Abstract
Two convincing paradigms have emerged for achieving scalability in widely distributed systems: role-based, policy-driven control of access to the system by applications and for system management purposes; and publish/subscribe communication between loosely coupled components. Publish/subscribe provides efficient support for mutually anonymous, many-to-many communication between loosely coupled entities. In this paper we focus on securing such a communication service (1) by specifying and enforcing access control policy at the service API, and (2) by enforcing the security and privacy aspects of these policies within the service itself. We envisage independent but related administration domains that share a pub/sub communications infrastructure, typical of public-sector systems. Roles are named within each domain and role-related privileges for using the pub/sub service are specified. Intra- and inter-domain, controlled interaction is supported by negotiated policies. In a large-scale publish/subscribe service, domains are not expected to trust all message brokers fully. Attribute encryption allows a single publication to carry both confidential and public information safely, even via untrusted message brokers across a vulnerable communications substrate. Our approach provides the application designer with fine-grained expressiveness while, at the same time, improving system fault tolerance by allowing a single shared messaging network to route both public and confidential information. Early simulations show that our approach reduces the overall traffic compared with a secure scheme that encrypts whole messages.
Chapter PDF
Similar content being viewed by others
Keywords
References
Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.M.: The many faces of publish/subscribe. ACM Computing Surveys 35, 114–131 (2003)
Belokosztolszki, A., Eyers, D.M., Pietzuch, P.R., Bacon, J.M., Moody, K.: Role-based access control for publish/subscribe middleware architectures. In: 2nd International Workshop on Distributed Event-Based Systems (DEBS 2003). ICDCS. ACM SIGMOD, New York (2003)
Baldoni, R., Contenti, M., Virgillito, A.: The evolution of publish/subscribe communication systems. In: Schiper, A., Shvartsman, M.M.A.A., Weatherspoon, H., Zhao, B.Y. (eds.) Future Directions in Distributed Computing. LNCS, vol. 2584, pp. 137–141. Springer, Heidelberg (2003)
Yan, Y., Huang, Y., Fox, G., Pallickara, S., Pierce, M., Kaplan, A., Topcu, A.: Implementing a prototype of the security framework for distributed brokering systems. In: Proceedings of the International Conference on Security and Management (SAM 2003), pp. 212–218 (2003)
Wang, C., Carzaniga, A., Evans, D., Wolf, A.: Security issues and requirements in internet-scale publish-subscribe systems. In: Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS 2002), p. 303. IEEE, Los Alamitos (2002)
Miklós, Z.: Towards an access control mechanism for wide-area publish/subscribe systems. In: 1st International Workshop on Distributed Event-Based Systems (DEBS 2002). ICDCS, pp. 516–524. IEEE, Los Alamitos (2002)
Opyrchal, L., Prakash, A.: Secure distribution of events in content-based publish subscribe systems. In: 10th USENIX Security Symposium (2001)
Dierks, T., Allen, C.: The TLS protocol, version 1.0, RFC-2246. Internet Engineering Task Force (1999)
Campbell, R., Al-Muhtadi, J., Naldurg, P., Sampemane, G., Mickunas, M.D.: Towards security and privacy for pervasive computing. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 1–15. Springer, Heidelberg (2003)
Beresford, A., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing 2, 46–55 (2003)
Carzaniga, A., Rosenblum, D.S., Wolf, A.L.: Design and evaluation of a wide-area event notification service. ACM Transactions on Computer Systems 19, 332–383 (2001)
Banavar, G., Kaplan, M., Shaw, K., Strom, R.E., Sturman, D.C., Tao, W.: Information flow based event distribution middleware. In: Middleware Workshop at the International Conference on Distributed Computing Systems (1999)
Pietzuch, P.R., Bacon, J.M.: Peer-to-peer overlay broker networks in an event-based middleware. In: 2nd International Workshop on Distributed Event-Based Systems (DEBS 2003). ICDCS. ACM SIGMOD, New York (2003)
Pietzuch, P.R., Bacon, J.M.: Hermes: A distributed event-based middleware architecture. In: 1st International Workshop on Distributed Event-Based Systems (DEBS 2002). ICDCS, pp. 611–618. IEEE, Los Alamitos (2002)
Rowstron, A., Druschel, P.: Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems. In: Middleware 2001, IFIP/ACM International Conference on Distributed Systems Platforms, pp. 329–350 (2001)
Zhao, B.Y., Kubiatowicz, J.D., Joseph, A.D.: Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Technical Report UCB/CSD-01-1141, UC Berkeley (2001)
Sandhu, R., Coyne, E., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29, 38–47 (1996)
Bacon, J., Moody, K., Yao, W.: Access control and trust in the use of widely distributed services. In: Guerraoui, R. (ed.) Middleware 2001. LNCS, vol. 2218, pp. 295–310. Springer, Heidelberg (2001)
Bacon, J., Moody, K., Yao, W.: A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security (TISSEC) 5, 492–540 (2002)
Hombrecher, A.B.: Reconciling Event Taxonomies Across Administrative Domains. PhD thesis, University of Cambridge Computer Laboratory, Cambridge, UK (2002)
ITU-T (Telecommunication Standardization Sector, International Telecommunication Union): ITU-T Recommendation X.509: The Directory – Authentication Framework (2000)
Kim, Y., Perrig, A., Tsudik, G.: Tree-based group key agreement. ACM Transactions on Information and System Security 7, 60–96 (2004)
Hietalahti, M.: Efficient key agreement for ad-hoc networks. Master’s thesis, Helsinki University of Technology, Department of Computer Science and Engineering, Espoo, Finland (2001)
Rafaeli, S., Hutchison, D.: A survey of key management for secure group communication. ACM Computing Surveys 35, 309–329 (2003)
Pesonen, L., Bacon, J.: Secure event types in content-based, multi-domain publish/subscribe systems. In: Fifth International Workshop on Software Engineering and Middleware, SEM 2005 (2005) (to appear)
Pesonen, L., Eyers, D., Bacon, J.: A capability-based access control architecture for multi-domain publish/subscribe systems (2006) (Submitted for publication)
Vargas, L., Bacon, J., Moody, K.: Integrating databases with publish/subscribe. In: 4th International Workshop on Distributed Event-Based Systems (DEBS 2005). ICDCS, pp. 392–397. IEEE Press, Los Alamitos (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bacon, J., Eyers, D., Moody, K., Pesonen, L. (2005). Securing Publish/Subscribe for Multi-domain Systems. In: Alonso, G. (eds) Middleware 2005. Middleware 2005. Lecture Notes in Computer Science, vol 3790. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11587552_1
Download citation
DOI: https://doi.org/10.1007/11587552_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30323-7
Online ISBN: 978-3-540-32269-6
eBook Packages: Computer ScienceComputer Science (R0)