Results 1 - 10
of
80
Content-Based Networking: A New Communication Infrastructure
, 2001
"... We argue that the needs of many classes of modern applications, especially those targeted at mobile or wireless computing, demand the services of content-based publish/subscribe middleware, and that this middleware in turn demands a new kind of communication infrastructure for its proper impleme ..."
Abstract
-
Cited by 116 (10 self)
- Add to MetaCart
(Show Context)
We argue that the needs of many classes of modern applications, especially those targeted at mobile or wireless computing, demand the services of content-based publish/subscribe middleware, and that this middleware in turn demands a new kind of communication infrastructure for its proper implementation. We refer to this new communication infrastructure as content-based networking. The service model of this network must directly support the interface of an advanced content-based publish/subscribe middleware service. At the same time, the implementation must be architected as a true distributed network, providing appropriate guarantees of reliability, security, and performance. We do not propose content-based networking as a replacement for IP, nor do we advocate an implementation of a publish/subscribe middleware at the network level (i.e., within routers). Instead, we argue that contentbased networking must be designed according to established networking principles and techniques. To this end, in this paper, we formulate the foundational concepts of content-based networking, and relate them to the corresponding concepts in traditional networking. We also briefly review our experience with content-based publish/subscribe middleware and suggest some open research problems in the area of content-based networking.
Hermes: A Scalable Event-Based Middleware
, 2004
"... Large-scale distributed systems require new middleware paradigms that do not suffer from the limitations of traditional request/reply middleware. These limitations include tight coupling between components, a lack of information filtering capabilities, and support for one-to-one communication semant ..."
Abstract
-
Cited by 55 (2 self)
- Add to MetaCart
(Show Context)
Large-scale distributed systems require new middleware paradigms that do not suffer from the limitations of traditional request/reply middleware. These limitations include tight coupling between components, a lack of information filtering capabilities, and support for one-to-one communication semantics only. We argue that event-based middleware is a scalable and power-ful new type of middleware for building large-scale distributed systems. However, it is important that an event-based middleware platform includes all the standard functionality that an appli-cation programmer expects from middleware. In this thesis we describe the design and implementation of Hermes, a distributed, event-based middleware platform. The power and flexibility of Hermes is illustrated throughout for two application domains: Internet-wide news distribution and a sensor-rich, active building. Hermes follows a type- and attribute-based publish/subscribe model that places particular emphasis on programming language integration by supporting type-checking of event data and event type inheritance. To handle dynamic, large-scale environments, Hermes uses peer-to-peer techniques for autonomic management of its overlay network of event brokers and for scalable
Distributed Event Routing in Publish/Subscribe Communication Systems: a Survey
, 2005
"... Abstract. Distributed event routing has emerged as a key technology for achieving scalable information dissemination. In particular it has been used as preferential communication backbone within publish/subscribe communication system. Its aim is to reduce the network and computational overhead per e ..."
Abstract
-
Cited by 37 (3 self)
- Add to MetaCart
Abstract. Distributed event routing has emerged as a key technology for achieving scalable information dissemination. In particular it has been used as preferential communication backbone within publish/subscribe communication system. Its aim is to reduce the network and computational overhead per event diffusion to a set (possibly large) of interested recipients. This paper introduces an unifying framework, namely a publish/subscribe architecture, that points out the functional decomposition between event-based routing layer, the overlay infrastructure layer and the network protocols layer. Hence the paper, firstly, surveys current algorithms for event based routing and possible overlay infrastructures in wired and mobile systems and, secondly, it discusses how and when single solutions at each level can be combined in the publish/subscribe architecture. Finally the paper positions existing publish/subscribe systems within the proposed architecture. 1
Role-Based Access Control for Publish/Subscribe Middleware Architectures
- IN INTERNATIONAL WORKSHOP ON DISTRIBUTED EVENT-BASED SYSTEMS (DEBS03), ACM SIGMOD
, 2003
"... Research into publish/subscribe messaging has so far done little to propose architectures for the support of access control, yet this will be an increasingly critical requirement as systems move to Internet-scale. This paper discusses the general requirements of publish/subscribe systems with access ..."
Abstract
-
Cited by 33 (6 self)
- Add to MetaCart
(Show Context)
Research into publish/subscribe messaging has so far done little to propose architectures for the support of access control, yet this will be an increasingly critical requirement as systems move to Internet-scale. This paper discusses the general requirements of publish/subscribe systems with access control. We then present our specific integration of OASIS role-based access control into the Hermes publish /subscribe middleware platform. Our system supports many advanced features, such as the ability to work within a network where nodes are attributed different levels of trust, and employs a variety of access restriction methods which balance expressiveness with the content-based routing optimisations available. We illustrate our achievements by discussing an application scenario in which our system will be of particular use.
Enabling Confidentiality in Content-Based Publish/Subscribe . . .
"... Content-Based Publish/Subscribe (CBPS) is an interaction model where the interests of subscribers are stored in a content-based forwarding infrastructure to guide routing of notifications to interested parties. In this paper, we focus on answering the following question: Can we implement content-ba ..."
Abstract
-
Cited by 24 (3 self)
- Add to MetaCart
Content-Based Publish/Subscribe (CBPS) is an interaction model where the interests of subscribers are stored in a content-based forwarding infrastructure to guide routing of notifications to interested parties. In this paper, we focus on answering the following question: Can we implement content-based publish/subscribe while keeping subscriptions and notifications confidential from the forwarding brokers? Our contributions include a systematic analysis of the problem, providing a formal security model and showing that the maximum level of attainable security in this setting is restricted. We focus on enabling provable confidentiality for commonly used applications and subscription languages in CBPS and present a series of practical provably secure protocols, some of which are novel and others adapted from existing work. We have implemented these protocols in SIENA, a popular CBPS system. Evaluation results show that confidential content-based publish/subscribe is practical: A single broker serving 1000 subscribers is able to route more than 100 notifications per second with our solutions.
Scalable security and accounting services for content-based publish/subscribe systems
- Subscribe Systems, Proceedings Symposium on Applied Computing
, 2005
"... Content-based publish/subscribe systems offer an interaction scheme that is appropriate for a variety of large scale dynamic applications. However, widespread use of these systems is hindered by a lack of suitable security services. In this paper we present scalable solutions for confidentiality, in ..."
Abstract
-
Cited by 19 (0 self)
- Add to MetaCart
Content-based publish/subscribe systems offer an interaction scheme that is appropriate for a variety of large scale dynamic applications. However, widespread use of these systems is hindered by a lack of suitable security services. In this paper we present scalable solutions for confidentiality, integrity, and authentication for these systems. We also provide verifiable usagebased accounting services, which are required for e-commerce and e-business applications that use publish/subscribe systems. Our solutions are applicable in a setting where publishers and subscribers may not trust the publish/subscribe infrastructure. Keywords: Publish/subscribe systems, Electronic Commerce, Security
Towards an Access Control Mechanism for Wide-area Publish/Subscribe Systems
- In International Workshop on Distributed Event-based Systems
, 2002
"... The publish/subscribe communication model is increasingly considered for implementing middleware infrastructures for widely distributed applications. Scalability issues and routing algorithms of such systems have recently been the focus of intensive research. So far little attention has been given t ..."
Abstract
-
Cited by 19 (1 self)
- Add to MetaCart
(Show Context)
The publish/subscribe communication model is increasingly considered for implementing middleware infrastructures for widely distributed applications. Scalability issues and routing algorithms of such systems have recently been the focus of intensive research. So far little attention has been given to security and management issues.
Security Aspects in Publish/Subscribe Systems
- In Third Intl. Workshop on Distributed Event-based Systems (DEBS’04
, 2004
"... Publish/subscribe is emerging as a very flexible communication paradigm that is applicable to environments demanding scalable and evolvable architectures. Although considered for workflow, electronic commerce, mobile systems, and others, security issues have long been neglected in publish/subscribe ..."
Abstract
-
Cited by 18 (2 self)
- Add to MetaCart
(Show Context)
Publish/subscribe is emerging as a very flexible communication paradigm that is applicable to environments demanding scalable and evolvable architectures. Although considered for workflow, electronic commerce, mobile systems, and others, security issues have long been neglected in publish/subscribe systems. Recent advances address this issue, but only on a low, technical level. In this paper, we analyze the trust relationships between producers, consumers, and the notification infrastructure. We devise groups of trust to model and implement security constraints both on the application and the system level. The concept of scopes helps to localize and implement security policies as an aspect of structured publish/subscribe systems.
Secure Selecticast for collaborative intrusion detection systems
- in: Workshop on Distributed EventBased System
, 2002
"... The problem domain of Collaborative Intrusion Detection Systems (CIDS) introduces distinctive data routing challenges, which we show are solvable through a sufficiently flexible publish-subscribe system. CIDS share intrusion detection data among organizations, usually to predict impending attacks ea ..."
Abstract
-
Cited by 18 (4 self)
- Add to MetaCart
(Show Context)
The problem domain of Collaborative Intrusion Detection Systems (CIDS) introduces distinctive data routing challenges, which we show are solvable through a sufficiently flexible publish-subscribe system. CIDS share intrusion detection data among organizations, usually to predict impending attacks earlier and more accurately, e.g., from Internet worms that tend to attack many sites at once. CIDS participants collect lists of suspect IP addresses, and want to be notified if others are suspicious of the same addresses. The matching must be done efficiently and anonymously, as most organizations are reluctant to share potentially revealing information about their networks. Alerts regarding external probes should only be visible to other CIDS participants experiencing probes from the same source(s). We term this type of simultaneous publish/subscribe “selecticast.” We present a potential solution using the secure Bloom filter data structure propagated over the MEET publishsubscribe framework. 1.
