SlideShare ist ein Scribd-Unternehmen logo

Publish-Subscribe Systems and Confidentiality Privacy

N
Nabeel Yoosuf

Introduction to pub-sub systems with emphasis on security

TechnologieBusiness
1 von 18
Downloaden Sie, um offline zu lesen
Publish-Subscribe Systems and Confidentiality/Privacy Nabeel Mohamed nabeel@cs.purdue.edu 4/4/08
Outline • Different Publish-Subscribe Systems • Security Issues and Possible Directions (Confidentiality/Privacy)
Publish/Subscribe Distributed Publisher Content Routers subscribe Subscriber Notify() Subscribe() publish unsubscribe Notify() Publisher Subscriber Unsubscribe() publish Notify() notify Publisher Distributed Subscriber Subscription Notify() Mgmt and Routing
General Properties of Pub-Sub • Many-to-Many structured P2P system • Loosely coupled form of interaction – Space decoupling – Time decoupling – Synchronization decoupling References: [1]
Filtering • Topic-based • Content-based • Type-based • Structure-based
Filtering: Topic-based • Events are grouped into channels • Each channel is identified by a keyword • Publisher publishes each event to a specific channel • Subscribers subscribe to channels they are interested in • Simplest scheme of matching events to subscribers • Example: Disseminating Trades and Quotes in two channels
Filtering: Content-based • More expressive power to subscribers than topic-based • Can be used for fine-grained access control as well • Added complexity of matching an event to a subscription • Example: Notify me of all quotes for Google with bid_price >= 400
Filtering: Type-based • Relate event kind to event type • Closer integration of the language and the middleware • Allows for compile-time type safety checks • Match events to subscriptions by their types (and further to members of these types) • Example: StockQuote and StockTrade are sub-types of Stock. Public members of these event types can be used to do content-based filtering while ensuring encapsulation. References: [8]
Filtering: Structure-based • First three filtering methods – Many documents to many subscribers • Structure-based routing address a different data dissemination problem – Different parts of one document to many subscribers • Only for hierarchically structured data References: [7]
Streaming Systems • Special kind of pub-sub systems • Usually have stringent timing, storage and performance requirements • Database community (DSMS) to Distributed systems
Next • Different Publish-Subscribe Systems • Security Issues and Possible Directions (Confidentiality/Privacy)
Generic Issues • Authentication • Integrity – Information Integrity – Subscription Integrity – Service Integrity • User Anonymity – Onion routing • Accountability • Availability
Confidentiality/Privacy • Information Confidentiality – Can we perform content-based routing without revealing the content to the infrastructure? • Subscription Privacy – Can subscribers specify filters without revealing their interest to the infrastructure? • Publication Confidentiality – How can publishers be sure that only the intended subscribers get the data? References: [2]
Information Confidentiality • Out-of-band key agreement issue – Attribute-based encryption [11] • Conflicting goals of keeping information secret and content-based routing – Computing with the encrypted/perturbed data • Feigenbaum and Abadi et. al. [3] • Agrawal et. al. [4]
Subscription Privacy • Examples – Trading preferences – Resume service • No node in the infrastructure should be able to infer about data items retrieved by users – Secure multiparty computations (E.g.: Millionaires‘ problem. A. Yao [6]) – Database research in private information retrieval (E.g.: O. Goldreich et. al. [5])
Publication Confidentiality • Application of access control • Information leakage issue • Most of the research on confidentiality has been done in this area • Out-of-band key agreement issue • Some solutions trust users to get over the issue of key agreement
Issues due to Optimization • Bandwidth minimization [9] • Coping with limited storage – Digests • Regulating high input/output rates • Continuous security enforcement as opposed to one time [10] • Different data representations
References [1] The Many Faces of Publish/Subscribe, Patrick Eugster, Pascal Felber, Rachid Guerraoui, 2003 [2] Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems Chenxi Wang, Antonio Carzaniga, David Evans, Alexander Wolf, 2002 [3] On Hiding Information from an Oracle, Martin Abadi, Joan Feigenbaum, Joe Kilian, 1987 [4] Order Preserving Encryption for Numerical Data, Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu, 2004 [5] Private Information Retrival, B. Chor, O. Goldreich, E. Kushilevitz, M. Sudan, 1998 [6] Protocols for Secure Compuations, Andrew C. Yao, 1982 [7] Secure Dissemination of XML Content Using Structure-based Routing, A. Kundu, E. Bertino, 2006 [8] On Objects and Events, P. Eugster, R. Guerraoui, C. Damm, 2001. [9] Secure Delta-Publishing of XML Content , Mohamed Nabeel, Elisa Bertino, 2008 [10] Security Punctuation Framework for Enforcing Access Control on Streaming Data, Rimma V. Nehme, Elke A. Rundensteiner and Elisa Bertino, 2008 [11] Secure Attribute-Based Systems, M. Pirretti, P. Traynor, P. McDaniel, B. Waters, 2006

Empfohlen

TACO-DTN
TACO-DTNTACO-DTN
TACO-DTNGiuseppe Sollazzo
 
Trusted Publish/Subscribe
Trusted Publish/SubscribeTrusted Publish/Subscribe
Trusted Publish/SubscribeStephen Naicken
 
Publish-Subscribe Middlewares
Publish-Subscribe MiddlewaresPublish-Subscribe Middlewares
Publish-Subscribe Middlewareshome
 
Publish and Subscribe
Publish and SubscribePublish and Subscribe
Publish and SubscribeAlexandru Badiu
 
Publish subscribe model overview
Publish subscribe model overviewPublish subscribe model overview
Publish subscribe model overviewIshraq Al Fataftah
 
Chapter-1-IntroDistributeddffsfdfsdf-1.pptx
Chapter-1-IntroDistributeddffsfdfsdf-1.pptxChapter-1-IntroDistributeddffsfdfsdf-1.pptx
Chapter-1-IntroDistributeddffsfdfsdf-1.pptxmeharikiros2
 
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET Journal
 
Distributed System ppt
Distributed System pptDistributed System ppt
Distributed System pptOECLIB Odisha Electronics Control Library
 

Empfohlen

TACO-DTN
TACO-DTNTACO-DTN
TACO-DTNGiuseppe Sollazzo
 
Trusted Publish/Subscribe
Trusted Publish/SubscribeTrusted Publish/Subscribe
Trusted Publish/SubscribeStephen Naicken
 
Publish-Subscribe Middlewares
Publish-Subscribe MiddlewaresPublish-Subscribe Middlewares
Publish-Subscribe Middlewareshome
 
Publish and Subscribe
Publish and SubscribePublish and Subscribe
Publish and SubscribeAlexandru Badiu
 
Publish subscribe model overview
Publish subscribe model overviewPublish subscribe model overview
Publish subscribe model overviewIshraq Al Fataftah
 
Chapter-1-IntroDistributeddffsfdfsdf-1.pptx
Chapter-1-IntroDistributeddffsfdfsdf-1.pptxChapter-1-IntroDistributeddffsfdfsdf-1.pptx
Chapter-1-IntroDistributeddffsfdfsdf-1.pptxmeharikiros2
 
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET Journal
 
Distributed System ppt
Distributed System pptDistributed System ppt
Distributed System pptOECLIB Odisha Electronics Control Library
 
Secure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud ComputingSecure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud ComputingIRJET Journal
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final showahmad abdelhafeez
 
Removing dependencies between services: Messaging and Apache Kafka
Removing dependencies between services: Messaging and Apache KafkaRemoving dependencies between services: Messaging and Apache Kafka
Removing dependencies between services: Messaging and Apache KafkaDaniel Muñoz Garrido
 
Cloud security issues and concerns
Cloud security issues and concernsCloud security issues and concerns
Cloud security issues and concernsMrinal Baowaly
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityGerardo Pardo-Castellote
 
3. challenges
3. challenges3. challenges
3. challengesAbDul ThaYyal
 
Distributed System PPT.pptx
Distributed System PPT.pptxDistributed System PPT.pptx
Distributed System PPT.pptxSELVAVINAYAGAMG
 
Network security
Network securityNetwork security
Network securitySri Manakula Vinayagar Engineering College
 
Band of brothers, building scalable social web apps on windows azure with asp...
Band of brothers, building scalable social web apps on windows azure with asp...Band of brothers, building scalable social web apps on windows azure with asp...
Band of brothers, building scalable social web apps on windows azure with asp...Marjan Nikolovski
 
public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...Ijripublishers Ijri
 
A Comprehensive Study On Data Mining Process With Distribution
A Comprehensive Study On Data Mining Process With DistributionA Comprehensive Study On Data Mining Process With Distribution
A Comprehensive Study On Data Mining Process With DistributionLori Mitchell
 
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...IJCERT JOURNAL
 
ITN_Module_3.pptx
ITN_Module_3.pptxITN_Module_3.pptx
ITN_Module_3.pptxargost1003
 
Information sharing pipeline
Information sharing pipelineInformation sharing pipeline
Information sharing pipelineVioleta Ilik
 
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud IRJET Journal
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Girish Chandra
 
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...IRJET Journal
 
Design patterns
Design patternsDesign patterns
Design patternsACCESS Health Digital
 
Data Virtualization Deployments: How to Manage Very Large Deployments
Data Virtualization Deployments: How to Manage Very Large DeploymentsData Virtualization Deployments: How to Manage Very Large Deployments
Data Virtualization Deployments: How to Manage Very Large DeploymentsDenodo
 
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...Big Data Value Association
 
Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful ApplicationsNabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Nabeel Yoosuf
 

Weitere ähnliche Inhalte

Ähnlich wie Publish-Subscribe Systems and Confidentiality Privacy

Secure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud ComputingSecure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud ComputingIRJET Journal
 
Removing dependencies between services: Messaging and Apache Kafka
Removing dependencies between services: Messaging and Apache KafkaRemoving dependencies between services: Messaging and Apache Kafka
Removing dependencies between services: Messaging and Apache KafkaDaniel Muñoz Garrido
 
Cloud security issues and concerns
Cloud security issues and concernsCloud security issues and concerns
Cloud security issues and concernsMrinal Baowaly
 
Distributed System PPT.pptx
Distributed System PPT.pptxDistributed System PPT.pptx
Distributed System PPT.pptxSELVAVINAYAGAMG
 
Band of brothers, building scalable social web apps on windows azure with asp...
Band of brothers, building scalable social web apps on windows azure with asp...Band of brothers, building scalable social web apps on windows azure with asp...
Band of brothers, building scalable social web apps on windows azure with asp...Marjan Nikolovski
 
public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...Ijripublishers Ijri
 
A Comprehensive Study On Data Mining Process With Distribution
A Comprehensive Study On Data Mining Process With DistributionA Comprehensive Study On Data Mining Process With Distribution
A Comprehensive Study On Data Mining Process With DistributionLori Mitchell
 
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...IJCERT JOURNAL
 
ITN_Module_3.pptx
ITN_Module_3.pptxITN_Module_3.pptx
ITN_Module_3.pptxargost1003
 
Information sharing pipeline
Information sharing pipelineInformation sharing pipeline
Information sharing pipelineVioleta Ilik
 
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud IRJET Journal
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Girish Chandra
 
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...IRJET Journal
 
Data Virtualization Deployments: How to Manage Very Large Deployments
Data Virtualization Deployments: How to Manage Very Large DeploymentsData Virtualization Deployments: How to Manage Very Large Deployments
Data Virtualization Deployments: How to Manage Very Large DeploymentsDenodo
 
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...Big Data Value Association
 

Ähnlich wie Publish-Subscribe Systems and Confidentiality Privacy (20)

Secure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud ComputingSecure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud Computing
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
 
Removing dependencies between services: Messaging and Apache Kafka
Removing dependencies between services: Messaging and Apache KafkaRemoving dependencies between services: Messaging and Apache Kafka
Removing dependencies between services: Messaging and Apache Kafka
 
Cloud security issues and concerns
Cloud security issues and concernsCloud security issues and concerns
Cloud security issues and concerns
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
 
3. challenges
3. challenges3. challenges
3. challenges
 
Distributed System PPT.pptx
Distributed System PPT.pptxDistributed System PPT.pptx
Distributed System PPT.pptx
 
Network security
Network securityNetwork security
Network security
 
Band of brothers, building scalable social web apps on windows azure with asp...
Band of brothers, building scalable social web apps on windows azure with asp...Band of brothers, building scalable social web apps on windows azure with asp...
Band of brothers, building scalable social web apps on windows azure with asp...
 
public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...
 
A Comprehensive Study On Data Mining Process With Distribution
A Comprehensive Study On Data Mining Process With DistributionA Comprehensive Study On Data Mining Process With Distribution
A Comprehensive Study On Data Mining Process With Distribution
 
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
 
ITN_Module_3.pptx
ITN_Module_3.pptxITN_Module_3.pptx
ITN_Module_3.pptx
 
Information sharing pipeline
Information sharing pipelineInformation sharing pipeline
Information sharing pipeline
 
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud
 
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
 
Design patterns
Design patternsDesign patterns
Design patterns
 
Data Virtualization Deployments: How to Manage Very Large Deployments
Data Virtualization Deployments: How to Manage Very Large DeploymentsData Virtualization Deployments: How to Manage Very Large Deployments
Data Virtualization Deployments: How to Manage Very Large Deployments
 
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
 

Mehr von Nabeel Yoosuf

Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful ApplicationsNabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to TokenizationNabeel Yoosuf
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsNabeel Yoosuf
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsNabeel Yoosuf
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and PracticeNabeel Yoosuf
 
Efficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDEfficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDNabeel Yoosuf
 
A Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsA Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsNabeel Yoosuf
 

Mehr von Nabeel Yoosuf (12)

Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful Applications
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
API Façade Pattern
API Façade PatternAPI Façade Pattern
API Façade Pattern
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to Tokenization
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management Systems
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systems
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and Practice
 
Efficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDEfficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDD
 
A Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsA Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML Documents
 

Kürzlich hochgeladen

JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 

Kürzlich hochgeladen (20)

JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 

Publish-Subscribe Systems and Confidentiality Privacy

  • 1. Publish-Subscribe Systems and Confidentiality/Privacy Nabeel Mohamed nabeel@cs.purdue.edu 4/4/08
  • 2. Outline • Different Publish-Subscribe Systems • Security Issues and Possible Directions (Confidentiality/Privacy)
  • 3. Publish/Subscribe Distributed Publisher Content Routers subscribe Subscriber Notify() Subscribe() publish unsubscribe Notify() Publisher Subscriber Unsubscribe() publish Notify() notify Publisher Distributed Subscriber Subscription Notify() Mgmt and Routing
  • 4. General Properties of Pub-Sub • Many-to-Many structured P2P system • Loosely coupled form of interaction – Space decoupling – Time decoupling – Synchronization decoupling References: [1]
  • 5. Filtering • Topic-based • Content-based • Type-based • Structure-based
  • 6. Filtering: Topic-based • Events are grouped into channels • Each channel is identified by a keyword • Publisher publishes each event to a specific channel • Subscribers subscribe to channels they are interested in • Simplest scheme of matching events to subscribers • Example: Disseminating Trades and Quotes in two channels
  • 7. Filtering: Content-based • More expressive power to subscribers than topic-based • Can be used for fine-grained access control as well • Added complexity of matching an event to a subscription • Example: Notify me of all quotes for Google with bid_price >= 400
  • 8. Filtering: Type-based • Relate event kind to event type • Closer integration of the language and the middleware • Allows for compile-time type safety checks • Match events to subscriptions by their types (and further to members of these types) • Example: StockQuote and StockTrade are sub-types of Stock. Public members of these event types can be used to do content-based filtering while ensuring encapsulation. References: [8]
  • 9. Filtering: Structure-based • First three filtering methods – Many documents to many subscribers • Structure-based routing address a different data dissemination problem – Different parts of one document to many subscribers • Only for hierarchically structured data References: [7]
  • 10. Streaming Systems • Special kind of pub-sub systems • Usually have stringent timing, storage and performance requirements • Database community (DSMS) to Distributed systems
  • 11. Next • Different Publish-Subscribe Systems • Security Issues and Possible Directions (Confidentiality/Privacy)
  • 12. Generic Issues • Authentication • Integrity – Information Integrity – Subscription Integrity – Service Integrity • User Anonymity – Onion routing • Accountability • Availability
  • 13. Confidentiality/Privacy • Information Confidentiality – Can we perform content-based routing without revealing the content to the infrastructure? • Subscription Privacy – Can subscribers specify filters without revealing their interest to the infrastructure? • Publication Confidentiality – How can publishers be sure that only the intended subscribers get the data? References: [2]
  • 14. Information Confidentiality • Out-of-band key agreement issue – Attribute-based encryption [11] • Conflicting goals of keeping information secret and content-based routing – Computing with the encrypted/perturbed data • Feigenbaum and Abadi et. al. [3] • Agrawal et. al. [4]
  • 15. Subscription Privacy • Examples – Trading preferences – Resume service • No node in the infrastructure should be able to infer about data items retrieved by users – Secure multiparty computations (E.g.: Millionaires‘ problem. A. Yao [6]) – Database research in private information retrieval (E.g.: O. Goldreich et. al. [5])
  • 16. Publication Confidentiality • Application of access control • Information leakage issue • Most of the research on confidentiality has been done in this area • Out-of-band key agreement issue • Some solutions trust users to get over the issue of key agreement
  • 17. Issues due to Optimization • Bandwidth minimization [9] • Coping with limited storage – Digests • Regulating high input/output rates • Continuous security enforcement as opposed to one time [10] • Different data representations
  • 18. References [1] The Many Faces of Publish/Subscribe, Patrick Eugster, Pascal Felber, Rachid Guerraoui, 2003 [2] Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems Chenxi Wang, Antonio Carzaniga, David Evans, Alexander Wolf, 2002 [3] On Hiding Information from an Oracle, Martin Abadi, Joan Feigenbaum, Joe Kilian, 1987 [4] Order Preserving Encryption for Numerical Data, Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu, 2004 [5] Private Information Retrival, B. Chor, O. Goldreich, E. Kushilevitz, M. Sudan, 1998 [6] Protocols for Secure Compuations, Andrew C. Yao, 1982 [7] Secure Dissemination of XML Content Using Structure-based Routing, A. Kundu, E. Bertino, 2006 [8] On Objects and Events, P. Eugster, R. Guerraoui, C. Damm, 2001. [9] Secure Delta-Publishing of XML Content , Mohamed Nabeel, Elisa Bertino, 2008 [10] Security Punctuation Framework for Enforcing Access Control on Streaming Data, Rimma V. Nehme, Elke A. Rundensteiner and Elisa Bertino, 2008 [11] Secure Attribute-Based Systems, M. Pirretti, P. Traynor, P. McDaniel, B. Waters, 2006