Role-Based Access Control Models
Computer
Design and evaluation of a wide-area event notification service
ACM Transactions on Computer Systems (TOCS)
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Engineering Event-Based Systems with Scopes
ECOOP '02 Proceedings of the 16th European Conference on Object-Oriented Programming
Coordinating Policy for Federated Applications
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems
Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
Access Control and Trust in the Use of Widely Distributed Services
Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
Towards an Access Control Mechanism for Wide-Area Publish/Subscribe Systems
ICDCSW '02 Proceedings of the 22nd International Conference on Distributed Computing Systems
Hermes: A Distributed Event-Based Middleware Architecture
ICDCSW '02 Proceedings of the 22nd International Conference on Distributed Computing Systems
Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems
HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9 - Volume 9
The many faces of publish/subscribe
ACM Computing Surveys (CSUR)
A survey of key management for secure group communication
ACM Computing Surveys (CSUR)
Peer-to-peer overlay broker networks in an event-based middleware
Proceedings of the 2nd international workshop on Distributed event-based systems
Integrating Databases with Publish/Subscribe
ICDCSW '05 Proceedings of the Fourth International Workshop on Distributed Event-Based Systems (DEBS) (ICDCSW'05) - Volume 04
Secure event types in content-based, multi-domain publish/subscribe systems
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
A Capability-Based Access Control Architecture for Multi-Domain Publish/Subscribe Systems
SAINT '06 Proceedings of the International Symposium on Applications on Internet
Dynamic trust domains for secure, private, technology-assisted living
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Secure distribution of events in content-based publish subscribe systems
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Encryption-enforced access control in dynamic multi-domain publish/subscribe networks
Proceedings of the 2007 inaugural international conference on Distributed event-based systems
Policy-Based Information Sharing in Publish/Subscribe Middleware
POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
Securing publish/subscribe for multi-domain systems
Proceedings of the ACM/IFIP/USENIX 2005 International Conference on Middleware
Congestion control in a reliable scalable message-oriented middleware
Proceedings of the ACM/IFIP/USENIX 2003 International Conference on Middleware
A policy management framework for content-based publish/subscribe middleware
Proceedings of the ACM/IFIP/USENIX 2007 International Conference on Middleware
Scribe: a large-scale and decentralized application-level multicast infrastructure
IEEE Journal on Selected Areas in Communications
Event-based data control in healthcare
Proceedings of the ACM/IFIP/USENIX Middleware '08 Conference Companion
Controlling historical information dissemination in publish/subscribe
Proceedings of the 2008 workshop on Middleware security
Context-sensitive authorization in interaction patterns
Mobility '09 Proceedings of the 6th International Conference on Mobile Technology, Application & Systems
Disclosure control in multi-domain publish/subscribe systems
Proceedings of the 5th ACM international conference on Distributed event-based system
Explicitly context-aware publish/subscribe with context-invariant subscriptions
Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services
Computer Networks: The International Journal of Computer and Telecommunications Networking
Visualization control for event-based public display systems used in a hospital setting
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Hi-index | 0.00 |
Two convincing paradigms have emerged for achieving scalability in widely distributed systems: publish/subscribe communication and role-based, policy-driven control of access to the system by applications. A strength of publish/subscribe is its many-to-many communication paradigm and loose coupling of components, so that publishers need not know the recipients of their data and subscribers need not know the number and location of publishers. But some data is sensitive, and its visibility must be controlled carefully for personal and legal reasons. We describe the requirements of several application domains where the event-based paradigm is appropriate yet where security is an issue. Typical are the large-scale systems required by government and public bodies for domains such as healthcare, police, transport and environmental monitoring. We discuss how a publish/subscribe service can be secured; firstly by specifying and enforcing access control policy at the service API, and secondly by enforcing the security and privacy aspects of these policies within the service network itself. Finally, we describe an alternative to whole-message encryption, appropriate for highly sensitive and long-lived data destined for specific domains with varied requirements. We outline our investigations and findings from several research projects in these areas.