Correctness

The Correctness project is a study of the security implications associated with granting partial access to SPARQL results based on a number of query categories (graph patterns, aggregates, subqueries, property paths and filters), update operations (CLEAR, LOAD, INSERT DATA, DELETE DATA and DELETE/INSERT), and a number of graph management operations (CREATE, DROP, MOVE, COPY and ADD).

Dataset, Authorisations and Queries

In order to evaluate our query rewriting strategies we systematically generate authorisations and queries from an auto generated Berlin SPARQL Benchmark (BSBM) dataset

For SPARQL queries, the following algorithm is used to evaluate each of the auto generated queries:
  • Firstly, the unauthorised quad pattern is used to remove unauthorised data, and the query is executed against the resulting authorised dataset.
  • Secondly, the unauthorised quad pattern is used to rewrite the query based on the query rewriting algorithm and this rewritten query is executed over the dataset which contains both authorised and unauthorised data.
  • Finally, the results of both approaches are compared using the criteria presented above.
For SPARQL updates, the following algorithm is used to evaluate each of the auto generated queries:
  • Firstly, the unauthorised quad pattern is used to create a dataset which only contains authorised data and a dataset which only contains unauthorised data. The query is subsequently executed against the authorised dataset and both the unauthorised dataset and the updated authorised dataset are merged to form a new merged .ltered dataset. In the case of INSERT DATA unauthorised triples need to be removed from the query before it is executed over the authorised dataset. In such instances the .filtering approach is quite similar to the rewriting approach.
  • Secondly, the quad pattern is used to rewrite the query and this rewritten query is executed over the original dataset.
  • Finally, the results of both approaches are compared using the criteria presented above.

The evaluation datasets, authorisations and queries are stored on a public Google drive correctness@googledocs.