Towards an access control mechanism for wide-area publish/subscribe systems

The publish/subscribe communication model is increasingly considered for implementing middleware infrastructures for widely distributed applications. Scalability issues and routing algorithms of such systems have recently been the focus of intensive research. So far little attention has been given to the security and management issues. In current publish/subscribe systems, malicious publishers can very easily insert bogus notifications which may propagated to a large number of subscribers. Moreover, there is no method to control what notifications the subscribers are authorized to receive. We describe a method to specify access control policy rules using expressions similar to subscription expressions. These policies define access rules for publish and subscribe functions and screening rules for notifications.

[1]  Miguel Castro,et al.  SCRIBE: The Design of a Large-Scale Event Notification Infrastructure , 2001, Networked Group Communication.

[2]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[3]  Helmut Veith,et al.  Efficient filtering in publish-subscribe systems using binary decision diagrams , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[4]  Joshua S. Auerbach,et al.  Exploiting IP Multicast in Content-Based Publish-Subscribe Systems , 2000, Middleware.

[5]  Jean Bacon,et al.  Generic Support for Distributed Applications , 2000, Computer.

[6]  David S. Rosenblum,et al.  Design and evaluation of a wide-area event notification service , 2001, TOCS.

[7]  Jean Bacon,et al.  Access control and trust in the use of widely distributed services , 2001, Softw. Pract. Exp..

[8]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[9]  Dennis Shasha,et al.  Efficient Matching for Content-based Publish/Subscribe Systems , 2000 .

[10]  Alexander L. Wolf,et al.  Content-Based Networking: A New Communication Infrastructure , 2001, Infrastructure for Mobile and Wireless Systems.

[11]  Luciano Baresi,et al.  Architectures for an Event Notification Service Scalable to Wide-area Networks , 2000 .

[12]  Alexander L. Wolf,et al.  Security issues and requirements for Internet-scale publish-subscribe systems , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[13]  Atul Prakash,et al.  Secure Distribution of Events in Content-Based Publish Subscribe Systems , 2001, USENIX Security Symposium.