Inverting Proof Systems for Secrecy under OWA Giora Slutzki - - PowerPoint PPT Presentation

inverting proof systems for secrecy under owa
SMART_READER_LITE
LIVE PREVIEW

Inverting Proof Systems for Secrecy under OWA Giora Slutzki - - PowerPoint PPT Presentation

Dec 22, 2022 25 likes •383 views

Inverting Proof Systems for Secrecy under OWA Giora Slutzki Department of Computer Science Iowa State University Ames, Iowa 50010 slutzki@cs.iastate.edu May 9th, 2010 Jointly with Jia Tao and Vasant Honavar G. Slutzki (ISU) Inverting Proof

slide-1
SLIDE 1

Inverting Proof Systems for Secrecy under OWA

Giora Slutzki

Department of Computer Science Iowa State University Ames, Iowa 50010 slutzki@cs.iastate.edu

May 9th, 2010 Jointly with Jia Tao and Vasant Honavar

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 1 / 34

slide-2
SLIDE 2

Knowledge Representation

Knowledge Representation

Knowledge representation (KR) mechanisms aim to provide a high level description of a given application domain with the goal

  • f facilitating construction of intelligent applications.

Representation formalisms based on logic turn out to be eminently suitable because

1

well-defined syntax

2

formal semantics

3

support development of adequate reasoning services

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 2 / 34

slide-3
SLIDE 3

Description Logic Description Logics

Description Logics

Description logics (DLs) are a family of logic based Knowledge Representation formalisms. DLs describe domain in terms of concepts (classes), roles (binary relationships) and individuals (objects).

Decidable fragments of FOL. Closely related to Propositional Modal Logics.

Formal semantics for DLs are typically model theoretic.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 3 / 34

slide-4
SLIDE 4

Description Logic Description Logic EL

EL — Concept Expressions and Roles

Vocabulary: NO, NC, NR Syntax and semantics: interpretation I = (∆, ·I) Syntax Semantics ⊤ ⊤I = ∆ a aI ∈ ∆ A AI ⊆ ∆ r r I ⊆ ∆ × ∆ C ⊓ D CI ∩ DI ∃r.C {x ∈ ∆ | ∃y : (x, y) ∈ r I ∧ y ∈ CI} Example: C ⊓ D, ∃r.(C ⊓ ∃s.D)

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 4 / 34

slide-5
SLIDE 5

Description Logic Description Logic EL

EL — Formulae and Knowledge Bases

EL formulae are of the form Syntax Semantics C ⊑ D CI ⊆ DI C(a) aI ∈ CI r(a, b) (aI, bI) ∈ r I EL-knowledge base: Σ = A, T

A: a finite non-empty set of assertions (ABox); T : a finite set of subsumptions (TBox).

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 5 / 34

slide-6
SLIDE 6

Description Logic DL Reasoning Services

DL Reasoning Services

KB-satisfiability: Σ is satisfiable if it has a model Concept-satisfiability: C is satisfiable w.r.t. Σ if there is a model of Σ where the interpretation of C is not empty Subsumption: C is subsumed by D w.r.t. Σ if for every model of Σ, the interpretation of C is a subset of that of D Query-answering: a is an instance of C if the assertion C(a) is true in every model of Σ

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 6 / 34

slide-7
SLIDE 7

Query Answering

Query Answering

Given a KB Σ = A, T , its main goal is to answer user queries. Here we assume that queries are assertions.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 7 / 34

slide-8
SLIDE 8

Query Answering Proof System for A*

Proof System for A∗

⊓A

1 -rule:

if C1 ⊓ · · · ⊓ Ck(a) ∈ A∗ and Ci(a) / ∈ A∗, then A∗ := A∗ ∪ {Ci(a)} where 1 ≤ i ≤ k; ⊓A

2 -rule:

if {C1(a), ..., Ck(a)} ⊆ A∗, C1 ⊓ · · · ⊓ Ck ∈ SubC and C1 ⊓ · · · ⊓ Ck(a) / ∈ A∗, then A∗ := A∗ ∪ {C1 ⊓ · · · ⊓ Ck(a)}; ∃A

1 -rule:

if {r(a, b), C(b)} ⊆ A∗, ∃r.C ∈ SubC and ∃r.C(a) / ∈ A∗, then A∗ := A∗ ∪ {∃r.C(a)}; ∃A

2 -rule:

if ∃r.C(a) ∈ A∗ and ∄b ∈ O∗ such that {r(a, b), C(b)} ⊆ A∗, then A∗ := A∗ ∪ {r(a, c), C(c)} where c is fresh, and O∗ := O∗ ∪ {c}; ⊑T -rule: if C(a) ∈ A∗, C ⊑ D ∈ T and D(a) / ∈ A∗, then A∗ := A∗ ∪ {D(a)}.

Theorem: The above proof system is sound and complete.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 8 / 34

slide-9
SLIDE 9

Query Answering Query Answering under OWA

Query Answering under OWA

Open World Assumption (OWA) The knowledge of the world is incomplete. Under OWA, if a statement cannot be proven by the reasoner, we do not conclude that it is false. Instead, we view the status of such statements as “Unknown”. Based on OWA, the answer to a query C(a) posed to the knowledge base Σ is defined as Yes, if Σ ⊢ C(a), Unknown, otherwise.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 9 / 34

slide-10
SLIDE 10

Query Answering Secrecy-preserving Reasoning

Secrecy-preserving Reasoning

OWA: the KB has incomplete information. Main Idea of Secrecy-preserving Reasoning: A secrecy-preserving reasoner must answer “Unknown” to every query whose secrecy must be protected. Because of OWA, querying agents are not able to distinguish between the information that is unknown to the reasoner and the information that the reasoner needs to protect. Goal: To answer queries as informatively as possible without compromising secret information.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 10 / 34

slide-11
SLIDE 11

Query Answering Secrecy-preserving Reasoning

Secrecy Envelopes

Let S ⊆ A∗ be a set of assertions whose secrecy must be protected. Secrecy Envelope ES S ⊆ ES and (A∗ \ ES)∗ ∩ S = ∅ Tight Envelope Et

S

∀α ∈ Et

S,

((A∗ \ Et

S) ∪ {α})∗ ∩ S = ∅.

Need good algorithms for computing secrecy envelopes.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 11 / 34

slide-12
SLIDE 12

Example

Example: the knowledge base Σ

Σ = A, T T = {∃r.(A ⊓ D) ⊑ C, B ⊑ ∃r.D, ∃r.D ⊑ C, C ⊑ E} A = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b)} T ∗ B ⊑ C, B ⊑ E, B ⊑ ∃r.D C ⊑ E A ⊓ D ⊑ A, A ⊓ D ⊑ D ∃r.(A ⊓ D) ⊑ C, ∃r.(A ⊓ D) ⊑ E, ∃r.(A ⊓ D) ⊑ ∃r.D ∃r.D ⊑ C, ∃r.D ⊑ E A∗ A ∪ {A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)}

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 12 / 34

slide-13
SLIDE 13

Example A Redundant Envelope

Example: a redundant envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E1 A ⊓ D(a)

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 13 / 34

slide-14
SLIDE 14

Example A Redundant Envelope

Example: a redundant envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E1 A ⊓ D(a), A(a) choose A(a)

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 14 / 34

slide-15
SLIDE 15

Example A Redundant Envelope

Example: a redundant envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E1 A ⊓ D(a), A(a) E(a)

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 15 / 34

slide-16
SLIDE 16

Example A Redundant Envelope

Example: a redundant envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E1 A ⊓ D(a), A(a) E(a), B(a) because B ⊑ E ∈ T ∗

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 16 / 34

slide-17
SLIDE 17

Example A Redundant Envelope

Example: a redundant envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E1 A ⊓ D(a), A(a) E(a), B(a), C(a) because C ⊑ E ∈ T ∗

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 17 / 34

slide-18
SLIDE 18

Example A Redundant Envelope

Example: a redundant envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E1 A ⊓ D(a), A(a) E(a), B(a), C(a), ∃r.(A ⊓ D)(a) because ∃r.(A ⊓ D) ⊑ E ∈ T ∗

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 18 / 34

slide-19
SLIDE 19

Example A Redundant Envelope

Example: a redundant envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E1 A ⊓ D(a), A(a) E(a), B(a), C(a), ∃r.(A ⊓ D)(a), ∃r.D(a) because ∃r.D ⊑ E ∈ T ∗

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 19 / 34

slide-20
SLIDE 20

Example A Redundant Envelope

Example: a redundant envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E1 A ⊓ D(a), A(a) E(a), B(a), C(a), ∃r.(A ⊓ D)(a), ∃r.D(a), D(a) because {r(a, a), D(a)} ⊆ A∗ and we choose D(a)

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 20 / 34

slide-21
SLIDE 21

Example A Redundant Envelope

Example: a redundant envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E1 A ⊓ D(a), A(a) E(a), B(a), C(a), ∃r.(A ⊓ D)(a), ∃r.D(a), D(a), r(a, b) because {r(a, b), D(b)} ⊆ A∗ and we choose r(a, b)

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 21 / 34

slide-22
SLIDE 22

Example A Redundant Envelope

Example: a redundant envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E1 A ⊓ D(a), A(a) E(a), B(a), C(a), ∃r.(A ⊓ D)(a), ∃r.D(a), D(a), r(a, b) E1 is an envelope. However, A(a) is redundant because of D(a).

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 22 / 34

slide-23
SLIDE 23

Example A Tight Envelope

Example: a tight envelope

The secrecy set S = {A ⊓ D(a), E(a)} A∗ = {A(a), B(a), D(a), C(a), r(a, a), r(a, b), D(b), A ⊓ D(a), E(a), ∃r.D(a), ∃r.(A ⊓ D)(a)} The secrecy envelope E2 A ⊓ D(a), D(a), E(a), B(a), C(a), ∃r.(A ⊓ D)(a), ∃r.D(a), r(a, b) E2 is tight.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 23 / 34

slide-24
SLIDE 24

Computing Secrecy Envelopes Secrecy Envelope Problem is NP-complete

Computing Secrecy Envelopes

How to compute secrecy envelopes that are both: informative, and secrecy-preserving. Tight would be good! Optimal would be better, but

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 24 / 34

slide-25
SLIDE 25

Computing Secrecy Envelopes Secrecy Envelope Problem is NP-complete

Computing Secrecy Envelopes

How to compute secrecy envelopes that are both: informative, and secrecy-preserving. Tight would be good! Optimal would be better, but The Secrecy Envelope Problem is NP-complete Given a KB Σ = A, T and a secrecy set S ⊆ A∗, let k ≤ |A∗|. Is there a secrecy envelope E such that S ⊆ E ⊆ A∗ and |E \ S| ≤ k?

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 24 / 34

slide-26
SLIDE 26

Computing Secrecy Envelopes Lazy Approach

Computing Secrecy Envelopes

How to compute secrecy envelopes that are both: informative, and secrecy-preserving. Lazy approach: wait for queries; when query α comes along, figure out how to answer it so that no information about secrecy set S is revealed, taking into account answers to prior queries: (QYES ∪ {α})∗ ∩ S = ∅

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 25 / 34

slide-27
SLIDE 27

Computing Secrecy Envelopes Main Idea

Main Idea

Take the reasoner’s proof system used to compute consequences A∗

  • f the KB Σ = A, T and “invert” it into a “proof system” to compute

the secrecy envelope ES from the secrecy set S. Approach We invert the inference rules.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 26 / 34

slide-28
SLIDE 28

Computing Secrecy Envelopes Illustration of Inverting Infer Rules

Illustrations (non EL)

1

Modus Ponens A, A → B B

2

And-Elimination A ∧ B A, B

3

And-Introduction A, B A ∧ B

1

Inverse Modus Ponens B is secret, A → B A should be secret

2

Inverse And-Elimination A ∧ B is secret A or B should be secret

3

Inverse And-Introduction A or B is secret A ∧ B should be secret

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 27 / 34

slide-29
SLIDE 29

Computing Secrecy Envelopes Inverting EL Rules

EL secrecy closure rules

⊓1 rules: ⊓A

1 -rule: If C1 ⊓ · · · ⊓ Ck(a) ∈ A∗ and Ci(a) /

∈ A∗, then A∗ := A∗ ∪ {Ci(a)} where 1 ≤ i ≤ k ⊓S

1-rule:

If C1 ⊓ · · · ⊓ Ck(a) ∈ A∗ \ E and {C1(a), ..., Ck(a)} ∩ E = ∅, then E := E ∪ {C1 ⊓ · · · ⊓ Ck(a)} ⊓2 rules: ⊓A

2 -rule: If {C1(a), ..., Ck(a)} ⊆ A∗, C1 ⊓ · · · ⊓ Ck ∈ SubC and

C1 ⊓ · · · ⊓ Ck(a) / ∈ A∗, then A∗ := A∗ ∪ {C1 ⊓ · · · ⊓ Ck(a)} ⊓S

2-rule:

If C1 ⊓ · · · ⊓ Ck(a) ∈ E and {C1(a), ..., Ck(a)} ∩ E = ∅, then E := E ∪ {Ci(a)} where 1 ≤ i ≤ k

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 28 / 34

slide-30
SLIDE 30

Computing Secrecy Envelopes Inverting EL Rules

EL secrecy closure rules

∃1 rules: ∃A

1 -rule: If {r(a, b), C(b)} ⊆ A∗, ∃r.C ∈ SubC and ∃r.C(a) /

∈ A∗, then A∗ := A∗ ∪ {∃r.C(a)} ∃S

1-rule:

If ∃r.C(a) ∈ E, ∃b ∈ O∗ s.t. {r(a, b), C(b)} ⊆ A∗ \ E, then E := E ∪ {r(a, b)} or E := E ∪ {C(b)} ∃2 rules: ∃A

2 -rule: If ∃r.C(a) ∈ A∗ and ∄b ∈ O∗ such that {r(a, b), C(b)} ⊆ A∗,

then A∗ := A∗ ∪ {r(a, c), C(c)} where c is fresh, and O∗ := O∗ ∪ {c} ∃S

2-rule:

If ∃r.C(a) ∈ A∗ \ E and ∀b ∈ O∗ with {r(a, b), C(b)} ⊆ A∗, we have {r(a, b), C(b)} ∩ E = ∅, then E := E ∪ {∃r.C(a)}

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 29 / 34

slide-31
SLIDE 31

Computing Secrecy Envelopes Inverting EL Rules

EL secrecy closure rules

⊑ rules: ⊑T -rule: If C(a) ∈ A∗, C ⊑ D ∈ T and D(a) / ∈ A∗, then A∗ := A∗ ∪ {D(a)} ⊑S-rule: If D(a) ∈ E, C ⊑ D ∈ T and C(a) ∈ A∗ \ E, then E := E ∪ {C(a)} Theorem. Let Σ = A, T be a knowledge base, S ⊆ A∗ a secrecy set and let E be obtained from S by the secrecy closure rules until none is

  • applicable. Then E is a secrecy envelope of S.

Remark: The envelope E may not be tight.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 30 / 34

slide-32
SLIDE 32

Computing Secrecy Envelopes Computing Tight Envelopes

Computing Tight Envelopes

1

Deterministic version of ∃S

1-rule:

∃S

1d-rule:

if ∃r.C(a) ∈ E, ∃b ∈ O∗ s.t. {r(a, b), C(b)} ⊆ A∗ \ E, then E := E ∪ {r(a, b)}.

2

Drop ∃S

2-rule:

∃S

2-rule:

if ∃r.C(a) ∈ A∗ \ E, and ∀b ∈ O∗ with {r(a, b), C(b)} ⊆ A∗, we have {r(a, b), C(b)} ∩ E = ∅, then E := E ∪ {∃r.C(a)}

3

Apply remaining secrecy closure rules in a specific order while removing redundancy.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 31 / 34

slide-33
SLIDE 33

Computing Secrecy Envelopes Computing Tight Envelopes

Computing Tight Envelopes

We show that The set E, S ⊆ E, resulting from this process is a tight secrecy envelope of S, and E can be computed in polynomial time.

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 32 / 34

slide-34
SLIDE 34

Secrecy-Preserving Query Answering

Secrecy-Preserving Query Answering

SPQA(T , A∗, C(a), ES): 1. if (C / ∈ SubC) 2. { 3. compute sub(C); 4. update A∗ by adding the concepts in sub(C) \ SubC 5. expand the secrecy envelope ES 6. } 7. if (C(a) ∈ A∗ and C(a) / ∈ ES) 8. return “Yes” 9. else 10. return “Unknown”

Figure: Secrecy Preserving Query Answering procedure

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 33 / 34

slide-35
SLIDE 35

Thank you!

Thank you!

  • G. Slutzki (ISU)

Inverting Proof Systems for Secrecy May 9th, 2010 34 / 34