Content-based publish/subscribe systems offer an interaction scheme that is appropriate for a variety of large scale dynamic applications. However, widespread use of these systems is hindered by a lack of suitable security services. In this paper we present scalable solutions for confidentiality, integrity, and authentication for these systems. We also provide usage-based accounting services, which are required for e-commerce and e-business applications that use publish/subscribe systems. Our solutions are applicable in a setting where publishers and subscribers may not trust the publish/subscribe infrastructure.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. Abadi , J. Feigenbaum , J. Kilian, On hiding information from an oracle, Proceedings of the nineteenth annual ACM conference on Theory of computing, p.195-203, January 1987, New York, New York, United States  [doi>10.1145/28395.28417]
	2	Marcos K. Aguilera , Robert E. Strom , Daniel C. Sturman , Mark Astley , Tushar D. Chandra, Matching events in a content-based subscription system, Proceedings of the eighteenth annual ACM symposium on Principles of distributed computing, p.53-61, May 04-06, 1999, Atlanta, Georgia, United States  [doi>10.1145/301308.301326]
	3	Ross J. Anderson , Roger M. Needham, Robustness Principles for Public Key Protocols, Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology, p.236-247, August 27-31, 1995
	4	An Efficient Multicast Protocol for Content-Based Publish-Subscribe Systems, Proceedings of the 19th IEEE International Conference on Distributed Computing Systems, p.262, May 31-June 04, 1999
	5	M. Bartel, J. Boyer, B. Fox, B. LaMacchia, E. Simon. XML-Signature Syntax and Processing. W3C Recommendation, February 2002. http://www.w3.org/TR/xmldsig-core.
	6	András Belokosztolszki , David M. Eyers , Peter R. Pietzuch , Jean Bacon , Ken Moody, Role-based access control for publish/subscribe middleware architectures, Proceedings of the 2nd international workshop on Distributed event-based systems, June 08-08, 2003, San Diego, California  [doi>10.1145/966618.966622]
	7	Elisa Bertino , Elena Ferrari, Secure and selective dissemination of XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.290-331, August 2002  [doi>10.1145/545186.545190]
	8	Dan Boneh , Matthew K. Franklin, Efficient Generation of Shared RSA Keys (Extended Abstract), Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, p.425-439, August 17-21, 1997
	9	Antonio Carzaniga , David S. Rosenblum , Alexander L. Wolf, Achieving scalability and expressiveness in an Internet-scale event notification service, Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing, p.219-227, July 16-19, 2000, Portland, Oregon, United States  [doi>10.1145/343477.343622]
	10	A. Carzaniga, M. J. Rutherford, and A. L. Wolf, "A Routing Scheme for Content-Based Networking", in Proceedings of IEEE INFOCOM 2004, Hong Kong, China, March, 2004.
	11	Don Davis, Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.65-78, June 25-30, 2001
	12	Patrick Th. Eugster , Pascal A. Felber , Rachid Guerraoui , Anne-Marie Kermarrec, The many faces of publish/subscribe, ACM Computing Surveys (CSUR), v.35 n.2, p.114-131, June 2003  [doi>10.1145/857076.857078]
	13	L. Fiege, A. Zeidler, A. Buchmann, R. K.-Kehr, and G. Mhl, "Security Aspects in Publish/Subscribe Systems", in proceedings of the Third International Workshop on Distributed Event-Based Systems (DEBS), 2004.
	14	T. E. Gamal, "A Public Key Cryptosystem and a Signature Scheme Based on the Discrete Logarithm", IEEE Transactions of Information Theory, pages 31(4): 469--472, 1985.
	15	Amir Herzberg , Markus Jakobsson , Stanislław Jarecki , Hugo Krawczyk , Moti Yung, Proactive public key and signature systems, Proceedings of the 4th ACM conference on Computer and communications security, p.100-110, April 01-04, 1997, Zurich, Switzerland  [doi>10.1145/266420.266442]
	16	Markus Jakobsson, On Quorum Controlled Asymmetric Proxy Re-encryption, Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography, p.112-121, March 01-03, 1999
	17	Zoltán Miklós, Towards an Access Control Mechanism for Wide-Area Publish/Subscribe Systems, Proceedings of the 22nd International Conference on Distributed Computing Systems, p.516-524, July 02-05, 2002
	18	L. Opyrchal and A. Prakash, "Secure Distribution of Events in Content-Based Publish Subscribe Systems", in Proceedings of the 10th USENIX Security Symposium, pages 281--295, August 2001.
	19	T. P. Pederson, "A threshold cryptosystem without a trusted party", in Advances in Cryptology -EUROCRYPT'91, vol 547 of Lecture Notes in Computer Science, Springer-Verlag, 1991.
	20	Adi Shamir, How to share a secret, Communications of the ACM, v.22 n.11, p.612-613, Nov. 1979  [doi>10.1145/359168.359176]
	21	Feng Tian , Berthold Reinwald , Hamid Pirahesh , Tobias Mayr , Jussi Myllymaki, Implementing a scalable XML publish/subscribe system using relational database systems, Proceedings of the 2004 ACM SIGMOD international conference on Management of data, June 13-18, 2004, Paris, France  [doi>10.1145/1007568.1007623]
	22	C. Wang , A. Carzaniga , D. Evans , A. Wolf, Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems, Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9, p.303, January 07-10, 2002
	23	T. Wu, M. Malkin, and D. Boneh, "Building intrusion tolerant applications", in proceedings of the 8th USENIX Security Symposium, 1999.