Embed Size (px)
DESCRIPTION
Introduction to pub-sub systems with emphasis on security
Citation preview
Publish-Subscribe Systems and
Confidentiality/Privacy
Nabeel Mohamed
4/4/08
Outline
• Different Publish-Subscribe Systems
• Security Issues and Possible Directions
(Confidentiality/Privacy)
Publish/Subscribe
Publisher
Publisher
Publisher
SubscriberNotify()
SubscriberNotify()
SubscriberNotify()
Distributed
Subscription
Mgmt and Routing
Distributed
Content Routers
Notify()
Subscribe()
Unsubscribe()
publish
publish
notify
subscribe
unsubscribe
General Properties of Pub-Sub
• Many-to-Many structured P2P system
• Loosely coupled form of interaction
– Space decoupling
– Time decoupling
– Synchronization decoupling
References: [1]
Filtering
• Topic-based
• Content-based
• Type-based
• Structure-based
Filtering: Topic-based
• Events are grouped into channels
• Each channel is identified by a keyword
• Publisher publishes each event to a specific channel
• Subscribers subscribe to channels they are interested in
• Simplest scheme of matching events to subscribers
• Example: Disseminating Trades and Quotes in two channels
Filtering: Content-based
• More expressive power to subscribers
than topic-based
• Can be used for fine-grained access
control as well
• Added complexity of matching an event to
a subscription
• Example: Notify me of all quotes for
Google with bid_price >= 400
Filtering: Type-based
• Relate event kind to event type
• Closer integration of the language and the middleware
• Allows for compile-time type safety checks
• Match events to subscriptions by their types (and further to members of these types)
• Example: StockQuote and StockTrade are sub-types of Stock. Public members of these event types can be used to do content-based filtering while ensuring encapsulation.
References: [8]
Filtering: Structure-based
• First three filtering methods
– Many documents to many subscribers
• Structure-based routing address a
different data dissemination problem
– Different parts of one document to many
subscribers
• Only for hierarchically structured data
References: [7]
Streaming Systems
• Special kind of pub-sub systems
• Usually have stringent timing, storage and
performance requirements
• Database community (DSMS) to
Distributed systems
Next
• Different Publish-Subscribe Systems
• Security Issues and Possible Directions
(Confidentiality/Privacy)
Generic Issues
• Authentication
• Integrity
– Information Integrity
– Subscription Integrity
– Service Integrity
• User Anonymity
– Onion routing
• Accountability
• Availability
Confidentiality/Privacy
• Information Confidentiality
– Can we perform content-based routing without
revealing the content to the infrastructure?
• Subscription Privacy
– Can subscribers specify filters without revealing
their interest to the infrastructure?
• Publication Confidentiality
– How can publishers be sure that only the
intended subscribers get the data?
References: [2]
Information Confidentiality
• Out-of-band key agreement issue
– Attribute-based encryption [11]
• Conflicting goals of keeping information
secret and content-based routing
– Computing with the encrypted/perturbed data
• Feigenbaum and Abadi et. al. [3]
• Agrawal et. al. [4]
Subscription Privacy
• Examples
– Trading preferences
– Resume service
• No node in the infrastructure should be able
to infer about data items retrieved by users
– Secure multiparty computations (E.g.:
Millionaires‘ problem. A. Yao [6])
– Database research in private information retrieval
(E.g.: O. Goldreich et. al. [5])
Publication Confidentiality
• Application of access control
• Information leakage issue
• Most of the research on confidentiality has
been done in this area
• Out-of-band key agreement issue
• Some solutions trust users to get over the
issue of key agreement
Issues due to Optimization
• Bandwidth minimization [9]
• Coping with limited storage
– Digests
• Regulating high input/output rates
• Continuous security enforcement as
opposed to one time [10]
• Different data representations
References
[1] The Many Faces of Publish/Subscribe, Patrick Eugster, Pascal Felber, Rachid Guerraoui, 2003
[2] Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems Chenxi Wang, Antonio Carzaniga,
David Evans, Alexander Wolf, 2002
[3] On Hiding Information from an Oracle, Martin Abadi, Joan Feigenbaum, Joe Kilian, 1987
[4] Order Preserving Encryption for Numerical Data, Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong
Xu, 2004
[5] Private Information Retrival, B. Chor, O. Goldreich, E. Kushilevitz, M. Sudan, 1998
[6] Protocols for Secure Compuations, Andrew C. Yao, 1982
[7] Secure Dissemination of XML Content Using Structure-based Routing, A. Kundu, E. Bertino, 2006
[8] On Objects and Events, P. Eugster, R. Guerraoui, C. Damm, 2001.
[9] Secure Delta-Publishing of XML Content , Mohamed Nabeel, Elisa Bertino, 2008
[10] Security Punctuation Framework for Enforcing Access Control on Streaming Data, Rimma V. Nehme, Elke A.
Rundensteiner and Elisa Bertino, 2008
[11] Secure Attribute-Based Systems, M. Pirretti, P. Traynor, P. McDaniel, B. Waters, 2006
