Encryption-enforced access control in dynamic multi-domain publish/subscribe networks

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Encryption-enforced access control in dynamic multi-domain publish/subscribe networks

Full text

Pdf (393 KB)

Source

ACM International Conference Proceeding Series; Vol. 233 archive
Proceedings of the 2007 inaugural international conference on Distributed event-based systems table of contents

Toronto, Ontario, Canada

SESSION: Security and software engineering table of contents

Pages: 104 - 115

Year of Publication: 2007

ISBN:978-1-59593-665-3

Authors

Lauri I. W. Pesonen	University of Cambridge, Cambridge, UK
David M. Eyers	University of Cambridge, Cambridge, UK
Jean Bacon	University of Cambridge, Cambridge, UK

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering
SIGMOD: ACM Special Interest Group on Management of Data
: IEEE
ACM: Association for Computing Machinery
: USENIX

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 16, Downloads (12 Months): 80, Citation Count: 3

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1266894.1266916 What is a DOI?

ABSTRACT

Publish/subscribe systems provide an efficient, event-based, wide-area distributed communications infrastructure. Large scale publish/subscribe systems are likely to employ components of the event transport network owned by cooperating, but independent organisations. As the number of participants in the network increases, security becomes an increasing concern. This paper extends previous work to present and evaluate a secure multi-domain publish/subscribe infrastructure that supports and enforces fine-grained access control over the individual attributes of event types. Key refresh allows us to ensure forward and backward security when event brokers join and leave the network. We demonstrate that the time and space overheads can be minimised by careful consideration of encryption techniques, and by the use of caching to decrease unnecessary decryptions. We show that our approach has a smaller overall communication overhead than existing approaches for achieving the same degree of control over security in publish/subscribe networks.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	J. Bacon, D. M. Eyers, K. Moody, and L. I. W. Pesonen. Securing publish/subscribe for multi-domain systems. In G. Alonso, editor, Middleware, volume 3790 of Lecture Notes in Computer Science, pages 1--20. Springer, 2005.
	2	M. Bellare, P. Rogaway, and D. Wagner. Eax: A conventional authenticated-encryption mode. Cryptology ePrint Archive, Report 2003/069, 2003. http://eprint.iacr.org/.
	3	Antonio Carzaniga , David S. Rosenblum , Alexander L. Wolf, Design and evaluation of a wide-area event notification service, ACM Transactions on Computer Systems (TOCS), v.19 n.3, p.332-383, Aug. 2001 [doi>10.1145/380749.380767]
	4	M. Castro, P. Druschel, A. Kermarrec, and A. Rowstron. SCRIBE: A large-scale and decentralized application-level multicast infrastructure. IEEE Journal on Selected Areas in communications (JSAC), 20(8):1489--1499, Oct. 2002.
	5	T. Dierks and C. Allen. The TLS protocol, version 1.0. RFC 2246, Internet Engineering Task Force, Jan. 1999.
	6	Ludger Fiege , Mira Mezini , Gero Mühl , Alejandro P. Buchmann, Engineering Event-Based Systems with Scopes, Proceedings of the 16th European Conference on Object-Oriented Programming, p.309-333, June 10-14, 2002
	7	T. Iwata and I. A. Iurosawa. OMAC: One-key CBC MAC, Jan. 14 2002.
	8	D. A. McGrew and A. T. Sherman. Key establishment in large dynamic groups using one-way function trees. Technical Report 0755, TIS Labs at Network Associates, Inc., Glenwood, MD, May 1998.
	9	National Institute of Standards and Technology (NIST). Advanced Encryption Standard (AES). Federal Information Processing Standards Publication (FIPS PUB) 197, Nov. 2001.
	10	Lukasz Opyrchal , Atul Prakash, Secure distribution of events in content-based publish subscribe systems, Proceedings of the 10th conference on USENIX Security Symposium, p.21-21, August 13-17, 2001, Washington, D.C.
	11	Lauri I. W. Pesonen , Jean Bacon, Secure event types in content-based, multi-domain publish/subscribe systems, Proceedings of the 5th international workshop on Software engineering and middleware, September 05-06, 2005, Lisbon, Portugal [doi>10.1145/1108473.1108495]
	12	Lauri I. W. Pesonen , David M. Eyers , Jean Bacon, A Capability-Based Access Control Architecture for Multi-Domain Publish/Subscribe Systems, Proceedings of the International Symposium on Applications on Internet, p.222-228, January 23-27, 2006 [doi>10.1109/SAINT.2006.1]
	13	Peter R. Pietzuch , Jean Bacon, Hermes: A Distributed Event-Based Middleware Architecture, Proceedings of the 22nd International Conference on Distributed Computing Systems, p.611-618, July 02-05, 2002
	14	P. R. Pietzuch and S. Bhola. Congestion control in a reliable scalable message-oriented middleware. In M. Endler and D. Schmidt, editors, Proc. of the 4th Int. Conf. on Middleware (Middleware '03), pages 202--221, Rio de Janeiro, Brazil, June 2003. Springer.
	15	Sandro Rafaeli , David Hutchison, A survey of key management for secure group communication, ACM Computing Surveys (CSUR), v.35 n.3, p.309-329, September 2003 [doi>10.1145/937503.937506]
	16	C. Raiciu and D. S. Rosenblum. Enabling confidentiality in content-based publish/subscribe infrastructures. In Securecomm '06: Proceedings of the Second IEEE/CreatNet International Conference on Security and Privacy in Communication Networks, 2006.
	17	Phillip Rogaway , Mihir Bellare , John Black , Ted Krovetz, OCB: a block-cipher mode of operation for efficient authenticated encryption, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.502011]
	18	P. Rogaway and D. Wagner. A critique of CCM, Feb. 2003.
	19	Mudhakar Srivatsa , Ling Liu, Securing publish-subscribe overlay services with EventGuard, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA [doi>10.1145/1102120.1102158]
	20	C. Wang , A. Carzaniga , D. Evans , A. Wolf, Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems, Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9, p.303, January 07-10, 2002
	21	D. Whitfield and M. Hellman. Privacy and authentication: An introduction to cryptography. In Proceedings of the IEEE, volume 67, pages 397--427, 1979.
	22	D. Whiting, R. Housley, and N. Ferguson. Counter with CBC-MAC (CCM). RFC 3610, Internet Engineering Task Force, Sept. 2003.

CITED BY 3

	Kazuhiro Minami , Adam J. Lee , Marianne Winslett , Nikita Borisov, Secure aggregation in a publish-subscribe system, Proceedings of the 7th ACM workshop on Privacy in the electronic society, October 27-27, 2008, Alexandria, Virginia, USA
	Jean Bacon , David M. Eyers , Jatinder Singh , Peter R. Pietzuch, Access control in publish/subscribe systems, Proceedings of the second international conference on Distributed event-based systems, July 01-04, 2008, Rome, Italy
	Jatinder Singh , David M. Eyers , Jean Bacon, Controlling historical information dissemination in publish/subscribe, Proceedings of the 2008 workshop on Middleware security, p.34-39, December 02-02, 2008, Leuven, Belgium