :SSN_OR02 a air:BeliefRule; air:label "SSN output rule 02"; air:pattern { :P s:variable :V. :W s:TriplePattern :T. :T log:includes { [] :V }. }; air:description ("The query, " :Q ", tries to output a variable " :P " that is an SSN"); air:assert { :Q air:non-compliant-with :SSNPolicy_OutputRule }. :SSNPolicy_FilterRule a air:Policy; air:label "SSN filter rule policy for IARPA PIR project"; air:rule :SSN_FR01. :SSN_FR01 a air:BeliefRule; air:label "SSN filter rule 01"; air:pattern { :Q a s:Select; s:POSList :P; s:WhereClause :W. }; air:description (:Q " is a SPARQL query"); air:rule :SSN_FR02. :SSN_FR02 a air:BeliefRule; air:label "SSN filter rule 02"; air:pattern { :P s:variable :V. :W s:TriplePattern :T. :T log:includes { :X :V }. :W s:Filter :F. :F s:TriplePattern :S. :S log:includes { :V [] [] }. }; air:description ("The query, " :Q ", filters on SSN variables"); air:assert { :Q air:non-compliant-with :SSNPolicy_FilterRule }. #ends