Design and evaluation of a wide-area event notification service
ACM Transactions on Computer Systems (TOCS)
Towards an Access Control Mechanism for Wide-Area Publish/Subscribe Systems
ICDCSW '02 Proceedings of the 22nd International Conference on Distributed Computing Systems
Role-based access control for publish/subscribe middleware architectures
Proceedings of the 2nd international workshop on Distributed event-based systems
Scalable security and accounting services for content-based publish/subscribe systems
Proceedings of the 2005 ACM symposium on Applied computing
Dynamic Access Control in a Content-based Publish/Subscribe System with Delivery Guarantees
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Secure distribution of events in content-based publish subscribe systems
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Secure Event Dissemination in Publish-Subscribe Networks
ICDCS '07 Proceedings of the 27th International Conference on Distributed Computing Systems
Access control in publish/subscribe systems
Proceedings of the second international conference on Distributed event-based systems
Event-Driven Database Information Sharing
BNCOD '08 Proceedings of the 25th British national conference on Databases: Sharing Data, Information and Knowledge
Policy-Based Information Sharing in Publish/Subscribe Middleware
POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
Credential management in event-driven healthcare systems
Proceedings of the ACM/IFIP/USENIX Middleware '08 Conference Companion
Controlling historical information dissemination in publish/subscribe
Proceedings of the 2008 workshop on Middleware security
A policy management framework for content-based publish/subscribe middleware
Proceedings of the ACM/IFIP/USENIX 2007 International Conference on Middleware
Detecting Conflicts in ABAC Policies with Rule-Reduction and Binary-Search Techniques
POLICY '09 Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks
Relational database support for event-based middleware functionality
Proceedings of the Fourth ACM International Conference on Distributed Event-Based Systems
A cautionary note about policy conflict resolution
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Hi-index | 0.00 |
Publish/subscribe is an effective paradigm for event dissemination over wide-area systems. However, there is tension between the convenience of open information delivery, and the need to protect data from unauthorised access. Publish/subscribe security models tend to focus on protecting the client API, or encrypting events and managing disclosure through key distribution. However, some application environments require more stringent, fine-grained controls governing precisely the data disclosed and transmitted given particular circumstances. In this paper, we present Interaction Control, a policy model that overlays context-aware, point-to point (hop-level) controls onto a publish/subscribe network. The approach is unique as it allows granular control over i) the construction of the dissemination network, and ii) the information flows within the network. Interaction Control was designed considering legal obligations, to enable those responsible for information to transmit data on a need-to-know basis. Security policies set the bounds for communication, enforced only where necessary at specific points of the publish/subscribe process, to provide control while retaining the efficiency benefits of the paradigm. We present implementation details and results showing that any security overheads must be considered with respect to the overall network load.