Proc. of the 14th Int. Joint Conf. on Knowledge Graphs (IJCKG). Lecture Notes in Computer Science. 2025.
Virtual Knowledge Graph (VKG) is a well-established framework in which users can access a relational data source through an ontology and declarative mappings. VKG systems traditionally assume uniform access rights for all users, an assumption that does not always hold in real-world scenarios involving diverse user roles and sensitive information requiring protection. Controlled Query Evaluation (CQE) provides a privacy-preserving framework by enforcing policies that define confidential information and implementing censors to prevent policy violations. However, it does not account for differences in user privileges during query answering. To address this gap, we extend the Policy-Protected VKG (PPVKG) framework, which embeds CQE policies into VKG mappings, by enabling role-sensitive query answering. Specifically, we incorporate Role-Based Access Control (RBAC) into PPVKG, by associating to each user role a specific set of policies, and ensuring that during query evaluation, only the policies relevant to the user's role are applied. We validate our RBAC enhanced PPVKG approach using the MIMIC-III critical-care database, mapped to the Fast Healthcare Interoperability Resources (FHIR) ontology. Our experiments, conducted with the open-source VKG system Ontop, demonstrate effective policy enforcement with RBAC.
@inproceedings{IJCKG-2025-privacy,
title = "User Access Control in Policy-Protected Virtual Knowledge Graphs",
year = "2025",
author = "Divya Baura and Diego Calvanese",
booktitle = "Proc. of the 14th Int. Joint Conf. on Knowledge Graphs
(IJCKG)",
publisher = "Springer",
series = "Lecture Notes in Computer Science",
}
pdf