explain the expected outputs of our work and finally in section 6 we present a discussion and our conclusions.

We approach the confidentiality problem from two perspectives: inference control strategies and the inference modeling problem. Inference control strategies are based on inference time: (1) During knowledge base design time – the main advantages is that it is usually fast since it only considers the database schema and the corresponding constraints without the actual instances, but the evolution of data is generally not covered in the model. (2) During query-processing time – it provides maximal data availability because all disclosed data can be evaluated to verify the existence of an inference channel. However, it is usually more expensive and time consuming than the design time approach and affects system usage.

In the present work we explore in greater detail the second approach.

In the inference modeling problem we aim at the implementation of two main approaches: (1) Logic-based – policy requirements are enforced when the user requests access to information by means of a query. In the field of ontologies this technique is called Controlled Query Evaluation(CQE) [Bonatti et al. 2015, Eldora et al. 2011]. The main advantages are the clear formalization and decidability results, as well as the independence of the application domain. However, logic-based systems have high complexity, making it expensive for large Web applications. (2) Anonymization based – it refers to privacy preserving data publishing (PPDP) assuming that sensitive data must be retained for data analysis. The main attack and privacy models come from database techniques based on Statistical Disclosure Control(SDC) [Fung et al. 2010]. In knowledge bases the anonymization has been applied mainly in the medical area [Grau and Kostylev 2016], [Domingo-Ferrer et al. 2013]. This model has a smaller complexity than logicbased models, it works on specific domains, with little formalization of the techniques.

We propose two examples to motivate the need to preserve confidentiality, but we can easily imagine similar needs in many other scenarios. The two examples considered here relate to healthcare.

Consider the raw patient data in Table 1 where each record represents a surgery case with the patient specific information. Job, Sex, and Age are quasi-identifying(QID) attributes, this attributes uniquely identify an individual. The hospital wants to release the Table 1 for the purpose of classification analysis on the class attribute, Transfuse, which has two values, YES and NO, indicating whether or not the patient has received blood transfusion. Without a loss of generality, we assume that the only sensitive value in Surgery is Transgender. Table 2 shows the data after the anonymization using the LKC-privacy model [Fung et al. 2010] and after processing in order to generalize the records into equivalence groups so that each group contains at least k records with respect to some QID attributes. The general intuition of LKC-privacy is to ensure that every combination of values in QID with maximum length L, they are shared by at least K records, and the confidence of inferring any sensitive values in S is not greater than C , where L , K , C are thresholds and S is a set of sensitive values specified by the data holder(the hospital). In this way, the sensitive values in each qid group are diversified enough to disorient confident inferences [Mohammed et al. 2009]. There are several anonymization models, depending on the requirements in the publication of the data.

The citizen Jane needs to take a certain preventive medicine for breast cancer. Suppose Jane does not want her physician or the pharmacy to supply the details of the prescription to her health insurance company because she does not want to risk an increase in her health insurance premium on the basis of the fact that medicine she has been prescribed is intended for use by women who are believed to have a high risk of developing breast cancer. In such a setting, in order for Jane to be reimbursed by her insurance company, the pharmacy needs to be able to certify to the insurance company, through a trusted third party, that Jane has indeed incurred a medical expense that is covered by her insurance policy [Bao et al. 2007]. In a simple way, consider KP , the Pharmacy Knowledge Base and KI as Insurance Company Knowledge Base, SJ are Jane’s secrets, such that KP \ KI 6 SJ .

We have developed a simple formal confidentiality model M adapted from the main attack and privacy models found in the literature [Cuenca Grau and Horrocks 2008,Bonatti et al. 2015]. We consider a single knowledge base as the union of several knowledge bases, and the notion of logical consequence, for all knowledge base K will be denoted by Cn(K). We contemplate the problem of confidentiality involves two sub problems, namely (1) the secure publishing of data based on query-processing and (2) the secure evolution of data. Definition 1 Let M be a Simple Confidentiality Model (SCM) as follows: KB, is a knowledge base.

U , is a set of users of KB. Different users access to different views of the KB. For all u 2 U : – Su is a finite set of secrecies that should not be disclosed to the user u. – The queries from one user u are answered using a view of the knowledge base KBu KB. KBu is a secure view if Cn(KBu) \ Su = ;. – A view KBu is maximal secure if it is secure and there exists no K0 such as KBu K0 KB and Cn(K0) \ Su = ;. – BKu, is the set of statements that features the background knowledge of user u. f is a filtering function that maps for each u 2 U , a view V Cn(KBu).

Responsibility for the publication of data is given by the function f of Definition 1, f implements a confidentiality strategy.

Definition 2 Secure Publishing: f is secure if for all u 2 U and s 2 Su, there exists K 2 KB, such that K is the answer to a query Q of user u: f (K; u) generates secure views KBu using a specific confidentiality preservation algorithm, and s 2= Cn(K [ BKu).

Definition 3 Secure Evolution: Given KB = (S; D), S is the knowledge base scheme and D represents the data sets. The evolution KB = (S; D) to KB0 = (S0; D0) is secure w.r.t. Q and a secure view V if the confidentiality of KB = (S; D) entails KB0 = (S0; D0) with a secure view V 0, assuming that V 0 was generated using the same definitions of view V . We can distinguish two types of evolution: when evolution happens in S or when the change occurs in D.

Suppose S does not contain the schema and S0 = S [f g. Then KB0 = (S0; D) does not take break confidentiality since S0 not introduce any correlation with any secrecies of KB.

Confidentiality is independent of evolution in D, since it is not related to some secret query.

We are working on the properties and general requirements for a software tool for the performance evaluation of the confidentiality preservation techniques and heuristic strategies for assurance of confidentiality. Assisting the knowledge engineer to correct the design of the knowledge base identifying axioms that involve to the disclosure of a secret. Beyond the improvement of our model, some specific expected outcomes of our work include: Systematization of heuristic evaluation of the types and confidentiality preservation techniques.

Developing methods that allow the users to judge the correctness of the data need to support flexible conflict resolution. Systematization of techniques to evaluate the completeness and correctness of our results.

Implementation of a software tool to ontologies to ensure the confidentiality of selected pieces of information. The tool can be included as a plugin of Prote´ge´1, allowing to assess the strengths and weaknesses of the implementations of techniques and features of ontologies provided by the user input.

Comparative analysis of the indicators provided by the metrics of the studied heuristic techniques.

As a initial case study, we will developed the examples presented in this paper.

Each strategy is directly related to the purpose of the secure views of a KB. One of our goals in this project is to identify heuristics based on properties of knowledge bases and their planned use to identify and apply confidentiality preservation techniques that minimize the risk of breaches. At present, some heuristics can be sketched as follows: Data anonymization should be applied when: – The goal is to preserve the semantics of the data, omitting personal data, e.g. to establish a balance between retaining context and protecting participants. – The purpose is to study the properties of a data set without allowing the identification of a particular individual. – It is important not to interfere with the usefulness of the original knowledge base. – It is important to preserve the original data and reversibility of the securing process is a requirement.

Creating secure views following logical approaches should be applied when: – The availability of secure views is not restricted to preserve a set of data. – It is totally independent of the application domain.

– It can be adjusted to a specific technique.

In Figure 1 we have a generic description of the software tool we plan to develop in this project. The tool will be released as open source in GitHub.

In this paper we present the following items:

We formally define the problem of generating a knowledge base that preserves confidentiality from an insecure knowledge base.

We present the properties and general requirements for a software tool proposed for the evaluation of performance of confidentiality preservation techniques and heuristic building strategies to guarantee confidentiality in specific cases. A future direction of our work is to consider other forms of distortion of the knowledge base to ensure confidentiality. For example, we can explore not only remove elements of the knowledge base, but we may add new elements.