Confidentiality-Preserving Publish/Subscribe: A Survey

Publish/subscribe (pub/sub) is an attractive communication paradigm for large-scale distributed applications running across multiple administrative domains. Pub/sub allows event-based information dissemination based on constraints on the nature of the data rather than on pre-established communication channels. It is a natural fit for deployment in untrusted environments such as public clouds linking applications across multiple sites. However, pub/sub in untrusted environments lead to major confidentiality concerns stemming from the content-centric nature of the communications. This survey classifies and analyzes different approaches to confidentiality preservation for pub/sub, from applications of trust and access control models to novel encryption techniques. It provides an overview of the current challenges posed by confidentiality concerns and points to future research directions in this promising field

Performance Analysis of Publish/Subscribe Systems

The Desktop Grid offers solutions to overcome several challenges and to answer increasingly needs of scientific computing. Its technology consists mainly in exploiting resources, geographically dispersed, to treat complex applications needing big power of calculation and/or important storage capacity. However, as resources number increases, the need for scalability, self-organisation, dynamic reconfigurations, decentralisation and performance becomes more and more essential. Since such properties are exhibited by P2P systems, the convergence of grid computing and P2P computing seems natural. In this context, this paper evaluates the scalability and performance of P2P tools for discovering and registering services. Three protocols are used for this purpose: Bonjour, Avahi and Free-Pastry. We have studied the behaviour of theses protocols related to two criteria: the elapsed time for registrations services and the needed time to discover new services. Our aim is to analyse these results in order to choose the best protocol we can use in order to create a decentralised middleware for desktop grid

Self-Stabilizing Supervised Publish-Subscribe Systems

In this paper we present two major results: First, we introduce the first self-stabilizing version of a supervised overlay network by presenting a self-stabilizing supervised skip ring. Secondly, we show how to use the self-stabilizing supervised skip ring to construct an efficient self-stabilizing publish-subscribe system. That is, in addition to stabilizing the overlay network, every subscriber of a topic will eventually know all of the publications that have been issued so far for that topic. The communication work needed to processes a subscribe or unsubscribe operation is just a constant in a legitimate state, and the communication work of checking whether the system is still in a legitimate state is just a constant on expectation for the supervisor as well as any process in the system

Automatic subscriptions in publish-subscribe systems

In this paper, we describe how to automate the process of subscribing to complex publish-subscribe systems. We present a proof-of-concept prototype, in which we analyze Web browsing history to generate zero-click subscriptions to Web feeds and video news stories. Our experience so far indicates that user attention data is a promising source of data for automating the subscription process

A petri net formalization of a publish-subscribe process system.

Publish/subscribe systems are getting more and more integrated into the execution of business processes in process aware information systems. This integration enables the distribution of the process logic and increases the scalability and adaptability of the process enactment infrastructure. A consequence is however that the original specified process model doesn't accurately represent the actual running process anymore, as the publish/subscribe specific operations are not incorporated into the original model. In this paper we propose a formal model of a publish/subscribe system that can be integrated into a business process model, creating in this way an accurate representation of the actual runtime process. The resulting model can be used for model checking the executable process: inspect system properties, discover problems and validate changes.

Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures

Content-Based Publish/Subscribe (CBPS) is an interaction model where the interests of subscribers are stored in a content-based forwarding infrastructure to guide routing of notifications to interested parties. In this paper, we focus on answering the following question: Can we implement content-based publish/subscribe while keeping subscriptions and notifications confidential from the forwarding brokers? Our contributions include a systematic analysis of the problem, providing a formal security model and showing that the maximum level of attainable security in this setting is restricted. We focus on enabling provable confidentiality for commonly used applications and subscription languages in CBPS and present a series of practical provably secure protocols, some of which are novel and others adapted from existing work. We have implemented these protocols in SIENA, a popular CBPS system. Evaluation results show that confidential content-based publish/subscribe is practical: A single broker serving 1000 subscribers is able to route more than 100 notifications per second with our solutions

Quality-constrained routing in publish/subscribe systems

Routing in publish/subscribe (pub/sub) features a communication model where messages are not given explicit destination addresses, but destinations are determined by matching the subscription declared by subscribers. For a dynamic computing environment with applications that have quality demands, this is not sufficient. Routing decision should, in such environments, not only depend on the subscription predicate, but should also take the quality-constraints of applications and characteristics of network paths into account. We identified three abstraction levels of these quality constraints: functional, middleware and network. The main contribution of the paper is the concept of the integration of these constraints into the pub/sub routing. This is done by extending the syntax of pub/sub system and applying four generic, proposed by us, guidelines. The added values of quality-constrained routing concept are: message delivery satisfying quality demands of applications, improvement of system scalability and more optimise use of the network resources. We discuss the use case that shows the practical value of our concept