A Gentle Introduction to Controlled Query Evaluation in DL-Lite Ontologies

Controlled query evaluation (CQE) is an approach for confidentiality-preserving query answering where a function called censor alters query answers so that users can never infer data that are protected by a policy given in terms of logic formulae. In this paper, we review some foundational results we have recently found in the context of CQE over Description Logic ontologies. In more detail, we discuss the main characteristics of two notions of censor, CQ censor and GA censor, focusing on the computational complexity of query answering and on the notion of indistinguishability. The latter is a desirable property imposing that a censor always makes a user believe that the underlying data instance might not contain confidential data. As for computational aspects, we characterize the data complexity of answering conjunctive queries for the relevant and practical case of DL-LiteR ontologies. Since neither CQ censors nor GA censors enjoy both indistinguishability and tractability of query answering in the analyzed setting, we finally recall the notion of IGA censors, a sound approximation of GA censors which instead enjoys both properties, thus paving the way for robust and practical CQE for DL-LiteR ontologies.