Mudhakar Srivatsa
Ling Liu
ABSTRACT
A publish-subscribe overlay service is a wide-area communication infrastructure that enables information dissemination across geographically scattered and potentially unlimited number of publishers and subscribers. A wide-area publish-subscribe (pub-sub) system is often implemented as a collection of spatially disparate nodes communicating on top of a peer to peer overlay network. Such a model presents many inherent benefits such as scalability and performance, as well as potential challenges such as: (i) confidentiality & integrity, (ii) authentication, and (iii) denial-of-service (DoS) attacks. In this paper we present EventGuard for securing pub-sub overlay services. EventGuard comprises of a suite of security guards that can be seamlessly plugged-into a content-based pub-sub system. EventGuard mechanisms aim at providing security guarantees while maintaining the system's overall simplicity, scalability and performance metrics. We present an implementation which shows that EventGuard is easily stackable on any content-based pub-sub core. Finally, our experimental results show that EventGuard can secure a pub-sub system with minimal performance penalty.
- K. Aguilera and R. Strom. Efficient atomic broadcast using deterministic merge. In Proceedings of the 19th ACM PODC, 2000.]] Google Scholar
Digital Library
- M. Aguilera, R. Strom, D. Sturman, M. Astley, and T. Chandra. Matching events in a content-based subscription system. In Proceedings of the 18th ACM PODC, 1999.]] Google ScholarDigital Library
- G. Banavar, T. Chandra, B. Mukherjee, and J. Nagarajarao. An efficient multicast protocol for content-based publish subscribe systems. In Proceedings of the 19th ICDCS, 1999.]] Google ScholarDigital Library
- A. Carzaniga. Siena - software. http://serl.cs.colorado.edu/ carzanig/siena/software/index.html.]]Google Scholar
- A. Carzaniga, D. S. Rosenblum, and A. L. Wolf. Design and evaluation of a wide-area event notification service. In ACM Transactions on Computer System, 19(3):332--383, 2001.]] Google ScholarDigital Library
- CNN. Gates: Buy stamps to send email. http://www.cnn.com/2004/TECH/internet/03/05/spam.charge.ap/.]]Google Scholar
- A. K. Datta, M. Gradinariu, M. Raynal, and G. Simon. Anonymous publish/subscribe in P2P networks. In Proceedings of IPDPS, 2003.]] Google ScholarDigital Library
- D. Eastlake and P. Jones. US secure hash algorithm 1. http://www.ietf.org/rfc/rfc3174.txt, 2001.]] Google ScholarDigital Library
- T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithm. In IEEE transactions on information theory, 31(4): 469-472, 1985.]]Google Scholar
- FIPS. Data encryption standard (DES). http://www.itl.nist.gov/pspubs/ p46--2.htm.]]Google Scholar
- H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for message authentication. http://www.faqs.org/rfcs/rfc2104.html.]] Google ScholarDigital Library
- D. Malkhi, O. Rodeh, and M. Reiter. Efficient update diffusion in byzantine environments. In Proceedings of 20th IEEE SRDS, 2001.]] Google ScholarDigital Library
- NIST. AES: Advanced encryption standard. http://csrc.nist.gov/CryptoToolkit/aes/.]]Google Scholar
- L. Opyrchal and A. Prakash. Secure distribution of events in content-based publish subscribe system. In Proceedings of the 10th USENIX Security Symposium, 2001.]] Google ScholarDigital Library
- Sylvia Ratnasamy Qin Lv and Scott Shenker. Can heterogeneity make gnutella scalable? In Proceedings of the first International Workshop on Peer-to Peer Systems, 2002.]] Google ScholarDigital Library
- S. Rafaeli and D. Hutchison. A survey of key management for secure group communication. In Journal of the ACM Computing Surveys, Vol 35, Issue 3, 2003.]] Google ScholarDigital Library
- C. Raiciu and D. S. Rosenblum. A secure protocol for content-based publish/subscribe systems. http://www.cs.ucl.ac.uk/sta/C.Raiciu/les/securepubsub.pdf.]]Google Scholar
- R. Rivest. The MD5 message-digest algorithm. http://www.ietf.org/rfc/rfc1321.txt, 1992.]] Google ScholarDigital Library
- M. Srivatsa and L. Liu. Eventguard: Securing publish-subscribe networks. Technical report, Georgia Institute of Technology, 2005.]]Google Scholar
- M. Srivatsa, L. Xiong, and L. Liu. Trustguard: Countering vulnerabilities in reputation management for decentralized overlay networks. In Proceedings of the World Wide Web Conference (WWW), 2005.]] Google ScholarDigital Library
- C. Wang, A. Carzaniga, D. Evans, and A. L. Wolf. Security issues and requirements for internet-scale publish-subscribe systems. In Proceedings of the 35th Hawaii International Conference on System Sciences, 2002.]] Google ScholarDigital Library
- L. Xiong and L. Liu. Peertrust: Supporting reputation-based trust for peer-to-peer electronic communities. In Proceedings of IEEE TKDE, Vol. 16, No. 7, 2004.]] Google ScholarDigital Library
- E. W. Zegura, K. Calvert, and S. Bhattacharjee. How to model an internetwork. In Proceedings of IEEE Infocom, 1996.]]Google ScholarDigital Library
Index Terms
- Securing publish-subscribe overlay services with EventGuard
Recommendations
EventGuard: A System Architecture for Securing Publish-Subscribe Networks
Publish-subscribe (pub-sub) is an emerging paradigm for building a large number of distributed systems. A wide area pub-sub system is usually implemented on an overlay network infrastructure to enable information dissemination from publishers to ...
A hybrid publish subscribe protocol
Companion '08: Proceedings of the ACM/IFIP/USENIX Middleware '08 Conference CompanionContent-based publish/subscribe system performance depends upon the efficient subscription matching and event dissemination to interested subscribers. We propose a hybrid content-based publish/subscribe protocol for large size events wherein a ...
Efficient Publish/Subscribe Through a Self-Organizing Broker Overlay and its Application to SIENA
Recently many scalable and efficient solutions for event dissemination in publish/subscribe (pub/sub) systems have appeared in the literature. This dissemination is usually done over an overlay network of brokers and its cost can be measured as the ...
Comments