CEUR

ceur-ws.org Bypass in SHACL

Knowledge Graphs (KG) have emerged as versatile tools for representing and organizing complex relationships between entities in various domains [ 1 ]. As applications utilizing KGs continue to proliferate, ensuring the accuracy and reliability of its data becomes increasingly important. One technique is the Shapes Constraint Language (SHACL), which provides a standardized way to validate RDF graphs.

Despite the increase in popularity of KGs, there is limited research on related security issues. In 2023, [ 2 ] stated that security risks of KG (reasoning) remain largely unexplored and provided one of the first systematic studies on these risks. However, this study and others such as [ 3, 4 ] present security issues that are mostly related to machine learning on top of KGs rather than problems pertaining to KG technologies.

Motivated by this gap in the literature, this paper presents a case study to uncover security vulnerabilities inherent to KG, focusing on SHACL utilization for data validation. SHACL is often used as a simple data validation tool, either internally or for users to check the structure of their documents. However, it is flexible enough to be considered in more complex contexts where multiple stakeholders might interact with the KG. We employ a KG developed in a prior study to validate social security declarations and illustrate potential security issues, showcasing how this flexibility, while beneficial, also introduces risks. Netherlands The Shapes Constraint Language (SHACL) [ 5 ] is a standardized language for expressing conditions that RDF graphs must adhere to, commonly referred to as “shapes.” The set of shapes forms an RDF graph called a “shapes graph.” On the other hand, the RDF graph undergoing validation against these shapes is called a “data graph,” and the RDF graph reporting the result is called a “validation report.”

The validation process works as follows. For each shape, the focus nodes are selected based on their target among the nodes of the data graph. Then, these focus nodes are validated against the shape’s constraints. Depending on the validation results, the validation report indicates either that the data graph conforms when all nodes conform or that the graph does not conform if at least one node fails. In the latter case, the cause of the failing node is reported.

The types of constraints that can be expressed include value type constraints, cardinality constraints, value range constraints and logical operators, among others. These constraints, along with the general workings of the validation, form SHACL-CORE. In addition to SHACLCORE, SHACL-SPARQL extends its capabilities by enabling the creation of custom constraints using SPARQL queries. This component allows one to define more complex validation rules that may not be expressible using standard SHACL constraints alone.

In a prior study [ 6 ], a validation system using KG technologies was built to validate social security declarations stored as XML. This study demonstrated the feasibility of SHACL in expressing complex domain rules where current practice can only validate the syntax and structure of these XML documents with an XSD schema. The built system allows users to have a more complete and transparent validation of their declarations (i.e., user input) as SHACL is more expressive than XSD1. Moreover, the shapes can be shared with the public and used in several applications.

The constraints in the shapes graph were developed by translating constraints from an XSD schema and a well-documented glossary into SHACL. The kind of constraints that were expressed include simple constraints expressed with SHACL-CORE constraints such as datatype, value range, cardinality constraints, regular expressions, and complex constraints expressed with SHACL-SPARQL such as checksums, value part of an enumeration, and value unicity2. Listing 1 shows an example of a shape. This shape constrains a field to be a two-digit integer (lines 5), occur at most once (end of line 4), and be part of an enumeration (lines 6-11).

For the enumeration constraint, the user input must be complemented with additional data for the data graph, e.g., to check whether the provided values are valid w.r.t. rules documented elsewhere. We will refer to these data as public data as it concerns information that is publicly available in the glossary’s annexes. It describes the values allowed for some specific fields and their meaning. For instance, the position code in Listing 13 specifies the code for a person’s job: 1e.g., SHACL allows arithmetic computation, rules between diferent graphs and recursion 2Value unicity refers to ensuring that each value following a specific path in the KG does not occur more than once. 3More detailed examples are available at https://github.com/Ikeragnell/shaclExploits e.g., 58–barman, 61–hunter, 62–valet. As not all values are allowed and allowed values can vary over time, the public data contains an enumeration of the currently allowed values.

Similarly, some rules may require additional data to be included in the data graph, but that should be private. This information concerns user data relevant to social security, such as the number of working hours, amount of contributions, and amount of social rights. For example, Listing 2 states that one cannot be employed and have unemployment benefits simultaneously. ont:NaturalPersonShape a sh:NodeShape ; sh:targetClass ont:NaturalPerson ; sh:sparql [ sh:prefixes <> ; sh:select """SELECT $this WHERE { $this ont:INSS ?nbr; ont:R_90017_90012 ?workerRecord. ?workerRecord a ont:WorkerRecord. ?person ont:INSS ?nbr; ?person ont:R_90017_901234 ?unemploymentBenefit. ?unemploymentBenefit a ont:UnemploymentBenefit.}"""] .

In the previous section, we explained that the data graph included not only the transformed user input but also public and private data. Despite these components being distinguished before they are provided to the SHACL processor, it is critical to note that the SHACL processor treats the data graph as a whole. This aspect becomes a potential source of vulnerability, as SHACL cannot diferentiate user input from historical and trusted information.

This lack of distinction between user input and historical data potentially enables attackers to manipulate the validation process or extract sensitive information from the KG. The following sections present two exploits leveraging this vulnerability: validation bypass and data leakage.

While some access control mechanisms might help mitigate these risks, current access control solutions for KGs are not yet mature [ 7 ] and, to the best of our knowledge, there are no thorough implementations yet. Moreover one might argue that it is the responsibility of KG engineers to manage these risks by implementing their own solution on top of SHACL. However, by identifying these issues at the SHACL level, we can envisage solutions that are more standardized and applicable across various projects.

This paper marks a first step in understanding the vulnerabilities present in SHACL by describing exploits such as validation bypass and data leakage. We highlight the risks stemming from SHACL’s inability to diferentiate triples coming from diferent graphs. Moving forward, we will develop and implement efective strategies to address these security concerns. In the social security domain, where personal or sensitive data is used, convoluted approaches can be conceived in which validation reports are not communicated to users or where humans are kept in the loop in the validation process. Such solutions delegate all responsibilities to the applications built on the KG. Ideally, approaches are embedded into and part of the KG. Our goal is to address these declaratively using KG technologies. One potential venue is to use SHACL extensions5. This study is important to understand the vulnerabilities inherent in KGs. Through these endeavors, we aim to enhance the overall understanding of security issues of KG technologies and fortify them against potential exploits.