SlideShare une entreprise Scribd logo

Pub-Sub Systems and Confidentiality/Privacy

N
Nabeel Yoosuf

Introduction to pub-sub systems with emphasis on security

TechnologieBusiness
1  sur  18
Télécharger pour lire hors ligne
Publish-Subscribe Systems and Confidentiality/Privacy Nabeel Mohamed nabeel@cs.purdue.edu 4/4/08
Outline • Different Publish-Subscribe Systems • Security Issues and Possible Directions (Confidentiality/Privacy)
Publish/Subscribe Distributed Publisher Content Routers subscribe Subscriber Notify() Subscribe() publish unsubscribe Notify() Publisher Subscriber Unsubscribe() publish Notify() notify Publisher Distributed Subscriber Subscription Notify() Mgmt and Routing
General Properties of Pub-Sub • Many-to-Many structured P2P system • Loosely coupled form of interaction – Space decoupling – Time decoupling – Synchronization decoupling References: [1]
Filtering • Topic-based • Content-based • Type-based • Structure-based
Filtering: Topic-based • Events are grouped into channels • Each channel is identified by a keyword • Publisher publishes each event to a specific channel • Subscribers subscribe to channels they are interested in • Simplest scheme of matching events to subscribers • Example: Disseminating Trades and Quotes in two channels
Filtering: Content-based • More expressive power to subscribers than topic-based • Can be used for fine-grained access control as well • Added complexity of matching an event to a subscription • Example: Notify me of all quotes for Google with bid_price >= 400
Filtering: Type-based • Relate event kind to event type • Closer integration of the language and the middleware • Allows for compile-time type safety checks • Match events to subscriptions by their types (and further to members of these types) • Example: StockQuote and StockTrade are sub-types of Stock. Public members of these event types can be used to do content-based filtering while ensuring encapsulation. References: [8]
Filtering: Structure-based • First three filtering methods – Many documents to many subscribers • Structure-based routing address a different data dissemination problem – Different parts of one document to many subscribers • Only for hierarchically structured data References: [7]
Streaming Systems • Special kind of pub-sub systems • Usually have stringent timing, storage and performance requirements • Database community (DSMS) to Distributed systems
Next • Different Publish-Subscribe Systems • Security Issues and Possible Directions (Confidentiality/Privacy)
Generic Issues • Authentication • Integrity – Information Integrity – Subscription Integrity – Service Integrity • User Anonymity – Onion routing • Accountability • Availability
Confidentiality/Privacy • Information Confidentiality – Can we perform content-based routing without revealing the content to the infrastructure? • Subscription Privacy – Can subscribers specify filters without revealing their interest to the infrastructure? • Publication Confidentiality – How can publishers be sure that only the intended subscribers get the data? References: [2]
Information Confidentiality • Out-of-band key agreement issue – Attribute-based encryption [11] • Conflicting goals of keeping information secret and content-based routing – Computing with the encrypted/perturbed data • Feigenbaum and Abadi et. al. [3] • Agrawal et. al. [4]
Subscription Privacy • Examples – Trading preferences – Resume service • No node in the infrastructure should be able to infer about data items retrieved by users – Secure multiparty computations (E.g.: Millionaires‘ problem. A. Yao [6]) – Database research in private information retrieval (E.g.: O. Goldreich et. al. [5])
Publication Confidentiality • Application of access control • Information leakage issue • Most of the research on confidentiality has been done in this area • Out-of-band key agreement issue • Some solutions trust users to get over the issue of key agreement
Issues due to Optimization • Bandwidth minimization [9] • Coping with limited storage – Digests • Regulating high input/output rates • Continuous security enforcement as opposed to one time [10] • Different data representations
References [1] The Many Faces of Publish/Subscribe, Patrick Eugster, Pascal Felber, Rachid Guerraoui, 2003 [2] Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems Chenxi Wang, Antonio Carzaniga, David Evans, Alexander Wolf, 2002 [3] On Hiding Information from an Oracle, Martin Abadi, Joan Feigenbaum, Joe Kilian, 1987 [4] Order Preserving Encryption for Numerical Data, Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu, 2004 [5] Private Information Retrival, B. Chor, O. Goldreich, E. Kushilevitz, M. Sudan, 1998 [6] Protocols for Secure Compuations, Andrew C. Yao, 1982 [7] Secure Dissemination of XML Content Using Structure-based Routing, A. Kundu, E. Bertino, 2006 [8] On Objects and Events, P. Eugster, R. Guerraoui, C. Damm, 2001. [9] Secure Delta-Publishing of XML Content , Mohamed Nabeel, Elisa Bertino, 2008 [10] Security Punctuation Framework for Enforcing Access Control on Streaming Data, Rimma V. Nehme, Elke A. Rundensteiner and Elisa Bertino, 2008 [11] Secure Attribute-Based Systems, M. Pirretti, P. Traynor, P. McDaniel, B. Waters, 2006

Recommandé

TACO-DTN
TACO-DTNTACO-DTN
TACO-DTN
Giuseppe Sollazzo
 
Trusted Publish/Subscribe
Trusted Publish/SubscribeTrusted Publish/Subscribe
Trusted Publish/Subscribe
Stephen Naicken
 
Publish-Subscribe Middlewares
Publish-Subscribe MiddlewaresPublish-Subscribe Middlewares
Publish-Subscribe Middlewares
home
 
Publish and Subscribe
Publish and SubscribePublish and Subscribe
Publish and Subscribe
Alexandru Badiu
 
Publish subscribe model overview
Publish subscribe model overviewPublish subscribe model overview
Publish subscribe model overview
Ishraq Al Fataftah
 
Chapter-1-IntroDistributeddffsfdfsdf-1.pptx
Chapter-1-IntroDistributeddffsfdfsdf-1.pptxChapter-1-IntroDistributeddffsfdfsdf-1.pptx
Chapter-1-IntroDistributeddffsfdfsdf-1.pptx
meharikiros2
 
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET Journal
 
Distributed System ppt
Distributed System pptDistributed System ppt
Distributed System ppt
OECLIB Odisha Electronics Control Library
 

Recommandé

TACO-DTN
TACO-DTNTACO-DTN
TACO-DTN
Giuseppe Sollazzo
 
Trusted Publish/Subscribe
Trusted Publish/SubscribeTrusted Publish/Subscribe
Trusted Publish/Subscribe
Stephen Naicken
 
Publish-Subscribe Middlewares
Publish-Subscribe MiddlewaresPublish-Subscribe Middlewares
Publish-Subscribe Middlewares
home
 
Publish and Subscribe
Publish and SubscribePublish and Subscribe
Publish and Subscribe
Alexandru Badiu
 
Publish subscribe model overview
Publish subscribe model overviewPublish subscribe model overview
Publish subscribe model overview
Ishraq Al Fataftah
 
Chapter-1-IntroDistributeddffsfdfsdf-1.pptx
Chapter-1-IntroDistributeddffsfdfsdf-1.pptxChapter-1-IntroDistributeddffsfdfsdf-1.pptx
Chapter-1-IntroDistributeddffsfdfsdf-1.pptx
meharikiros2
 
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET Journal
 
Distributed System ppt
Distributed System pptDistributed System ppt
Distributed System ppt
OECLIB Odisha Electronics Control Library
 
Secure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud ComputingSecure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud Computing
IRJET Journal
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
ahmad abdelhafeez
 
Removing dependencies between services: Messaging and Apache Kafka
Removing dependencies between services: Messaging and Apache KafkaRemoving dependencies between services: Messaging and Apache Kafka
Removing dependencies between services: Messaging and Apache Kafka
Daniel Muñoz Garrido
 
Cloud security issues and concerns
Cloud security issues and concernsCloud security issues and concerns
Cloud security issues and concerns
Mrinal Baowaly
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
Gerardo Pardo-Castellote
 
3. challenges
3. challenges3. challenges
3. challenges
AbDul ThaYyal
 
Distributed System PPT.pptx
Distributed System PPT.pptxDistributed System PPT.pptx
Distributed System PPT.pptx
SELVAVINAYAGAMG
 
Network security
Network securityNetwork security
Network security
Sri Manakula Vinayagar Engineering College
 
Band of brothers, building scalable social web apps on windows azure with asp...
Band of brothers, building scalable social web apps on windows azure with asp...Band of brothers, building scalable social web apps on windows azure with asp...
Band of brothers, building scalable social web apps on windows azure with asp...
Marjan Nikolovski
 
public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...
Ijripublishers Ijri
 
A Comprehensive Study On Data Mining Process With Distribution
A Comprehensive Study On Data Mining Process With DistributionA Comprehensive Study On Data Mining Process With Distribution
A Comprehensive Study On Data Mining Process With Distribution
Lori Mitchell
 
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
IJCERT JOURNAL
 
ITN_Module_3.pptx
ITN_Module_3.pptxITN_Module_3.pptx
ITN_Module_3.pptx
argost1003
 
Information sharing pipeline
Information sharing pipelineInformation sharing pipeline
Information sharing pipeline
Violeta Ilik
 
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
IRJET Journal
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Girish Chandra
 
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
IRJET Journal
 
Design patterns
Design patternsDesign patterns
Design patterns
ACCESS Health Digital
 
Data Virtualization Deployments: How to Manage Very Large Deployments
Data Virtualization Deployments: How to Manage Very Large DeploymentsData Virtualization Deployments: How to Manage Very Large Deployments
Data Virtualization Deployments: How to Manage Very Large Deployments
Denodo
 
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
Big Data Value Association
 
Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful Applications
Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
Nabeel Yoosuf
 

Contenu connexe

Similaire à Pub-Sub Systems and Confidentiality/Privacy

public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...
Ijripublishers Ijri
 
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
IJCERT JOURNAL
 

Similaire à Pub-Sub Systems and Confidentiality/Privacy (20)

Secure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud ComputingSecure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud Computing
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
 
Removing dependencies between services: Messaging and Apache Kafka
Removing dependencies between services: Messaging and Apache KafkaRemoving dependencies between services: Messaging and Apache Kafka
Removing dependencies between services: Messaging and Apache Kafka
 
Cloud security issues and concerns
Cloud security issues and concernsCloud security issues and concerns
Cloud security issues and concerns
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
 
3. challenges
3. challenges3. challenges
3. challenges
 
Distributed System PPT.pptx
Distributed System PPT.pptxDistributed System PPT.pptx
Distributed System PPT.pptx
 
Network security
Network securityNetwork security
Network security
 
Band of brothers, building scalable social web apps on windows azure with asp...
Band of brothers, building scalable social web apps on windows azure with asp...Band of brothers, building scalable social web apps on windows azure with asp...
Band of brothers, building scalable social web apps on windows azure with asp...
 
public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...public truthfulness assessment for shared active cloud data storage with grou...
public truthfulness assessment for shared active cloud data storage with grou...
 
A Comprehensive Study On Data Mining Process With Distribution
A Comprehensive Study On Data Mining Process With DistributionA Comprehensive Study On Data Mining Process With Distribution
A Comprehensive Study On Data Mining Process With Distribution
 
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...
 
ITN_Module_3.pptx
ITN_Module_3.pptxITN_Module_3.pptx
ITN_Module_3.pptx
 
Information sharing pipeline
Information sharing pipelineInformation sharing pipeline
Information sharing pipeline
 
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
A Survey Paper on Removal of Data Duplication in a Hybrid Cloud
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud
 
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
Securing Liaison-Less Publisher/Subscriber Systems using Identity Based Encr...
 
Design patterns
Design patternsDesign patterns
Design patterns
 
Data Virtualization Deployments: How to Manage Very Large Deployments
Data Virtualization Deployments: How to Manage Very Large DeploymentsData Virtualization Deployments: How to Manage Very Large Deployments
Data Virtualization Deployments: How to Manage Very Large Deployments
 
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
 

Plus de Nabeel Yoosuf

Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management Systems
Nabeel Yoosuf
 

Plus de Nabeel Yoosuf (12)

Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful Applications
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
API Façade Pattern
API Façade PatternAPI Façade Pattern
API Façade Pattern
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to Tokenization
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management Systems
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systems
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and Practice
 
Efficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDEfficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDD
 
A Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsA Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML Documents
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Dernier (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 

Pub-Sub Systems and Confidentiality/Privacy

  • 1. Publish-Subscribe Systems and Confidentiality/Privacy Nabeel Mohamed nabeel@cs.purdue.edu 4/4/08
  • 2. Outline • Different Publish-Subscribe Systems • Security Issues and Possible Directions (Confidentiality/Privacy)
  • 3. Publish/Subscribe Distributed Publisher Content Routers subscribe Subscriber Notify() Subscribe() publish unsubscribe Notify() Publisher Subscriber Unsubscribe() publish Notify() notify Publisher Distributed Subscriber Subscription Notify() Mgmt and Routing
  • 4. General Properties of Pub-Sub • Many-to-Many structured P2P system • Loosely coupled form of interaction – Space decoupling – Time decoupling – Synchronization decoupling References: [1]
  • 5. Filtering • Topic-based • Content-based • Type-based • Structure-based
  • 6. Filtering: Topic-based • Events are grouped into channels • Each channel is identified by a keyword • Publisher publishes each event to a specific channel • Subscribers subscribe to channels they are interested in • Simplest scheme of matching events to subscribers • Example: Disseminating Trades and Quotes in two channels
  • 7. Filtering: Content-based • More expressive power to subscribers than topic-based • Can be used for fine-grained access control as well • Added complexity of matching an event to a subscription • Example: Notify me of all quotes for Google with bid_price >= 400
  • 8. Filtering: Type-based • Relate event kind to event type • Closer integration of the language and the middleware • Allows for compile-time type safety checks • Match events to subscriptions by their types (and further to members of these types) • Example: StockQuote and StockTrade are sub-types of Stock. Public members of these event types can be used to do content-based filtering while ensuring encapsulation. References: [8]
  • 9. Filtering: Structure-based • First three filtering methods – Many documents to many subscribers • Structure-based routing address a different data dissemination problem – Different parts of one document to many subscribers • Only for hierarchically structured data References: [7]
  • 10. Streaming Systems • Special kind of pub-sub systems • Usually have stringent timing, storage and performance requirements • Database community (DSMS) to Distributed systems
  • 11. Next • Different Publish-Subscribe Systems • Security Issues and Possible Directions (Confidentiality/Privacy)
  • 12. Generic Issues • Authentication • Integrity – Information Integrity – Subscription Integrity – Service Integrity • User Anonymity – Onion routing • Accountability • Availability
  • 13. Confidentiality/Privacy • Information Confidentiality – Can we perform content-based routing without revealing the content to the infrastructure? • Subscription Privacy – Can subscribers specify filters without revealing their interest to the infrastructure? • Publication Confidentiality – How can publishers be sure that only the intended subscribers get the data? References: [2]
  • 14. Information Confidentiality • Out-of-band key agreement issue – Attribute-based encryption [11] • Conflicting goals of keeping information secret and content-based routing – Computing with the encrypted/perturbed data • Feigenbaum and Abadi et. al. [3] • Agrawal et. al. [4]
  • 15. Subscription Privacy • Examples – Trading preferences – Resume service • No node in the infrastructure should be able to infer about data items retrieved by users – Secure multiparty computations (E.g.: Millionaires‘ problem. A. Yao [6]) – Database research in private information retrieval (E.g.: O. Goldreich et. al. [5])
  • 16. Publication Confidentiality • Application of access control • Information leakage issue • Most of the research on confidentiality has been done in this area • Out-of-band key agreement issue • Some solutions trust users to get over the issue of key agreement
  • 17. Issues due to Optimization • Bandwidth minimization [9] • Coping with limited storage – Digests • Regulating high input/output rates • Continuous security enforcement as opposed to one time [10] • Different data representations
  • 18. References [1] The Many Faces of Publish/Subscribe, Patrick Eugster, Pascal Felber, Rachid Guerraoui, 2003 [2] Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems Chenxi Wang, Antonio Carzaniga, David Evans, Alexander Wolf, 2002 [3] On Hiding Information from an Oracle, Martin Abadi, Joan Feigenbaum, Joe Kilian, 1987 [4] Order Preserving Encryption for Numerical Data, Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu, 2004 [5] Private Information Retrival, B. Chor, O. Goldreich, E. Kushilevitz, M. Sudan, 1998 [6] Protocols for Secure Compuations, Andrew C. Yao, 1982 [7] Secure Dissemination of XML Content Using Structure-based Routing, A. Kundu, E. Bertino, 2006 [8] On Objects and Events, P. Eugster, R. Guerraoui, C. Damm, 2001. [9] Secure Delta-Publishing of XML Content , Mohamed Nabeel, Elisa Bertino, 2008 [10] Security Punctuation Framework for Enforcing Access Control on Streaming Data, Rimma V. Nehme, Elke A. Rundensteiner and Elisa Bertino, 2008 [11] Secure Attribute-Based Systems, M. Pirretti, P. Traynor, P. McDaniel, B. Waters, 2006