Onica, Emanuel
[Alexandru Ioan Cuza University of Iaşi, Romania]
Felber, Pascal
[Université de Neuchâtel, Switzerland]
Mercier, Hugues
[Université de Neuchâtel, Switzerland]
Riviere, Etienne
[UCL]
Publish/subscribe (pub/sub) is an attractive communication paradigm for large-scale distributed applications running across multiple administrative domains. Pub/sub allows event-based information dissemination based on constraints on the nature of the data rather than on pre-established communication channels. It is a natural fit for deployment in untrusted environments such as public clouds linking applications across multiple sites. However, pub/sub in untrusted environments leads to major confidentiality concerns stemming from the content-centric nature of the communications. This survey classifies and analyzes different approaches to confidentiality preservation for pub/sub, from applications of trust and access control models to novel encryption techniques. It provides an overview of the current challenges posed by confidentiality concerns and points to future research directions in this promising field.
- Xukai Zou, Byrav Ramamurthy, and Spyros S. Magliveras. 2005. Secure Group Communications over Data Networks. Springer-Verlag, New York, NY.
- ZMQ. 2015. ZeroMQ Distributed Messaging. Retrieved May 30, 2016, from http://zeromq.org.
- Zhuang Shelley Q., Zhao Ben Y., Joseph Anthony D., Katz Randy H., Kubiatowicz John D., Bayeux : an architecture for scalable and fault-tolerant wide-area data dissemination, 10.1145/378344.378347
- Zhu Yingwu, Hu Yiming, Ferry: A P2P-Based Architecture for Content-Based Publish/Subscribe Services, 10.1109/tpds.2007.1012
- Yuanyuan Zhao, Sturman D.C., Dynamic Access Control in a Content-based Publish/Subscribe System with Delivery Guarantees, 10.1109/icdcs.2006.32
- Zahur Samee, Rosulek Mike, Evans David, Two Halves Make a Whole, Advances in Cryptology - EUROCRYPT 2015 (2015) ISBN:9783662468029 p.220-250, 10.1007/978-3-662-46803-6_8
- Yao Andrew Chi-Chih, How to generate and exchange secrets, 10.1109/sfcs.1986.25
- Wun Alex, Jacobsen Hans-Arno, A Policy Management Framework for Content-Based Publish/Subscribe Middleware, Lecture Notes in Computer Science (2007) ISBN:9783540767770 p.368-388, 10.1007/978-3-540-76778-7_19
- Wun Alex, Cheung Alex, Jacobsen Hans-Arno, A taxonomy for denial of service attacks in content-based publish/subscribe systems, 10.1145/1266894.1266917
- Wai Kit Wong, David Wai-Lok Cheung, Ben Kao, and Nikos Mamoulis. 2009. Secure kNN computation on encrypted databases. In Proceedings of the 35th ACM SIGMOD International Conference on Management of Data (SIGMOD’09). http://doi.acm.org/10.1145/1559845.1559862
- Chenxi Wang, Carzaniga A., Evans D., Wolf A.L., Security issues and requirements for Internet-scale publish-subscribe systems, 10.1109/hicss.2002.994531
- Spyros Voulgaris, Etienne Rivière, Anne-Marie Kermarrec, and Maarten van Steen. 2006. Sub-2-sub: Self-organizing content-based publish subscribe for dynamic large scale collaborative networks. In Proceedings of the 5th International Workshop on Peer-to-Peer Systems (IPTPS’06).
- Tian Yuan, Song Biao, Hassan Mohammad Mehedi, Huh Eui nam, An efficient privacy preserving Pub-Sub system for ubiquitous computing, 10.1504/ijahuc.2013.051374
- Muhammad Adnan Tariq, Boris Koldehofe, Ala’ Altaweel, and Kurt Rothermel. 2010. Providing basic security mechanisms in broker-less publish/subscribe systems. In Proceedings of the 4th ACM International Conference on Distributed Event-Based Systems (DEBS’10). http://doi.acm.org/10.1145/1827418.1827425
- Tariq Muhammad Adnan, Koldehofe Boris, Rothermel Kurt, Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption, 10.1109/tpds.2013.256
- R. Strom, G. Banavar, T. Chandra, M. Kaplan, K. Miller, B. Mukherjee, D. Sturman, and M. Ward. 1998. Gryphon: An information flow based approach to message brokering. arXiv:cs/9810019 {cs.DC}.
- Srivatsa Mudhakar, Liu Ling, Iyengar Arun, EventGuard : A System Architecture for Securing Publish-Subscribe Networks, 10.1145/2063509.2063510
- Srivatsa Mudhakar, Liu Ling, Secure Event Dissemination in Publish-Subscribe Networks, 10.1109/icdcs.2007.136
- Srivatsa Mudhakar, Liu Ling, Securing publish-subscribe overlay services with EventGuard, 10.1145/1102120.1102158
- Dawn Xiaodong Song, David Wagner, and Adrian Perrig. 2000. Practical techniques for searches on encrypted data. In Proceedings of the IEEE Symposium on Security and Privacy (SP’00). http://dl.acm.org/citation.cfm?id=882494.884426
- Somorovsky Juraj, Heiderich Mario, Jensen Meiko, Schwenk Jörg, Gruschka Nils, Lo Iacono Luigi, All your clouds are belong to us : security analysis of cloud management interfaces, 10.1145/2046660.2046664
- Singh Jatinder, Eyers David M., Bacon Jean, Disclosure control in multi-domain publish/subscribe systems, 10.1145/2002259.2002283
- Shikfa Abdullatif, Önen Melek, Molva Refik, Privacy-Preserving Content-Based Publish/Subscribe Networks, Emerging Challenges for Security, Privacy and Trust (2009) ISBN:9783642012433 p.270-282, 10.1007/978-3-642-01244-0_24
- Shi Elaine, Bethencourt John, Chan T-H. Hubert, Song Dawn, Perrig Adrian, Multi-Dimensional Range Query over Encrypted Data, 10.1109/sp.2007.29
- Sherman A.T., McGrew D.A., Key establishment in large dynamic groups using one-way function trees, 10.1109/tse.2003.1199073
- SGX. 2016. Intel Software Guard Extensions. Retrieved May 30, 2016, from https://software.intel.com/en-us/isa-extensions/intel-sgx.
- B. Segall, D. Arnold, J. Boot, M. Henderson, and T. Phelps. 2000. Content based routing with Elvin4. In Proceedings of the Australian UNIX Users Group (AUUG’00). http://citeseer.ist.psu.edu/319984.html.
- Ian Rose, Rohan Murty, Peter Pietzuch, Jonathan Ledlie, Mema Roussopoulos, and Matt Welsh. 2007. Cobra: Content-based filtering and aggregation of blogs and RSS feeds. In Proceedings of the 4th USENIX Symposium on Networked Systems Design and Implementation (NSDI’07).
- Ristenpart Thomas, Tromer Eran, Shacham Hovav, Savage Stefan, Hey, you, get off of my cloud : exploring information leakage in third-party compute clouds, 10.1145/1653662.1653687
- Rao Weixiong, Chen Lei, Tarkoma Sasu, Toward Efficient Filter Privacy-Aware Content-Based Pub/Sub Systems, 10.1109/tkde.2012.177
- C. Raiciu and D. S. Rosenblum. 2006. Enabling confidentiality in content-based publish/subscribe infrastructures. In Proceedings of the 2nd IEEE/CreatNet International Conference on Security and Privacy in Communication Networks (SecureComm’06).
- Rafaeli Sandro, Hutchison David, A survey of key management for secure group communication, 10.1145/937503.937506
- Popa Raluca Ada, Redfield Catherine M. S., Zeldovich Nickolai, Balakrishnan Hari, CryptDB : processing queries on an encrypted database, 10.1145/2330667.2330691
- Pohlig S., Hellman M., An improved algorithm for computing logarithms over<tex>GF(p)</tex>and its cryptographic significance (Corresp.), 10.1109/tit.1978.1055817
- Pietzuch P.R., Shand B., Bacon J., Composite event detection as a generic middleware extension, 10.1109/mnet.2004.1265833
- Pietzuch P.R., Bacon J.M., Hermes: a distributed event-based middleware architecture, 10.1109/icdcsw.2002.1030837
- Pesonen Lauri I. W., Eyers David M., Bacon Jean, Encryption-enforced access control in dynamic multi-domain publish/subscribe networks, 10.1145/1266894.1266916
- Pesonen Lauri I.W., Eyers David M., Bacon Jean, Access Control in Decentralised Publish/Subscribe Systems, 10.4304/jnw.2.2.57-67
- Pesonen Lauri I. W., Bacon Jean, Secure event types in content-based, multi-domain publish/subscribe systems, 10.1145/1108473.1108495
- Srinath Perera and Dennis Gannon. 2009. A Scalable and Robust Coordination Architecture for Distributed Management. Technical Report TR659. Indiana University, Bloomington, IN. DOI:http://dx.doi.org/10.1.1.142.4907
- Patel Jay A., Rivière Étienne, Gupta Indranil, Kermarrec Anne-Marie, Rappel: Exploiting interest and network locality to improve fairness in publish-subscribe systems, 10.1016/j.comnet.2009.03.018
- Parzyjegla Helge, Graff Daniel, Schröter Arnd, Richling Jan, Mühl Gero, Design and Implementation of the Rebeca Publish/Subscribe Middleware, Lecture Notes in Computer Science (2010) ISBN:9783642172250 p.124-140, 10.1007/978-3-642-17226-7_8
- Pal Partha, Lauer Greg, Khoury Joud, Hoff Nick, Loyall Joe, P3S: A Privacy Preserving Publish-Subscribe Middleware, Lecture Notes in Computer Science (2012) ISBN:9783642351693 p.476-495, 10.1007/978-3-642-35170-9_24
- Paillier Pascal, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, Advances in Cryptology — EUROCRYPT ’99 ISBN:9783540658894 p.223-238, 10.1007/3-540-48910-x_16
- Opyrchal L., Prakash A., Agrawal A., Designing a Publish-Subscribe Substrate for Privacy/Security in Pervasive Environments, 10.1109/perser.2006.1652251
- Brian Oki, Manfred Pfluegl, Alex Siegel, and Dale Skeen. 1993. The information bus: An architecture for extensible distributed systems. In Proceedings of the 14th ACM Symposium on Operating Systems Principles (SOSP’93). http://doi.acm.org/10.1145/168619.168624
- Nabeel Mohamed, Shang Ning, Bertino Elisa, Efficient privacy preserving content based publish subscribe systems, 10.1145/2295136.2295164
- Mohamed Nabeel, Ning Shang, and Elisa Bertino. 2009. Privacy-Preserving Filtering and Covering in Content-Based Publish Subscribe Systems. CERIAS Technical Report 15. Purdue University, West Lafayette, IN. DOI:http://dx.doi.org/10.1.1.158.8372
- Nabeel Mohamed, Bertino Elisa, Poster : towards attribute based group key management, 10.1145/2046707.2093502
- Nabeel Mohamed, Appel Stefan, Bertino Elisa, Buchmann Alejandro, Privacy Preserving Context Aware Publish Subscribe Systems, Network and System Security (2013) ISBN:9783642386305 p.465-478, 10.1007/978-3-642-38631-2_34
- Gero Mühl. 2002. Large-Scale Content-Based Publish-Subscribe Systems. Ph.D. Dissertation. TU Darmstadt. http://tubiblio.ulb.tu-darmstadt.de/37073/.
- Mühl Gero, Generic Constraints for Content-Based Publish/Subscribe, Cooperative Information Systems (2001) ISBN:9783540425243 p.211-225, 10.1007/3-540-44751-2_17
- MQTT. 2014. MQ Telemetry Transport. Available at http://mqtt.org.
- Mercier Hugues, Onica Emanuel, Rivière Etienne, Felber Pascal, Performance/Security Tradeoffs for Content-Based Routing Supported by Bloom Filters, Structural Information and Communication Complexity (2013) ISBN:9783319035772 p.129-140, 10.1007/978-3-319-03578-9_11
- Martins J., Duarte Sergio, Routing algorithms for content-based publish/subscribe systems, 10.1109/surv.2010.020110.00065
- Martin-Flatin Jean-Philippe, Znaty Simon, Hubaux Jean-Pierre, 10.1023/a:1018761615354
- Ashwin Machanavajjhala, Erik Vee, Minos Garofalakis, and Jayavel Shanmugasundaram. 2008. Scalable ranked publish/subscribe. In Proceedings of the VLDB Endowment 1, 1, 451--462. DOI:http://dx.doi.org/10.1145/1453856.1453906
- Ying Liu and Beth Plale. 2003. Survey of Publish Subscribe Event Systems. Technical Report TR574. Indiana University.
- Liu Fangfei, Yarom Yuval, Ge Qian, Heiser Gernot, Lee Ruby B., Last-Level Cache Side-Channel Attacks are Practical, 10.1109/sp.2015.43
- Jun Li, Chengluai Lu, and Weidong Shi. 2004. An Efficient Scheme for Preserving Confidentiality in Content-Based Publish/Subscribe Systems. Technical Report GIT-CC-04-01. Georgia Institute of Technology.
- Guoli Li, Shuang Hou, Jacobsen H., A Unified Approach to Routing, Covering and Merging in Publish/Subscribe Systems Based on Modified Binary Decision Diagrams, 10.1109/icdcs.2005.8
- Lewko Allison, Waters Brent, Decentralizing Attribute-Based Encryption, Advances in Cryptology – EUROCRYPT 2011 (2011) ISBN:9783642204647 p.568-588, 10.1007/978-3-642-20465-4_31
- Krishnan Rajesh, Sundaram Ravi, Evaluating encrypted Boolean functions on encrypted bits: secure decision-making on the black side, 10.1117/12.2018574
- Khurana Himanshu, Scalable security and accounting services for content-based publish/subscribe systems, 10.1145/1066677.1066862
- Jakobsson Markus, On Quorum Controlled Asymmetric Proxy Re-encryption, Public Key Cryptography (1999) ISBN:9783540656449 p.112-121, 10.1007/3-540-49162-7_9
- Jacobsen Hans-Arno, Cheung Alex, Li Guoli, Maniymaran Balasubramaneyam, Muthusamy Vinod, Kazemzadeh Reza Sherafat, The PADRES Publish/Subscribe System : , Principles and Applications of Distributed Event-Based Systems ISBN:9781605666976 p.164-205, 10.4018/978-1-60566-697-6.ch008
- Ion Mihaela, Russello Giovanni, Crispo Bruno, Design and implementation of a confidentiality and access control solution for publish/subscribe systems, 10.1016/j.comnet.2012.02.013
- Ion Mihaela, Russello Giovanni, Crispo Bruno, Supporting Publication and Subscription Confidentiality in Pub/Sub Networks, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (2010) ISBN:9783642161605 p.272-289, 10.1007/978-3-642-16161-2_16
- Ion Mihalea, Russello Giovanni, Crispo Bruno, An implementation of event and filter confidentiality in pub/sub systems and its application to e-health, 10.1145/1866307.1866401
- Hedwig. 2012. Apache Hedwig. Retrieved May 30, 2016, from https://cwiki.apache.org/confluence/display/BOOKKEEPER/HedWig.
- Abhishek Gupta, Ozgur D. Sahin, Divyakant Agrawal, and Amr El Abbadi. 2004. Meghdoot: Content-based publish/subscribe over P2P networks. In Proceedings of the 5th ACM/IFIP/USENIX International. Middleware Conference.
- Gentry Craig, Computing arbitrary functions of encrypted data, 10.1145/1666420.1666444
- Geng Haoyan, van Renesse Robbert, Sprinkler — Reliable Broadcast for Geographically Dispersed Datacenters, Middleware 2013 (2013) ISBN:9783642450648 p.247-266, 10.1007/978-3-642-45065-5_13
- Roberto S. Silva Filho and David F. Redmiles. 2005. A Survey on Versatility for Publish/Subscribe Infrastructures. Technical Report UCI-ISR-05-8. Institute for Software Research, University of California, Irvine. DOI:http://dx.doi.org/10.1.1.130.8031
- Fiege L., Security aspects in publish/subscribe systems, 10.1049/ic:20040381
- Feige Uri, Killian Joe, Naor Moni, A minimal model for secure computation (extended abstract), 10.1145/195058.195408
- S. Farrell and R. Housley. 2002. An Internet Attribute Certificate Profile for Authorization. Standard RFC 5755. Retrieved May 30, 2016, from https://tools.ietf.org/html/rfc5755.
- Eze Benjamin, Kuziemsky Craig, Peyton Liam, Middleton Grant, Mouttham Alain, Policy-based Data Integration for e-Health Monitoring Processes in a B2B Environment: Experiences from Canada, 10.4067/s0718-18762010000100006
- Eugster Patrick Th., Felber Pascal A., Guerraoui Rachid, Kermarrec Anne-Marie, The many faces of publish/subscribe, 10.1145/857076.857078
- ElGamal Taher, A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, Advances in Cryptology ISBN:9783540156581 p.10-18, 10.1007/3-540-39568-7_2
- Dong Changyu, Russello Giovanni, Dulay Naranker, Shared and Searchable Encrypted Data for Untrusted Servers, Lecture Notes in Computer Science (2008) ISBN:9783540705666 p.127-143, 10.1007/978-3-540-70567-3_10
- Daemen Joan, Rijmen Vincent, The Design of Rijndael, ISBN:9783642076466, 10.1007/978-3-662-04722-4
- Cugola G., Di Nitto E., Fuggetta A., The JEDI event-based infrastructure and its application to the development of the OPSS WFMS, 10.1109/32.950318
- Di Crescenzo Giovanni, Burns Jim, Coan Brian, Schultz John, Stanton Jonathan, Tsang Simon, Wright Rebecca N., Efficient and Private Three-Party Publish/Subscribe, Network and System Security (2013) ISBN:9783642386305 p.278-292, 10.1007/978-3-642-38631-2_21
- Costa Paolo, Migliavacca Matteo, Picco Gian Pietro, Cugola Gianpaolo, Introducing reliability in content-based publish-subscribe through epidemic algorithms, 10.1145/966618.966629
- Choi Y., HOMED: a peer-to-peer overlay architecture for large-scale content-based publish/subscribe system, 10.1049/ic:20040377
- Choi Sunoh, Ghinita Gabriel, Bertino Elisa, A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations, Lecture Notes in Computer Science (2010) ISBN:9783642153631 p.368-384, 10.1007/978-3-642-15364-8_32
- Chang Tiancheng, Meling Hein, Byzantine Fault-Tolerant Publish/Subscribe: A Cloud Computing Infrastructure, 10.1109/srds.2012.14
- Chang Tiancheng, Duan Sisi, Meling Hein, Peisert Sean, Zhang Haibin, P2S : a fault-tolerant publish/subscribe infrastructure, 10.1145/2611286.2611305
- Chand R., Felber P., XNET: a reliable content-based publish/subscribe system, 10.1109/reldis.2004.1353027
- Castro M., Druschel P., Kermarrec A.-M., Rowstron A.I.T., Scribe: a large-scale and decentralized application-level multicast infrastructure, 10.1109/jsac.2002.803069
- Carzaniga Antonio, Rosenblum David S., Wolf Alexander L., Design and evaluation of a wide-area event notification service, 10.1145/380749.380767
- Andrei Broder, Michael Mitzenmacher, and Andrei Broder. 2002. Network applications of Bloom filters: A survey. Internet Mathematics 1, 4, 636--646.
- Boneh Dan, Waters Brent, Conjunctive, Subset, and Range Queries on Encrypted Data, Theory of Cryptography ISBN:9783540709350 p.535-554, 10.1007/978-3-540-70936-7_29
- Boneh Dan, Sahai Amit, Waters Brent, Functional Encryption: Definitions and Challenges, Theory of Cryptography (2011) ISBN:9783642195709 p.253-273, 10.1007/978-3-642-19571-6_16
- Matthew A. Bishop. 2002. The Art and Science of Computer Security. Addison Wesley Longman.
- Silvia Bianchi, Pascal Felber, and Maria Gradinariu. 2007. Content-based publish/subscribe using distributed R-trees. In Proceedings of the International Conference on Parallel and Distributed Computing (Euro-Par’07).
- Bethencourt John, Sahai Amit, Waters Brent, Ciphertext-Policy Attribute-Based Encryption, 10.1109/sp.2007.11
- Bertino Elisa, Ferrari Elena, Secure and selective dissemination of XML documents, 10.1145/545186.545190
- Belokosztolszki András, Eyers David M., Pietzuch Peter R., Bacon Jean, Moody Ken, Role-based access control for publish/subscribe middleware architectures, 10.1145/966618.966622
- M. Bellare, P. Rogaway, and D. Wagner. 2003. EAX: A Conventional Authenticated-Encryption Mode. Cryptology ePrint Archive, Report 2003/069. http://eprint.iacr.org/.
- Bellare Mihir, Hoang Viet Tung, Rogaway Phillip, Foundations of garbled circuits, 10.1145/2382196.2382279
- Barrington D A, Bounded-width polynomial-size branching programs recognize exactly those languages in NC1, 10.1145/12130.12131
- Barazzutti Raphaël, Felber Pascal, Mercier Hugues, Onica Emanuel, Rivière Etienne, Thrifty privacy : efficient support for privacy-preserving publish/subscribe, 10.1145/2335484.2335509
- Barazzutti Raphaël, Felber Pascal, Fetzer Christof, Onica Emanuel, Pineau Jean-François, Pasin Marcelo, Rivière Etienne, Weigert Stefan, StreamHub : a massively parallel architecture for high-performance content-based publish/subscribe, 10.1145/2488222.2488260
- Barazzutti Raphael, Heinze Thomas, Martin Andre, Onica Emanuel, Felber Pascal, Fetzer Christof, Jerzak Zbigniew, Pasin Marcelo, Riviere Etienne, Elastic Scaling of a High-Throughput Content-Based Publish/Subscribe Engine, 10.1109/icdcs.2014.64
- Barazzutti Raphael, Felber Pascal, Mercier Hugues, Onica Emanuel, Riviere Etienne, Efficient and Confidentiality-Preserving Content-Based Publish/Subscribe with Prefiltering, 10.1109/tdsc.2015.2449831
- Baldoni Roberto, Querzoni Leonardo, Tarkoma Sasu, Virgillito Antonino, Distributed Event Routing in Publish/Subscribe Systems, Middleware for Network Eccentric and Mobile Applications (2009) ISBN:9783540897064 p.219-244, 10.1007/978-3-540-89707-1_10
- Bacon Jean, Moody Ken, Yao Walt, A model of OASIS role-based access control and its support for active security, 10.1145/581271.581276
- Bacon Jean, Eyers David M., Singh Jatinder, Pietzuch Peter R., Access control in publish/subscribe systems, 10.1145/1385989.1385993
- Jean Bacon, David Eyers, Jatinder Singh, Brian Shand, Matteo Migliavacca, and Peter Pietzuch. 2010. Security in multi-domain event-based systems. IT 51, 5, 277--284.
- Bacon Jean, Eyers David, Moody Ken, Pesonen Lauri, Securing Publish/Subscribe for Multi-domain Systems, Middleware 2005 (2005) ISBN:9783540303237 p.1-20, 10.1007/11587552_1
- Mark Astley, Joshua Auerbach, Sumeer Bhola, Gerard Buttner, Marc Kaplan, Kevan Miller, Robert Saccone Jr., Robert Strom, Daniel C. Sturman, Michael J. Ward, and Yuanyuan Zhao. 2004. Achieving Scalability and Throughput in a Publish/Subscribe System. Research Report RC23103. IBM.
- Adi Asaf, Botzer David, Nechushtai Gil, Sharon Guy, Complex Event Processing for Financial Services, 10.1109/scw.2006.7
Bibliographic reference |
Onica, Emanuel ; Felber, Pascal ; Mercier, Hugues ; Riviere, Etienne. Confidentiality-Preserving Publish/Subscribe : A Survey. In: ACM Computing Surveys, Vol. 49, no.2, p. 1-43 (2016) |
Permanent URL |
http://hdl.handle.net/2078.1/213807 |