3,581 research outputs found
Confidentiality-Preserving Publish/Subscribe: A Survey
Publish/subscribe (pub/sub) is an attractive communication paradigm for
large-scale distributed applications running across multiple administrative
domains. Pub/sub allows event-based information dissemination based on
constraints on the nature of the data rather than on pre-established
communication channels. It is a natural fit for deployment in untrusted
environments such as public clouds linking applications across multiple sites.
However, pub/sub in untrusted environments lead to major confidentiality
concerns stemming from the content-centric nature of the communications. This
survey classifies and analyzes different approaches to confidentiality
preservation for pub/sub, from applications of trust and access control models
to novel encryption techniques. It provides an overview of the current
challenges posed by confidentiality concerns and points to future research
directions in this promising field
Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures
Content-Based Publish/Subscribe (CBPS) is an interaction model where the interests of subscribers are stored in a content-based forwarding infrastructure to guide routing of notifications to interested parties. In this paper, we focus on answering the following question: Can we implement content-based publish/subscribe while keeping subscriptions and notifications confidential from the forwarding brokers? Our contributions include a systematic analysis of the problem, providing a formal security model and showing that the maximum level of attainable security in this setting is restricted. We focus on enabling provable confidentiality for commonly used applications and subscription languages in CBPS and present a series of practical provably secure protocols, some of which are novel and others adapted from existing work. We have implemented these protocols in SIENA, a popular CBPS system. Evaluation results show that confidential content-based publish/subscribe is practical: A single broker serving 1000 subscribers is able to route more than 100 notifications per second with our solutions
Arbitrary boolean advertisements: the final step in supporting the boolean publish/subscribe model
Publish/subscribe systems allow for an efficient filtering of incoming information. This filtering is based on the specifications of subscriber interests, which are registered with the system as subscriptions. Publishers conversely specify advertisements, describing the messages they will send later on. What is missing so far is the support of arbitrary Boolean advertisements in publish/subscribe systems. Introducing the opportunity to specify these richer Boolean advertisements increases the accuracy of publishers to state their future messages compared to currently supported conjunctive advertisements. Thus, the amount of subscriptions forwarded in the network is reduced. Additionally, the system can more time efficiently decide whether a subscription needs to be forwarded and more space efficiently store and index advertisements.
In this paper, we introduce a publish/subscribe system that supports arbitrary Boolean advertisements and, symmetrically, arbitrary Boolean subscriptions. We show the advantages of supporting arbitrary Boolean advertisements and present an algorithm to calculate the practically required overlapping relationship among subscriptions and advertisements. Additionally, we develop the first optimization approach for arbitrary Boolean advertisements, advertisement pruning. Advertisement pruning is tailored to optimize advertisements, which is a strong contrast
to current optimizations for conjunctive advertisements. These recent proposals mainly apply subscription-based optimization ideas, which is leading to the same disadvantages.
In the second part of this paper, our evaluation of practical experiments, we analyze the efficiency properties of our approach to determine the overlapping relationship. We also compare conjunctive solutions for the overlapping problem to our calculation algorithm to show its benefits. Finally, we present a detailed evaluation of the optimization potential of advertisement pruning. This includes the analysis of the effects of additionally optimizing subscriptions on the advertisement pruning optimization
Collusion defender : preserving subscribers’ privacy in publish and subscribe systems
The Publish and Subscribe (pub/sub) system is an
established paradigm to disseminate the data from publishers
to subscribers in a loosely coupled manner using a network
of dedicated brokers. However, sensitive data could be exposed
to malicious entities if brokers get compromised or hacked; or
even worse, if brokers themselves are curious to learn about
the data. A viable mechanism to protect sensitive publications
and subscriptions is to encrypt the data before it is disseminated
through the brokers. State-of-the-art approaches allow brokers
to perform encrypted matching without revealing publications
and subscriptions. However, if malicious brokers collude with
malicious subscribers or publishers, they can learn the interests
of innocent subscribers, even when the interests are encrypted.
In this article, we present a pub/sub system that ensures
confidentiality of publications and subscriptions in the presence
of untrusted brokers. Furthermore, our solution resists collusion
attacks between untrusted brokers and malicious subscribers (or
publishers). Finally, we have implemented a prototype of our
solution to show its feasibility and efficiency.
Index Terms: Collusion Resistance, Secure Pub/sub, Subscribers’
Privacy, Publications’ Confidentialit
Effective Caching for the Secure Content Distribution in Information-Centric Networking
The secure distribution of protected content requires consumer authentication
and involves the conventional method of end-to-end encryption. However, in
information-centric networking (ICN) the end-to-end encryption makes the
content caching ineffective since encrypted content stored in a cache is
useless for any consumer except those who know the encryption key. For
effective caching of encrypted content in ICN, we propose a novel scheme,
called the Secure Distribution of Protected Content (SDPC). SDPC ensures that
only authenticated consumers can access the content. The SDPC is a lightweight
authentication and key distribution protocol; it allows consumer nodes to
verify the originality of the published article by using a symmetric key
encryption. The security of the SDPC was proved with BAN logic and Scyther tool
verification.Comment: 7 pages, 9 figures, 2018 IEEE 87th Vehicular Technology Conference
(VTC Spring
Parallel Sort-Based Matching for Data Distribution Management on Shared-Memory Multiprocessors
In this paper we consider the problem of identifying intersections between
two sets of d-dimensional axis-parallel rectangles. This is a common problem
that arises in many agent-based simulation studies, and is of central
importance in the context of High Level Architecture (HLA), where it is at the
core of the Data Distribution Management (DDM) service. Several realizations of
the DDM service have been proposed; however, many of them are either
inefficient or inherently sequential. These are serious limitations since
multicore processors are now ubiquitous, and DDM algorithms -- being
CPU-intensive -- could benefit from additional computing power. We propose a
parallel version of the Sort-Based Matching algorithm for shared-memory
multiprocessors. Sort-Based Matching is one of the most efficient serial
algorithms for the DDM problem, but is quite difficult to parallelize due to
data dependencies. We describe the algorithm and compute its asymptotic running
time; we complete the analysis by assessing its performance and scalability
through extensive experiments on two commodity multicore systems based on a
dual socket Intel Xeon processor, and a single socket Intel Core i7 processor.Comment: Proceedings of the 21-th ACM/IEEE International Symposium on
Distributed Simulation and Real Time Applications (DS-RT 2017). Best Paper
Award @DS-RT 201
A power-law distribution for tenure lengths of sports managers
We show that the tenure lengths for managers of sport teams follow a power law distribution with an exponent between 2 and 3. We develop a simple theoretical model which replicates this result. The model demonstrates that the empirical phenomenon can be understood as the macroscopic outcome of pairwise interactions among managers in a league, threshold effects in managerial performance evaluation, competitive market forces, and luck at the microscopic level
A petri net formalization of a publish-subscribe process system.
Publish/subscribe systems are getting more and more integrated into the execution of business processes in process aware information systems. This integration enables the distribution of the process logic and increases the scalability and adaptability of the process enactment infrastructure. A consequence is however that the original specified process model doesn't accurately represent the actual running process anymore, as the publish/subscribe specific operations are not incorporated into the original model. In this paper we propose a formal model of a publish/subscribe system that can be integrated into a business process model, creating in this way an accurate representation of the actual runtime process. The resulting model can be used for model checking the executable process: inspect system properties, discover problems and validate changes.
Explicit context matching in content-based publish/subscribe systems
Although context could be exploited to improve performance, elasticity and adaptation in most distributed systems that adopt the publish/subscribe (P/S) communication model, only a few researchers have focused on the area of context-aware matching in P/S systems and have explored its implications in domains with highly dynamic context like wireless sensor networks (WSNs) and IoT-enabled applications. Most adopted P/S models are context agnostic or do not differentiate context from the other application data. In this article, we present a novel context-aware P/S model. SilboPS manages context explicitly, focusing on the minimization of network overhead in domains with recurrent context changes related, for example, to mobile ad hoc networks (MANETs). Our approach represents a solution that helps to efficiently share and use sensor data coming from ubiquitous WSNs across a plethora of applications intent on using these data to build context awareness. Specifically, we empirically demonstrate that decoupling a subscription from the changing context in which it is produced and leveraging contextual scoping in the filtering process notably reduces (un)subscription cost per node, while improving the global performance/throughput of the network of brokers without fltering the cost of SIENA-like topology changes
- …