Disclosure control in multi-domain publish/subscribe systems

Publish/subscribe is an effective paradigm for event dissemination over wide-area systems. However, there is tension between the convenience of open information delivery, and the need to protect data from unauthorised access. Publish/subscribe security models tend to focus on protecting the client API, or encrypting events and managing disclosure through key distribution. However, some application environments require more stringent, fine-grained controls governing precisely the data disclosed and transmitted given particular circumstances. In this paper, we present Interaction Control, a policy model that overlays context-aware, point-to point (hop-level) controls onto a publish/subscribe network. The approach is unique as it allows granular control over i) the construction of the dissemination network, and ii) the information flows within the network. Interaction Control was designed considering legal obligations, to enable those responsible for information to transmit data on a need-to-know basis. Security policies set the bounds for communication, enforced only where necessary at specific points of the publish/subscribe process, to provide control while retaining the efficiency benefits of the paradigm. We present implementation details and results showing that any security overheads must be considered with respect to the overall network load.

[1]  Ludger Fiege,et al.  Security aspects in publish/subscribe systems , 2004, ICSE 2004.

[2]  Alastair D Hay,et al.  Sharing patient data: competing demands of privacy, trust and research in primary care. , 2005, The British journal of general practice : the journal of the Royal College of General Practitioners.

[3]  Zoltán Miklós Towards an access control mechanism for wide-area publish/subscribe systems , 2002, Proceedings 22nd International Conference on Distributed Computing Systems Workshops.

[4]  K. Holland Proposed changes for nurse education in England (UK) as a result of the Darzi report (DoH, 2008a) Health Quality Care for All--NHS next stage review final report: some initial observations. , 2008, Nurse education in practice.

[5]  Álvaro Enrique Arenas,et al.  Detecting Conflicts in ABAC Policies with Rule-Reduction and Binary-Search Techniques , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[6]  David M. Eyers,et al.  Credential management in event-driven healthcare systems , 2008, Companion '08.

[7]  Patients' knowledge and expectations of confidentiality in primary health care: a quantitative study. , 2000, The British journal of general practice : the journal of the Royal College of General Practitioners.

[8]  Jean Bacon,et al.  Event-Driven Database Information Sharing , 2008, BNCOD.

[9]  Himanshu Khurana,et al.  Scalable security and accounting services for content-based publish/subscribe systems , 2005, SAC '05.

[10]  Jatinder Singh,et al.  Policy-Based Information Sharing in Publish/Subscribe Middleware , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[11]  David M. Eyers,et al.  Access Control in Decentralised Publish/Subscribe Systems , 2007, J. Networks.

[12]  R. Chadha,et al.  A Cautionary Note About Policy Conflict Resolution , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[13]  Jean Bacon,et al.  A model for controlling data flow in distributed healthcare environments , 2008, Pervasive 2008.

[14]  David M. Eyers,et al.  Role-based access control for publish/subscribe middleware architectures , 2003, DEBS '03.

[15]  David M. Eyers,et al.  Relational database support for event-based middleware functionality , 2010, DEBS '10.

[16]  Atul Prakash,et al.  Secure Distribution of Events in Content-Based Publish Subscribe Systems , 2001, USENIX Security Symposium.

[17]  Jatinder Singh,et al.  Controlling the dissemination and disclosure of healthcare events , 2010 .

[18]  Hans-Arno Jacobsen,et al.  A Policy Management Framework for Content-Based Publish/Subscribe Middleware , 2007, Middleware.

[19]  Dh Confidentiality: NHS Code of Practice , 2003 .

[20]  David M. Eyers,et al.  Access control in publish/subscribe systems , 2008, DEBS.

[21]  Jatinder Singh,et al.  A model for controlling data flow in distributed healthcare environments , 2008, 2008 Second International Conference on Pervasive Computing Technologies for Healthcare.

[22]  Yuanyuan Zhao,et al.  Dynamic Access Control in a Content-based Publish/Subscribe System with Delivery Guarantees , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[23]  W. Hardaker Internet Engineering Task Force (ietf) , 2011 .

[24]  Mudhakar Srivatsa,et al.  Secure Event Dissemination in Publish-Subscribe Networks , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[25]  David S. Rosenblum,et al.  Design and evaluation of a wide-area event notification service , 2001, TOCS.

[26]  David M. Eyers,et al.  Controlling historical information dissemination in publish/subscribe , 2008, MidSec '08.