Roles and security in a publish/subscribe network architecture

Lagutin, Dmitrij; Visala, Kari; Zahemszky, Andras; Burbridge, Trevor; Marias, Giannis F.

doi:10.1109/iscc.2010.5546746

Cited by 20 publications

(14 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This broker does not address any security issues, claiming that possibles solutions could include: plain authentication; Virtual Private Networks (VPNs); Access Control Lists (ACLs); as well as OAuth, a new type of authorization which is used to grant access to personal data by third-party applications (Hardt, 2012). In (Lagutin, Visala, Zahemszky, Burbridge, & Marias, 2010), the authors examine roles of different actors comprising an inter-domain publish/subscribe network, along with security requirements and minimal required trust associations between entities, introducing and analyzing an architecture that secures both data and control planes. The main security goals for a publish/subscribe architecture are: (i) integrity; (ii) scalability; (iii) availability, and iv) prevention of underived traffic.…”

Section: Security Issues In Cloud and Iot Publish/subscribe Scenariosmentioning

confidence: 99%

Applying Security to a Big Stream Cloud Architecture for the Internet of Things

Belli

Cirani

Davoli

et al. 2016

International Journal of Distributed Systems and Technologies

View full text Add to dashboard Cite

The Internet of Things (IoT) is expected to interconnect billions (around 50 by 2020) of heterogeneous sensor/actuator-equipped devices denoted as "Smart Objects" (SOs), characterized by constrained resources in terms of memory, processing, and communication reliability. Several IoT applications have real-time and low-latency requirements and must rely on architectures specifically designed to manage gigantic streams of information (in terms of number of data sources and transmission data rate). We refer to "Big Stream" as the paradigm which best fits the selected IoT scenario, in contrast to the traditional "Big Data" concept, which does not consider real-time constraints. Moreover, there are many security concerns related to IoT devices and to the Cloud. In this paper, we analyze security aspects in a novel Cloud architecture for Big Stream applications, which efficiently handles Big Stream data through a Graph-based platform and delivers processed data to consumers, with low latency. We detail each module defined in the system architecture, describing all refinements required to make the platform able to secure large data streams. An experimentation is also conducted in order to evaluate the performance of the proposed architecture when integrating security mechanisms.

show abstract

Section: Security Issues In Cloud and Iot Publish/subscribe Scenariosmentioning

confidence: 99%

Applying Security to a Big Stream Cloud Architecture for the Internet of Things

Belli

Cirani

Davoli

et al. 2016

International Journal of Distributed Systems and Technologies

View full text Add to dashboard Cite

show abstract

“…PSIRP has also studied the security requirements for a publish-subscribe based Internet architecture [21], as well as the possibilities for applying existing work on cryptographic protocol analysis in a pure publish-subscribe architecture [23]. Moreover, new security mechanisms have been developed.…”

Section: Key Outcomesmentioning

confidence: 99%

Developing Information Networking Further: From PSIRP to PURSUIT

Fotiou

Nikander

Trossen

et al. 2012

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

164

115

View full text Add to dashboard Cite

Abstract. PSIRP (Publish-Subscribe Internet Routing Paradigm) is an EU FP7 funded project that has developed a clean-slate architecture for the future Internet, based on the publish-subscribe primitives (rather than the send-receive ones), all the way down to the core networking functions. The PSIRP vision is a pure information-centric Internet architecture, possibly providing remedies to many of the current Internet problems. In PSIRP, all is information and everything is about information. Content-based identities, recursive application of ideas, cryptographic techniques, and the Trust-to-Trust principle are all extensively used to achieve the design goals. Furthermore, incentive compatibility and socio-economic considerations are guiding the design from the outset, to ground the project in reality and to provide credible and viable potential deployment paths. The project has developed, implemented, and preliminarily evaluated solutions for rendezvous, topology formation and routing, and information forwarding, with ongoing work currently focusing in experimenting. A new (also EU FP7 funded) follow-on project, PURSUIT (PublishSubscribe Internet Technologies), will refine and further explore and expand PSIRP's vision. We believe that this will eventually lead to a more complete architecture and protocol suite, thereby providing for more extensive performance evaluation and investigations on scalability. This paper provides an overview of the PSIRP concepts and the developed architecture, along with some key results, and outlines the research directions of the PURSUIT project, focusing on the project goals and its expected outcomes.

show abstract

“…Since the preliminary version of our work was published in [30], there have been a few related works. Some security designs for pub/sub network architecture was proposed in [12,26], but they did not have formal security proofs.…”

Section: New Improvements and Comparison To Our Previous Workmentioning

confidence: 99%

Towards a cryptographic treatment of publish/subscribe systems1

Yuen

Susilo

2014

JCS

View full text Add to dashboard Cite

Publish/subscribe mechanism is a typical many-to-many messaging paradigm when multiple applications want to receive the same message or when a group of applications would like to notify each other. Nonetheless, there exist only a few works that address the security issues for content-based publish/subscribe systems formally. Although the security requirements have been partially addressed by Wang et al., there is no formal definition for all of these security requirements in the literature. As a result, most of the existing schemes do not have any security proof and it is difficult to justify whether those schemes are really secure in practice. Furthermore, there is no comprehensive scheme that satisfies the most essential security requirements at the same time. In this paper, we introduce the first security model for important security requirements of content-based publish/subscribe systems. We also give a new security requirement for publisher authenticity, which means that the publisher is authenticated to publish certain types of notification only, and cannot publish other types of notification. We then exhibit a new scheme which fulfills most of the security requirements. Furthermore, we also provide a comprehensive proof for our concrete construction according to the new model.

show abstract

Roles and security in a publish/subscribe network architecture

Cited by 20 publications

References 15 publications

Applying Security to a Big Stream Cloud Architecture for the Internet of Things

Applying Security to a Big Stream Cloud Architecture for the Internet of Things

Developing Information Networking Further: From PSIRP to PURSUIT

Towards a cryptographic treatment of publish/subscribe systems1

Contact Info

Product

Resources

About