ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Securing publish-subscribe overlay services with EventGuard
Full text PdfPdf (489 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 12th ACM conference on Computer and communications security table of contents
Alexandria, VA, USA
SESSION: Security for diffuse computing table of contents
Pages: 289 - 298  
Year of Publication: 2005
ISBN:1-59593-226-7
Authors
Mudhakar Srivatsa  Georgia Institute of Technology, Atlanta, GA
Ling Liu  Georgia Institute of Technology, Atlanta, GA
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 17,   Downloads (12 Months): 118,   Citation Count: 7
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1102120.1102158
What is a DOI?

ABSTRACT

A publish-subscribe overlay service is a wide-area communication infrastructure that enables information dissemination across geographically scattered and potentially unlimited number of publishers and subscribers. A wide-area publish-subscribe (pub-sub) system is often implemented as a collection of spatially disparate nodes communicating on top of a peer to peer overlay network. Such a model presents many inherent benefits such as scalability and performance, as well as potential challenges such as: (i) confidentiality & integrity, (ii) authentication, and (iii) denial-of-service (DoS) attacks. In this paper we present EventGuard for securing pub-sub overlay services. EventGuard comprises of a suite of security guards that can be seamlessly plugged-into a content-based pub-sub system. EventGuard mechanisms aim at providing security guarantees while maintaining the system's overall simplicity, scalability and performance metrics. We present an implementation which shows that EventGuard is easily stackable on any content-based pub-sub core. Finally, our experimental results show that EventGuard can secure a pub-sub system with minimal performance penalty.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Marcos Kawazoe Aguilera , Robert E. Strom, Efficient atomic broadcast using deterministic merge, Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing, p.209-218, July 16-19, 2000, Portland, Oregon, United States  [doi>10.1145/343477.343620]
2
Marcos K. Aguilera , Robert E. Strom , Daniel C. Sturman , Mark Astley , Tushar D. Chandra, Matching events in a content-based subscription system, Proceedings of the eighteenth annual ACM symposium on Principles of distributed computing, p.53-61, May 04-06, 1999, Atlanta, Georgia, United States  [doi>10.1145/301308.301326]
 
3
An Efficient Multicast Protocol for Content-Based Publish-Subscribe Systems, Proceedings of the 19th IEEE International Conference on Distributed Computing Systems, p.262, May 31-June 04, 1999
 
4
A. Carzaniga. Siena - software. http://serl.cs.colorado.edu/ carzanig/siena/software/index.html.
5
Design and evaluation of a wide-area event notification service, ACM Transactions on Computer Systems (TOCS), v.19 n.3, p.332-383, Aug. 2001  [doi>10.1145/380749.380767]
 
6
CNN. Gates: Buy stamps to send email. http://www.cnn.com/2004/TECH/internet/03/05/spam.charge.ap/.
 
7
A. K. Datta , M. Gradinariu , M. Raynal , G. Simon, Anonymous Publish/Subscribe in P2P Networks, Proceedings of the 17th International Symposium on Parallel and Distributed Processing, p.74.1, April 22-26, 2003
 
8
D. Eastlake and P. Jones. US secure hash algorithm 1. http://www.ietf.org/rfc/rfc3174.txt, 2001.
 
9
T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithm. In IEEE transactions on information theory, 31(4): 469-472, 1985.
 
10
FIPS. Data encryption standard (DES). http://www.itl.nist.gov/pspubs/ p46--2.htm.
 
11
H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for message authentication. http://www.faqs.org/rfcs/rfc2104.html.
 
12
Dahlia Malkhi , Yishay Mansour , Michael K. Reiter, On Diffusing Updates in a Byzantine Environment, Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems, p.134, October 18-21, 1999
 
13
NIST. AES: Advanced encryption standard. http://csrc.nist.gov/CryptoToolkit/aes/.
 
14
L. Opyrchal and A. Prakash. Secure distribution of events in content-based publish subscribe system. In Proceedings of the 10th USENIX Security Symposium, 2001.
 
15
Qin Lv , Sylvia Ratnasamy , Scott Shenker, Can Heterogeneity Make Gnutella Scalable?, Revised Papers from the First International Workshop on Peer-to-Peer Systems, p.94-103, March 07-08, 2002
16
Sandro Rafaeli , David Hutchison, A survey of key management for secure group communication, ACM Computing Surveys (CSUR), v.35 n.3, p.309-329, September 2003  [doi>10.1145/937503.937506]
 
17
C. Raiciu and D. S. Rosenblum. A secure protocol for content-based publish/subscribe systems. http://www.cs.ucl.ac.uk/sta/C.Raiciu/les/securepubsub.pdf.
 
18
R. Rivest. The MD5 message-digest algorithm. http://www.ietf.org/rfc/rfc1321.txt, 1992.
 
19
M. Srivatsa and L. Liu. Eventguard: Securing publish-subscribe networks. Technical report, Georgia Institute of Technology, 2005.
20
Mudhakar Srivatsa , Li Xiong , Ling Liu, TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks, Proceedings of the 14th international conference on World Wide Web, May 10-14, 2005, Chiba, Japan  [doi>10.1145/1060745.1060808]
 
21
C. Wang , A. Carzaniga , D. Evans , A. Wolf, Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems, Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9, p.303, January 07-10, 2002
 
22
PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities, IEEE Transactions on Knowledge and Data Engineering, v.16 n.7, p.843-857, July 2004  [doi>10.1109/TKDE.2004.1318566]
 
23
E. W. Zegura, K. Calvert, and S. Bhattacharjee. How to model an internetwork. In Proceedings of IEEE Infocom, 1996.

CITED BY  7
 
Amy Beth Corman , Peter Schachte , Vanessa Teague, QUIP: a protocol for securing content in peer-to-peer publish/subscribe overlay networks, Proceedings of the thirtieth Australasian conference on Computer science, p.35-40, January 30-February 02, 2007, Ballarat, Victoria, Australia
Alex Wun , Alex Cheung , Hans-Arno Jacobsen, A taxonomy for denial of service attacks in content-based publish/subscribe systems, Proceedings of the 2007 inaugural international conference on Distributed event-based systems, June 20-22, 2007, Toronto, Ontario, Canada
Lauri I. W. Pesonen , David M. Eyers , Jean Bacon, Encryption-enforced access control in dynamic multi-domain publish/subscribe networks, Proceedings of the 2007 inaugural international conference on Distributed event-based systems, June 20-22, 2007, Toronto, Ontario, Canada
Kazuhiro Minami , Adam J. Lee , Marianne Winslett , Nikita Borisov, Secure aggregation in a publish-subscribe system, Proceedings of the 7th ACM workshop on Privacy in the electronic society, October 27-27, 2008, Alexandria, Virginia, USA
George Spanoudakis , Christos Kloukinas , Kelly Androutsopoulos, Towards security monitoring patterns, Proceedings of the 2007 ACM symposium on Applied computing, March 11-15, 2007, Seoul, Korea
 
Sasu Tarkoma , Jaakko Kangasharju, On the cost and safety of handoffs in content-based routing systems, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.6, p.1459-1482, April, 2007
 
Gianpaolo Cugola , Elisabetta Di Nitto, On adopting Content-Based Routing in service-oriented architectures, Information and Software Technology, v.50 n.1-2, p.22-35, January, 2008

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.4 Distributed Systems
          Subjects: Distributed applications

Additional Classification:
  C. Computer Systems Organization
  C.4 PERFORMANCE OF SYSTEMS


General Terms:
Performance, Reliability, Security

Collaborative Colleagues:
Mudhakar Srivatsa: colleagues
Ling Liu: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player