170 likes | 342 Views
Emergency Alerts as RSS Feeds with Interdomain Authorization. Filippo Gioachin 1 , Ravinder Shankesi 1 , Michael J. May 1,2 , Carl A. Gunter 1 , Wook Shin 1 1 University of Illinois Urbana-Champaign 2 University of Pennsylvania. Emergency Messaging.
E N D
Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin1, Ravinder Shankesi1, Michael J. May1,2, Carl A. Gunter1, Wook Shin1 1 University of Illinois Urbana-Champaign 2 University of Pennsylvania
Emergency Messaging • Emergency messaging has requirements we see in other contexts as well • Scalability • Timeliness • Targeted delivery • Public health emergency messaging has additional requirements • Sender integrity and authentication • Message integrity • Recipient integrity and authentication • Wide scale distribution with targeted delivery • We need interdomain messaging with multiple levels of authentication
Emergency Messaging alerts alerts auth
Emergency Messaging • Roles • Permission • Location • Employer • Specialty alerts • Policies for permissions • Access Control Lists • Alert policies • Permissions • Scope • Location
Emergency Messaging auth token alerts Alerts summary token • Attribute based policies • Summaries
Our approach • Leverage existing technologies for a scalable interdomain authentication and authorization system • Rights as user attributes • Policies given in terms of attributes • Interdomain federation and trust between state authorities and local organizations • Alerts as messages with policies • Policies based on CDC standardized messaging format • Policies defined by CDC, enforced by states • Alerts provided as summaries • Natural mechanism for regularly updating and dynamic content
Our approach • Shibboleth attribute based authentication • SAML token based • Users authenticate to a local Identity Provider (IdP) which provides a signed attribute cookie • Users use the cookie to authenticate to the service provider • RSS based message feeds • XML based message summary format • Widely deployed mechanism for distributing links to dynamically updated content • SSL encryption between nodes • Result: Shibboleth RSS
Contributions • Architecture and implementation of Shibboleth RSS • Application to standards based messaging formats • Scalability and performance estimates from experiments
Design Considerations • What attributes to consider? • Attributes from CDC message format - Common Alerting Protocol (CAP) and Public Health Directory Schema (PHINDir) • What workload to put on server and client? • RSS from CAP on the server • RSS to HTML done on client • Custom user filtering done with JavaScript on client • How to design policies? • Forcing redesign of policies are a burden on alert authors • Generic policies will match most messages and speed policy filtering • Custom policies can be attached if desired
Policy Evaluation • System architect predefines common policies • Policy names are associated with each alert • Policies need to be evaluated only once per request • User attributes compared once against existing policies and stored for later use
High Level Architecture Alert Database Public Health Directory Alert Filter Policies 7: Alerts 6 3 4 Alerts to RSS 8: RSS 1: Redirect 1 Req 2: Auth 5 Identity Provider 5: Token 8: RSS
Performance Evaluation • Vary the number of policies and number of alerts • Alerts • Small = 128 Kb (54 infos in 15 alerts) • Big = 512 Kb (216 infos in 60 alerts) • Policies • Few = 10 rules • Many = 50 rules • Critical operations • SSL tunnel establishment • PHP web page processing • Policy evaluation • Message filtering based on policy • Summarizing messages in RSS • Transforming RSS to HTML for viewing
Performance Evaluation Downloads per second
Performance Evaluation • Optimizations: • CAP to RSS feed format • Cached policies per user • Searched for all policies at once • Results: • SSL the biggest performance hit • Size of the input matters, not number of policies Downloads per second
Conclusion • Shibboleth RSS offers a scalable method for interdomain emergency alerts • Attributes let us define policies • RSS lets us summarize policies for reading • Performance penalty reasonable after SSL • About 45% - 60% throughput • Federated trust makes interdomain messaging practical
References • Illinois Security Lab • http://seclab.uiuc.edu • Shibboleth RSS Project • http://seclab.uiuc.edu/securerss • Demo video • http://seclab.uiuc.edu/resources/shibbolethRSSDemo.html • Or Google “Shibboleth RSS”