Abstract
Publish/subscribe (pub/sub) is an attractive communication paradigm for large-scale distributed applications running across multiple administrative domains. Pub/sub allows event-based information dissemination based on constraints on the nature of the data rather than on pre-established communication channels. It is a natural fit for deployment in untrusted environments such as public clouds linking applications across multiple sites. However, pub/sub in untrusted environments leads to major confidentiality concerns stemming from the content-centric nature of the communications. This survey classifies and analyzes different approaches to confidentiality preservation for pub/sub, from applications of trust and access control models to novel encryption techniques. It provides an overview of the current challenges posed by confidentiality concerns and points to future research directions in this promising field.
- Asaf Adi, David Botzer, Gil Nechushtai, and Guy Sharon. 2006. Complex event processing for financial services. In Proceedings of the IEEE Services Computing Workshops (SCW’06). DOI:http://dx.doi.org/10.1109/SCW.2006.7 Google ScholarDigital Library
- Mark Astley, Joshua Auerbach, Sumeer Bhola, Gerard Buttner, Marc Kaplan, Kevan Miller, Robert Saccone Jr., Robert Strom, Daniel C. Sturman, Michael J. Ward, and Yuanyuan Zhao. 2004. Achieving Scalability and Throughput in a Publish/Subscribe System. Research Report RC23103. IBM.Google Scholar
- Jean Bacon, David Eyers, Ken Moody, and Lauri I. W. Pesonen. 2005. Securing publish/subscribe for multi-domain systems. In Proceedings of the ACM/IFIP/USENIX International Middleware Conference. Google ScholarDigital Library
- Jean Bacon, David Eyers, Jatinder Singh, Brian Shand, Matteo Migliavacca, and Peter Pietzuch. 2010. Security in multi-domain event-based systems. IT 51, 5, 277--284.Google Scholar
- Jean Bacon, David M. Eyers, Jatinder Singh, and Peter R. Pietzuch. 2008. Access control in publish/subscribe systems. In Proceedings of the 2nd International Conference on Distributed Event-Based Systems (DEBS’08). DOI:http://dx.doi.org/10.1145/1385989.1385993 Google ScholarDigital Library
- Jean Bacon, Ken Moody, and Walt Yao. 2002. A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security 5, 4, 492--540. DOI:http://dx.doi.org/10.1145/581271.581276 Google ScholarDigital Library
- Roberto Baldoni, Leonardo Querzoni, Sasu Tarkoma, and Antonino Virgillito. 2009. Distributed event routing in publish/subscribe systems. In Middleware for Network Eccentric and Mobile Applications, B. Garbinato, H. Miranda, and L. Rodrigues (Eds.). Springer, Berlin, 219--244. DOI:http://dx.doi.org/10.1007/978-3-540-89707-1_10Google Scholar
- Raphaël Barazzutti, Pascal Felber, Hugues Mercier, Emanuel Onica, and Etienne Rivière. 2015. Efficient and confidentiality-preserving content-based publish/subscribe with prefiltering. IEEE Transactions on Dependable and Secure Computing PP, 99, 1.Google Scholar
- Raphaël Barazzutti, Thomas Heinze, André Martin, Emanuel Onica, Pascal Felber, Christof Fetzer, Zbigniew Jerzak, Marcelo Pasin, and Etienne Rivière. 2014. Elastic scaling of a high-throughput content-based publish/subscribe engine. In Proceedings of the 34th International Conference on Distributed Computing Systems (ICDCS’14). Google ScholarDigital Library
- Raphaël P. Barazzutti, Pascal Felber, Christof Fetzer, Emanuel Onica, Marcelo Pasin, Jean-François Pineau, Etienne Rivière, and Stefan Weigert. 2013. StreamHub: A massively parallel architecture for high-performance content-based publish/subscribe. In Proceedings of the 7th ACM International Conference on Distributed Event-Based Systems (DEBS’13). Google ScholarDigital Library
- Raphaël P. Barazzutti, Pascal Felber, Hugues Mercier, Emanuel Onica, and Etienne Rivière. 2012. Thrifty privacy: Efficient support for privacy-preserving publish/subscribe. In Proceedings of the 6th ACM International Conference on Distributed Event-Based Systems (DEBS’12). Google ScholarDigital Library
- D. A. Barrington. 1986. Bounded-width polynomial-size branching programs recognize exactly those languages in NC1. In Proceedings of the 18th Annual ACM Symposium on Theory of Computing (STOC’86). ACM, New York, NY, 1--5. Google ScholarDigital Library
- Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. 2012. Foundations of garbled circuits. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS’12). ACM, New York, NY, 784--796. Google ScholarDigital Library
- M. Bellare, P. Rogaway, and D. Wagner. 2003. EAX: A Conventional Authenticated-Encryption Mode. Cryptology ePrint Archive, Report 2003/069. http://eprint.iacr.org/.Google Scholar
- András Belokosztolszki, David M. Eyers, Peter R. Pietzuch, Jean Bacon, and Ken Moody. 2003. Role-based access control for publish/subscribe middleware architectures. In Proceedings of the 2nd International Workshop on Distributed Event-Based Systems (DEBS’03). DOI:http://dx.doi.org/10.1145/966618.966622 Google ScholarDigital Library
- Elisa Bertino and Elena Ferrari. 2002. Secure and selective dissemination of XML documents. ACM Transactions on Information and System Security 5, 3, 290--331. DOI:http://dx.doi.org/10.1145/545186.545190 Google ScholarDigital Library
- John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). http://dx.doi.org/10.1109/SP.2007.11 Google ScholarDigital Library
- Silvia Bianchi, Pascal Felber, and Maria Gradinariu. 2007. Content-based publish/subscribe using distributed R-trees. In Proceedings of the International Conference on Parallel and Distributed Computing (Euro-Par’07). Google ScholarDigital Library
- Matthew A. Bishop. 2002. The Art and Science of Computer Security. Addison Wesley Longman. Google ScholarDigital Library
- Dan Boneh, Amit Sahai, and Brent Waters. 2011. Functional encryption: Definitions and challenges. In Theory of Cryptography. Lecture Notes in Computer Science, Vol. 6597. Springer, 253--273. Google ScholarDigital Library
- Dan Boneh and Brent Waters. 2007. Conjunctive, subset, and range queries on encrypted data. In Proceedings of the 4th Conference on Theory of Cryptography (TCC’07). Google ScholarDigital Library
- Andrei Broder, Michael Mitzenmacher, and Andrei Broder. 2002. Network applications of Bloom filters: A survey. Internet Mathematics 1, 4, 636--646.Google Scholar
- Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf. 2001. Design and evaluation of a wide-area event notification service. ACM Transactions on Computer Systems 19, 3, 332--383. Google ScholarDigital Library
- Miguel Castro, Peter Druschel, Anne-Marie Kermarrec, and Antony Rowstron. 2002. Scribe: A large-scale and decentralized application-level multicast infrastructure. IEEE Journal on Selected Areas in Communication 20, 8, 1489--1499. Google ScholarDigital Library
- Raphaël Chand and Pascal Felber. 2004. XNet: A reliable content based publish subscribe system. In Proceedings of the 23rd Symposium on Reliable Distributed Systems (SRDS’04). Google ScholarDigital Library
- Tiancheng Chang, Sisi Duan, Hein Meling, Sean Peisert, and Haibin Zhang. 2014. P2S: A fault-tolerant publish/subscribe infrastructure. In Proceedings of the 8th ACM International Conference on Distributed Event-Based Systems (DEBS’14). ACM, New York, NY, 189--197. DOI:http://dx.doi.org/10.1145/2611286.2611305 Google ScholarDigital Library
- Tiancheng Chang and Hein Meling. 2012. Byzantine fault-tolerant publish/subscribe: A cloud computing infrastructure. In Proceedings of the 31st IEEE Symposium on Reliable Distributed Systems (SRDS’12). 454--456. DOI:http://dx.doi.org/10.1109/SRDS.2012.14 Google ScholarDigital Library
- Sunoh Choi, Gabriel Ghinita, and Elisa Bertino. 2010. A privacy-enhancing content-based publish/subscribe system using scalar product preserving transformations. In Database and Expert Systems Applications. Lecture Notes in Computer Science, Vol. 6261. Springer, 368--384. Google ScholarDigital Library
- Yongjin Choi, Keuntae Park, and Daeyeon Park. 2004. HOMED: A peer-to-peer overlay architecture for large-scale content-based publish/subscribe system. In Proceedings of the 3rd International Workshop on Distributed Event-Based Systems (DEBS’04).Google ScholarCross Ref
- Paolo Costa, Matteo Migliavacca, Gian Pietro Picco, and Gianpaolo Cugola. 2003. Introducing reliability in content-based publish-subscribe through epidemic algorithms. In Proceedings of the 2nd International Workshop on Distributed Event-Based Systems (DEBS’03). ACM, New York, NY, 1--8. DOI:http://dx.doi.org/10.1145/966618.966629 Google ScholarDigital Library
- Giovanni Crescenzo, Jim Burns, Brian Coan, John Schultz, Jonathan Stanton, Simon Tsang, and Rebecca N. Wright. 2013. Efficient and private three-party publish/subscribe. In Proceedings of the 7th International Conference on Network and System Security (NSS’13). 278--292.Google Scholar
- Gianpaolo Cugola, Elisabetta Di Nitto, and Alfonso Fuggetta. 2001. The JEDI event-based infrastructure and its application to the development of the OPSS WFMS. IEEE Transactions on Software Engineering 27, 9, 827--850. DOI:http://dx.doi.org/10.1109/32.950318 Google ScholarDigital Library
- Joan Daemen and Vincent Rijmen. 2002. The Design of Rijndael: AES—The Advanced Encryption Standard. Springer Verlag. Google ScholarDigital Library
- Changyu Dong, Giovanni Russello, and Naranker Dulay. 2008. Shared and searchable encrypted data for untrusted servers. In Data and Applications Security XXII. Lecture Notes in Computer Science, Vol. 5094. Springer, 127--143. http://dx.doi.org/10.1007/978-3-540-70567-3_10 Google ScholarDigital Library
- Taher El Gamal. 1985. A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in Cryptology. Lecture Notes in Computer Science, Vol. 196. Springer, 10--18. http://dl.acm.org/citation.cfm?id=19478.19480 Google ScholarDigital Library
- Patrick Th. Eugster, Pascal Felber, Rachid Guerraoui, and Anne-Marie Kermarrec. 2003. The many faces of publish/subscribe. ACM Computing Surveys 35, 2, 114--131. DOI:http://dx.doi.org/10.1145/857076.857078 Google ScholarDigital Library
- Benjamin Eze, Craig Kuziemsky, Liam Peyton, Grant Middleton, and Alain Mouttham. 2010. Policy-based data integration for e-health monitoring processes in a B2B environment: Experiences from Canada. Journal of Theoretical and Applied Electronic Commerce Research 5, 1, 56--70. http://dl.acm.org/citation.cfm?id=1807514.1807520 Google ScholarDigital Library
- S. Farrell and R. Housley. 2002. An Internet Attribute Certificate Profile for Authorization. Standard RFC 5755. Retrieved May 30, 2016, from https://tools.ietf.org/html/rfc5755.Google Scholar
- Uri Feige, Joe Killian, and Moni Naor. 1994. A minimal model for secure computation (extended abstract). In Proceedings of the 26th Annual ACM Symposium on Theory of Computing (STOC’94). ACM, New York, NY, 554--563. Google ScholarDigital Library
- L. Fiege, A. Zeidler, A. Buchmann, R. Kilian-Kehr, G. Mühl, and T. Darmstadt. 2004. Security aspects in publish/subscribe systems. In Proceedings of the 3rd International Workshop on Distributed Event-Based Systems (DEBS’04).Google Scholar
- Roberto S. Silva Filho and David F. Redmiles. 2005. A Survey on Versatility for Publish/Subscribe Infrastructures. Technical Report UCI-ISR-05-8. Institute for Software Research, University of California, Irvine. DOI:http://dx.doi.org/10.1.1.130.8031Google Scholar
- Haoyan Geng and Robert van Renesse. 2013. Sprinkler—reliable broadcast for geographically dispersed datacenters. In Proceedings of the 14th ACM/IFIP/USENIX International Middleware Conference.Google ScholarCross Ref
- Craig Gentry. 2010. Computing arbitrary functions of encrypted data. Communications of the ACM 53, 3, 97--105. DOI:http://dx.doi.org/10.1145/1666420.1666444 Google ScholarDigital Library
- Abhishek Gupta, Ozgur D. Sahin, Divyakant Agrawal, and Amr El Abbadi. 2004. Meghdoot: Content-based publish/subscribe over P2P networks. In Proceedings of the 5th ACM/IFIP/USENIX International. Middleware Conference. Google ScholarDigital Library
- Hedwig. 2012. Apache Hedwig. Retrieved May 30, 2016, from https://cwiki.apache.org/confluence/display/BOOKKEEPER/HedWig.Google Scholar
- Mihaela Ion, Giovanni Russello, and Bruno Crispo. 2010a. An implementation of event and filter confidentiality in pub/sub systems and its application to e-health. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS’10). Google ScholarDigital Library
- Mihaela Ion, Giovanni Russello, and Bruno Crispo. 2010b. Supporting publication and subscription confidentiality in pub/sub networks. In Security and Privacy in Communication Networks. Lecture Notes in Computer Science, Vol. 50. Springer, 272--289.Google Scholar
- Mihaela Ion, Giovanni Russello, and Bruno Crispo. 2012. Design and implementation of a confidentiality and access control solution for publish/subscribe systems. Computer Networks 56, 7, 2014--2037. Google ScholarDigital Library
- Hans-Arno Jacobsen, Alex Cheung, Guoli Lia, Balasubramaneyam Maniymaran, Vinod Muthusamy, and Reza Sherafat Kazemzadeh. 2010. The PADRES publish/subscribe system. In Principles and Applications of Distributed Event-Based Systems. IGI Global, Hershey, PA, 164--205.Google Scholar
- Markus Jakobsson. 1999. On quorum controlled asymmetric proxy re-encryption. In Public Key Cryptography. Lecture Notes in Computer Science, Vol. 1560. Springer, 112--121. http://dl.acm.org/citation.cfm?id=648116.746589 Google ScholarDigital Library
- Himanshu Khurana. 2005. Scalable security and accounting services for content-based publish/subscribe systems. In Proceedings of the ACM Symposium on Applied Computing (SAC’05). DOI:http://dx.doi.org/10.1145/1066677.1066862 Google ScholarDigital Library
- Rajesh Krishnan and Ravi Sundaram. 2013. Evaluating encrypted Boolean functions on encrypted bits: Secure decision-making on the black side. In Proceedings of SPIE 8754: Open Architecture/Open Business Model Net-Centric Systems and Defense Transformation 2013. 1--10.Google ScholarCross Ref
- Allison Lewko and Brent Waters. 2011. Decentralizing attribute-based encryption. In Advances in Cryptology—EUROCRYPT 2011. Lecture Notes in Computer Science, Vol. 6632. Springer, 568--588. http://dl.acm.org/citation.cfm?id=2008684.2008727 Google ScholarDigital Library
- Guoli Li, Shuang Hou, and Hans-Arno Jacobsen. 2005. A unified approach to routing, covering and merging in publish/subscribe systems based on modified binary decision diagrams. In Proceedings of the 25th IEEE International Conference on Distributed Computing Systems (ICDCS’05). DOI:http://dx.doi.org/10.1109/ICDCS.2005.8 Google ScholarDigital Library
- Jun Li, Chengluai Lu, and Weidong Shi. 2004. An Efficient Scheme for Preserving Confidentiality in Content-Based Publish/Subscribe Systems. Technical Report GIT-CC-04-01. Georgia Institute of Technology.Google Scholar
- Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Ying Liu and Beth Plale. 2003. Survey of Publish Subscribe Event Systems. Technical Report TR574. Indiana University.Google Scholar
- Ashwin Machanavajjhala, Erik Vee, Minos Garofalakis, and Jayavel Shanmugasundaram. 2008. Scalable ranked publish/subscribe. In Proceedings of the VLDB Endowment 1, 1, 451--462. DOI:http://dx.doi.org/10.1145/1453856.1453906 Google ScholarDigital Library
- Jean-Philippe Martin-Flatin, Simon Znaty, and Jean-Pierre Hubaux. 1999. A survey of distributed enterprise network and systems management paradigms. Journal of Network and Systems Management 7, 1, 9--26. Google ScholarDigital Library
- J. Legatheaux Martins and S. Duarte. 2010. Routing algorithms for content-based publish/subscribe systems. IEEE Communications Surveys and Tutorials 12, 1, 39--58. Google ScholarDigital Library
- Hugues Mercier, Emanuel Onica, Etienne Rivière, and Pascal Felber. 2013. Performance/security tradeoffs for content-based routing supported by Bloom filters. In Structural Information and Communication Complexity. Lecture Notes in Computer Science, Vol. 8179. Springer, 129--140.Google Scholar
- MQTT. 2014. MQ Telemetry Transport. Available at http://mqtt.org.Google Scholar
- Gero Mühl. 2001. Generic constraints for content-based publish/subscribe. In Cooperative Information Systems. Lecture Notes in Computer Science, Vol. 2172. Springer, 211--225. Google ScholarDigital Library
- Gero Mühl. 2002. Large-Scale Content-Based Publish-Subscribe Systems. Ph.D. Dissertation. TU Darmstadt. http://tubiblio.ulb.tu-darmstadt.de/37073/.Google Scholar
- Mohamed Nabeel, Stefan Appel, Elisa Bertino, and Alejandro Buchmann. 2013. Privacy preserving context aware publish subscribe systems. In Network and System Security. Lecture Notes in Computer Science, Vol. 7873. Springer, 465--478. DOI:http://dx.doi.org/10.1007/978-3-642-38631-2_34Google Scholar
- M. Nabeel and E. Bertino. 2011. Poster: Towards attribute based group key management. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 821--824. Google ScholarDigital Library
- Mohamed Nabeel, Ning Shang, and Elisa Bertino. 2009. Privacy-Preserving Filtering and Covering in Content-Based Publish Subscribe Systems. CERIAS Technical Report 15. Purdue University, West Lafayette, IN. DOI:http://dx.doi.org/10.1.1.158.8372Google Scholar
- Mohamed Nabeel, Ning Shang, and Elisa Bertino. 2012. Efficient privacy preserving content based publish subscribe systems. In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (SACMAT’12). Google ScholarDigital Library
- Brian Oki, Manfred Pfluegl, Alex Siegel, and Dale Skeen. 1993. The information bus: An architecture for extensible distributed systems. In Proceedings of the 14th ACM Symposium on Operating Systems Principles (SOSP’93). http://doi.acm.org/10.1145/168619.168624 Google ScholarDigital Library
- Lukasz Opyrchal, Atul Prakash, and Amit Agrawal. 2006. Designing a publish-subscribe substrate for privacy/security in pervasive environments. In Proceedings of the 2006 ACS/IEEE International Conference on Pervasive Services. 313--316. Google ScholarDigital Library
- Pascal Paillier. 1999. Public-key cryptosystems based on composite degree residuosity classes. In Advances in Cryptology—EUROCRYPT’99. Lecture Notes in Computer Science, Vol. 1592. Springer, 223--238. http://dl.acm.org/citation.cfm?id=1756123.1756146 Google ScholarDigital Library
- Partha Pal, Greg Lauer, Joud Khoury, Nick Hoff, and Joe Loyall. 2012. P3S: A privacy preserving publish-subscribe middleware. In Proceedings of the 13th ACM/IFIP/USENIX International Middleware Conference. Google ScholarDigital Library
- Helge Parzyjegla, Daniel Graff, Arnd Schröter, Jan Richling, and Gero Mühl. 2010. Design and implementation of the Rebeca publish/subscribe middleware. In From Active Data Management to Event-Based Systems and More. Springer-Verlag, Berlin, Germany, 124--140. http://dl.acm.org/citation.cfm?id=1985625.1985635 Google ScholarDigital Library
- Jay A. Patel, Etienne Rivière, Indranil Gupta, and Anne-Marie Kermarrec. 2009. Rappel: Exploiting interest and network locality to improve fairness in publish-subscribe systems. Computer Networks 53, 13, 2304--2320. http://dx.doi.org/10.1016/j.comnet.2009.03.018 Google ScholarDigital Library
- Srinath Perera and Dennis Gannon. 2009. A Scalable and Robust Coordination Architecture for Distributed Management. Technical Report TR659. Indiana University, Bloomington, IN. DOI:http://dx.doi.org/10.1.1.142.4907Google Scholar
- Lauri I. W. Pesonen and Jean Bacon. 2005. Secure event types in content-based, multi-domain publish/subscribe systems. In Proceedings of the 5th International Workshop on Software Engineering and Middleware (SEM’05). Google ScholarDigital Library
- Lauri I. W. Pesonen, David M. Eyers, and Jean Bacon. 2007a. Access control in decentralised publish/subscribe systems. Journal of Networks 2, 2, 57--67.Google ScholarCross Ref
- Lauri I. W. Pesonen, David M. Eyers, and Jean Bacon. 2007b. Encryption-enforced access control in dynamic multi-domain publish/subscribe networks. In Proceedings of the Inaugural International Conference on Distributed Event-Based Systems (DEBS’07). Google ScholarDigital Library
- Peter R. Pietzuch and Jean Bacon. 2002. Hermes: A distributed event-based middleware architecture. In Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS’02). Google ScholarDigital Library
- Peter R. Pietzuch, Brian Shand, and Jean Bacon. 2004. Composite event detection as a generic middleware extension. IEEE Network 18, 1, 44--55. Google ScholarDigital Library
- S. Pohlig and M. Hellman. 1978. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Transactions on Information Theory 24, 1, 106--110. DOI:http://dx.doi.org/10.1109/TIT.1978.1055817 Google ScholarDigital Library
- Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan. 2012. CryptDB: Processing queries on an encrypted database. Communications of the ACM 55, 9, 103--111. DOI:http://dx.doi.org/10.1145/2330667.2330691 Google ScholarDigital Library
- Sandro Rafaeli and David Hutchison. 2003. A survey of key management for secure group communication. ACM Computing Surveys 35, 3, 309--329. DOI:http://dx.doi.org/10.1145/937503.937506 Google ScholarDigital Library
- C. Raiciu and D. S. Rosenblum. 2006. Enabling confidentiality in content-based publish/subscribe infrastructures. In Proceedings of the 2nd IEEE/CreatNet International Conference on Security and Privacy in Communication Networks (SecureComm’06).Google Scholar
- Weixiong Rao, Lei Chen, and Sasu Tarkoma. 2013. Toward efficient filter privacy-aware content-based pub/sub systems. IEEE Transactions on Knowledge and Data Engineering 25, 11, 2644--2657. DOI:http://dx.doi.org/10.1109/TKDE.2012.177 Google ScholarDigital Library
- Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). Google ScholarDigital Library
- Ian Rose, Rohan Murty, Peter Pietzuch, Jonathan Ledlie, Mema Roussopoulos, and Matt Welsh. 2007. Cobra: Content-based filtering and aggregation of blogs and RSS feeds. In Proceedings of the 4th USENIX Symposium on Networked Systems Design and Implementation (NSDI’07). Google ScholarDigital Library
- B. Segall, D. Arnold, J. Boot, M. Henderson, and T. Phelps. 2000. Content based routing with Elvin4. In Proceedings of the Australian UNIX Users Group (AUUG’00). http://citeseer.ist.psu.edu/319984.html.Google Scholar
- SGX. 2016. Intel Software Guard Extensions. Retrieved May 30, 2016, from https://software.intel.com/en-us/isa-extensions/intel-sgx.Google Scholar
- Alan T. Sherman and David A. McGrew. 2003. Key establishment in large dynamic groups using one-way function trees. IEEE Transactions on Software Engineering 29, 5, 444--458. DOI:http://dx.doi.org/10.1109/TSE.2003.1199073 Google ScholarDigital Library
- Elaine Shi, John Bethencourt, T.-H. Hubert Chan, Dawn Song, and Adrian Perrig. 2007. Multi-dimensional range query over encrypted data. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). http://dx.doi.org/10.1109/SP.2007.29 Google ScholarDigital Library
- Abdullatif Shikfa, Melek Nen, and Refik Molva. 2009. Privacy-preserving content-based publish/subscribe networks. In Emerging Challenges for Security, Privacy and Trust. IFIP Advances in Information and Communication Technology, Vol. 297. Springer, 270--282. DOI:http://dx.doi.org/10.1007/978-3-642-01244-0_24Google Scholar
- Jatinder Singh, David M. Eyers, and Jean Bacon. 2011. Disclosure control in multi-domain publish/subscribe systems. In Proceedings of the 5th ACM International Conference on Distributed Event-Based System (DEBS’11). Google ScholarDigital Library
- Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, and Luigi Lo Iacono. 2011. All your clouds are belong to us: Security analysis of cloud management interfaces. In Proceedings of the 3rd ACM Workshop on Cloud Computing Security (CCSW’11). DOI:http://dx.doi.org/10.1145/2046660.2046664 Google ScholarDigital Library
- Dawn Xiaodong Song, David Wagner, and Adrian Perrig. 2000. Practical techniques for searches on encrypted data. In Proceedings of the IEEE Symposium on Security and Privacy (SP’00). http://dl.acm.org/citation.cfm?id=882494.884426 Google ScholarDigital Library
- Mudhakar Srivatsa and Ling Liu. 2005. Securing publish-subscribe overlay services with EventGuard. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS’05). ACM, New York, NY, 289--298. DOI:http://dx.doi.org/10.1145/1102120.1102158 Google ScholarDigital Library
- Mudhakar Srivatsa and Ling Liu. 2007. Secure event dissemination in publish-subscribe networks. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS’07). Google ScholarDigital Library
- Mudhakar Srivatsa, Ling Liu, and Arun Iyengar. 2011. EventGuard: A system architecture for securing publish-subscribe networks. ACM Transactions on Computer Systems 29, 4, Article No. 10. DOI:http://dx.doi.org/10.1145/2063509.2063510 Google ScholarDigital Library
- R. Strom, G. Banavar, T. Chandra, M. Kaplan, K. Miller, B. Mukherjee, D. Sturman, and M. Ward. 1998. Gryphon: An information flow based approach to message brokering. arXiv:cs/9810019 {cs.DC}.Google Scholar
- M. A. Tariq, B. Koldehofe, and K. Rothermel. 2014. Securing broker-less publish/subscribe systems using identity-based encryption. IEEE Transactions on Parallel and Distributed Systems 25, 2, 518--528. Google ScholarDigital Library
- Muhammad Adnan Tariq, Boris Koldehofe, Ala’ Altaweel, and Kurt Rothermel. 2010. Providing basic security mechanisms in broker-less publish/subscribe systems. In Proceedings of the 4th ACM International Conference on Distributed Event-Based Systems (DEBS’10). http://doi.acm.org/10.1145/1827418.1827425 Google ScholarDigital Library
- Yuan Tian, Biao Song, Mohammad Mehedi Hassan, and Eui-Nam Huh. 2013. An efficient privacy preserving pub-sub system for ubiquitous computing. International Journal on Ad Hoc and Ubiquitous Computing 12, 1, 23--33. Google ScholarDigital Library
- Spyros Voulgaris, Etienne Rivière, Anne-Marie Kermarrec, and Maarten van Steen. 2006. Sub-2-sub: Self-organizing content-based publish subscribe for dynamic large scale collaborative networks. In Proceedings of the 5th International Workshop on Peer-to-Peer Systems (IPTPS’06).Google Scholar
- C. Wang, A. Carzaniga, D. Evans, and A. Wolf. 2002. Security issues and requirements for Internet-scale publish-subscribe systems. In Proceedings of the 35th IEEE Annual Hawaii International Conference on System Sciences (HICSS’02). Google ScholarDigital Library
- Wai Kit Wong, David Wai-Lok Cheung, Ben Kao, and Nikos Mamoulis. 2009. Secure kNN computation on encrypted databases. In Proceedings of the 35th ACM SIGMOD International Conference on Management of Data (SIGMOD’09). http://doi.acm.org/10.1145/1559845.1559862 Google ScholarDigital Library
- Alex Wun, Alex Cheung, and Hans-Arno Jacobsen. 2007. A taxonomy for denial of service attacks in content-based publish/subscribe systems. In Proceedings of the Inaugural International Conference on Distributed Event-Based Systems (DEBS’07). ACM, New York, NY, 116--127. DOI:http://dx.doi.org/10.1145/1266894.1266917 Google ScholarDigital Library
- Alex Wun and Hans-Arno Jacobsen. 2007. A policy management framework for content-based publish/subscribe middleware. In Middleware 2007. Lecture Notes in Computer Science, Vol. 4834. Springer, 368--388. Google ScholarDigital Library
- Andrew Chi-Chih Yao. 1986. How to generate and exchange secrets (extended abstract). In Proceedings of the 27th Annual Symposium on Foundations of Computer Science. 162--167. DOI:http://dx.doi.org/10.1109/SFCS.1986.25 Google ScholarDigital Library
- Samee Zahur, Mike Rosulek, and David Evans. 2015. Two halves make a whole—reducing data transfer in garbled circuits using half gates. In Proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’15). 220--250. DOI:http://dx.doi.org/10.1007/978-3-662-46803-6_8Google Scholar
- Y. Zhao and D. C. Sturman. 2006. Dynamic access control in a content-based publish/subscribe system with delivery guarantees. In Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (ICDCS’06). Google ScholarDigital Library
- Yingwu Zhu and Yiming Hu. 2007. Ferry: A P2P-based architecture for content-based publish/subscribe services. IEEE Transactions on Parallel and Distributed Systems 18, 5, 672--685. DOI:http://dx.doi.org/10.1109/TPDS.2007.1012 Google ScholarDigital Library
- Shelley Q. Zhuang, Ben Y. Zhao, Anthony D. Joseph, Randy H. Katz, and John D. Kubiatowicz. 2001. Bayeux: An architecture for scalable and fault-tolerant wide-area data dissemination. In Proceedings of the 11th International Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV’01). Google ScholarDigital Library
- ZMQ. 2015. ZeroMQ Distributed Messaging. Retrieved May 30, 2016, from http://zeromq.org.Google Scholar
- Xukai Zou, Byrav Ramamurthy, and Spyros S. Magliveras. 2005. Secure Group Communications over Data Networks. Springer-Verlag, New York, NY. Google ScholarDigital Library
Index Terms
- Confidentiality-Preserving Publish/Subscribe: A Survey
Recommendations
Efficient Key Updates through Subscription Re-encryption for Privacy-Preserving Publish/Subscribe
Middleware '15: Proceedings of the 16th Annual Middleware ConferenceContent-based publish/subscribe (pub/sub) is an appealing information dissemination paradigm for distributed systems. Consumers of data subscribe to a pub/sub service, typically offered through a distributed broker overlay, and indicate their interests ...
Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption
The provisioning of basic security mechanisms such as authentication and confidentiality is highly challenging in a content-based publish/subscribe system. Authentication of publishers and subscribers is difficult to achieve due to the loose coupling of ...
Design and implementation of a confidentiality and access control solution for publish/subscribe systems
The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publishers generate events that are sent to interested applications through a network of brokers. Subscribers express ...
Comments