Towards an access control mechanism for wide-area publish/subscribe systems
Proceedings 22nd International Conference on Distributed Computing Systems Workshops - Trang 516-521
Tóm tắt
The publish/subscribe communication model is increasingly considered for implementing middleware infrastructures for widely distributed applications. Scalability issues and routing algorithms of such systems have recently been the focus of intensive research. So far little attention has been given to the security and management issues. In current publish/subscribe systems, malicious publishers can very easily insert bogus notifications which may propagated to a large number of subscribers. Moreover, there is no method to control what notifications the subscribers are authorized to receive. We describe a method to specify access control policy rules using expressions similar to subscription expressions. These policies define access rules for publish and subscribe functions and screening rules for notifications.
Từ khóa
#Access control #Subscriptions #Routing #Internet #Permission #Middleware #Scalability #Communication system security #Joining processes #Large-scale systemsTài liệu tham khảo
opyrchal, 2000, Exploiting IP multicast in content-based publish-subscribe systems, Middleware, 185
opyrchal, 2001, Secure distribution of events in content-based publish subscribe systems, Proceedings of the Tenth USENIX Security Symposium
rowstron, 2001, SCRIBE: The design of a large-scale event notification infrastructure, Third International Workshop on Networked Group Communication UCL, 30, 10.1007/3-540-45546-9_3
wang, 2002, Security issues and requirements for Internet-scale publish-subscribe systems, Proceedings of the Thirtyfifth Hawaii International Conference on System Sciences (HICSS-35), 10.1109/HICSS.2002.994531
wolf, 1994, Remote authentication without prior shared knowledge, Proceedings of the Internet Society Symposium on Network and Distributed System Security, 159
10.1109/SECPRI.1996.502679
blaze, 1999, The role of trust management in distributed systems security, Secure internet Programming, 185, 10.1007/3-540-48749-2_8
carzaniga, 1998, Architectures for an Event Notification Service Scalable to Wide-Area Networks
10.1109/ICSE.2001.919117
carzaniga, 2001, Content-based networking: A new communication infrastructure, NSF Workshop on an Infrastructure for Mobile and Wireless Systems
10.1145/380749.380767
bacon, 2001, Access control and trust in the use of widely distributed services, Proceedings of Middleware 2001, 300
10.1109/2.825698
fabret, 2000, Efficient matching for content-based publish/subscribe systems Technical report INRIA