In many applications, Knowledge Bases (KBs) contain confidential or private information (secrets). The KB should be able to use this secret information in its reasoning process but in answering user queries care must be exercised so that secrets are not revealed to unauthorized users. We consider this problem under the OpenWorld Assumption (OWA) in a setting with multiple querying agents M-1,..., M-m that can pose queries against the KB kappa and selectively share answers that they receive from kappa with one or more other querying agents. We assume that for each M-i, the KB has a prespecified set of secrets S-i that need to be protected from M-i. Communication between querying agents is modeled by a communication graph, a directed graph with self-loops. We introduce a general framework and propose an approach to secrecy-preserving query answering based on sound and complete proof systems. The idea is to hide the truthful answer from a querying agent M-i by feigning ignorance without lying (i.e., to provide the answer 'Unknown' to a query q if it needs to be protected. Under the OWA, a querying agent cannot distinguish between the case that q is being protected (for reasons of secrecy) and the case that it cannot be inferred from K. In the pre-query stage we compute a set of envelopes E-1,..., E-m (restricted to a finite subset of the set of formulae that are entailed by kappa) so that S-i subset of E-i, and a query alpha posed by agent M-i can be answered truthfully whenever alpha is an element of is not an element of E-i and -alpha is not an element of E-i. After the pre-query stage, the envelope is updated as needed. We illustrate this approach with two simple cases: the Propositional Horn KBs and the Description Logic ALKBs.

• 出版日期2015-3