1 / 30

Securing Content Based Routing Publish-Subscribe Systems

Securing Content Based Routing Publish-Subscribe Systems. (SIENA) John.Giacomoni@colorado.edu 2002.01.28. What is Content Based Routing?. Messages Routed Based on Content No Fixed Address Field(s) Generally Speaking Routers Need Full Access to Message Payload. What is Publish-Subscribe?.

brenden-pope
Download Presentation

Securing Content Based Routing Publish-Subscribe Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Content Based Routing Publish-Subscribe Systems (SIENA) John.Giacomoni@colorado.edu 2002.01.28

  2. What is Content Based Routing? • Messages Routed Based on Content • No Fixed Address Field(s) • Generally Speaking Routers Need Full Access to Message Payload

  3. What is Publish-Subscribe? • Event Notification System • Producers (Publishers) • Consumers (Subscribers) • Publications are Routed to Subscribers Based on Filters (Subscriptions)

  4. Interesting Properties of Publish-Subscribe • Publishers and Subscribers can be Anonymous to Each Other • Clients Can be Linked Together to Form an Ad-Hoc Network Using only the Publish-Subscribe Interface

  5. What is SIENA? • Scalable • Internet (Scale) • Event • Notification • Architecture

  6. What/How Does SIENA Work? • Exports a Publish-Subscribe API • Employs Content Based Routing • Accurately Route Messages To Interested Parties • Bandwidth Consumption Reduction

  7. Interesting Properties ofSIENA • Notifications(Messages) Routed Based on Content • Unspecified Number of Clients or Servers • Unspecified Network Topology • Unspecified Communication Protocols • Unspecified Message Delivery Windows • Heterogeneous Host & Authority Domains • Fault Permissive

  8. Unspecified Network Topology • Single Server • Hierarchical • General Graph • Hibrid/Combination Topology

  9. Combination Topology(with heterogeneous authority)

  10. Security Goals • Confidentiality • Integrity • Availability As Described In “Secrets & Lies” by Bruce Schneier p. 121

  11. Confidentiality Goals • Data (Publications) • Content Might Contain Sensitive Information • Routing Depends on Content • Subscriptions • Subscriptions May Contain Sensitive Information • Data Flow Analysis • Anonymity

  12. Integrity Goals • Altered Messages • Injected Messages • Dropped Messages

  13. Availability Goals • Denial of Service Protection • Individual Server • Network Congestion • Knowing When System is Overloaded/DoS’ed

  14. Additional Goals • Billing/Accountability • Audit

  15. Conflicting Goals • Scale vs. Security • Performance vs Security • Anonymity vs Security • Anonymity vs Billing • Communication Network vs User Security • Data Confidentiality vs Expressiveness

  16. How do we Balance These Conflicting Goals?

  17. Observations • Single Solution Very Unlikely • Each Environment Will Need Its Own Setup • Military Always Does Its Own Thing • Minimization of Security in the Servers Maximizes Flexibility • Heterogeneous Solutions do Not Cover Homogeneous Solutions

  18. Homogeneous Authority Domains • Communication Security • IPSEC • SSL (requires server changes) • Bogus Notifications (Traffic Analysis) • Some Faith can be Put into Software • Simple Authentication Tokens Can be Used • Multilevel/Multilateral Security Possible • Military Applications

  19. Heterogeneous Authority Domains • Users Cannot Trust Network • Unknown Recipients • Unknown Servers • Network Cannot Trust Users OR Network • Publications/Subscriptions Valid? • Unknown 3rd Party Server Behavior

  20. User Land Models • Accept Subscriptions and Publications as Public Domain • Subscriptions can be Obfuscated to a Certain Degree • Encrypted Messages • Signed Messages

  21. Problems with Encrypted Notifications • Decreased Routing Performance • 100% Content Confidentiality Results in an Unroutable Message

  22. User Land Security Models(Client/Client) • Protects Data • Anonymity Issues • Key Management/Revocation Issues • Scaling Issues • Organization • No Additional Load on Servers

  23. User Land Security Models(Client/PKI/Client) • Maintains Anonymity Between Publishers and Subscribers • No Additional Load on Servers • Multiple PKI’s can be in Place • Billing Can be Based on Key Management • PKI Management Issues • Initial Key Distribution Closed-PKI, “(Public Key) Infrastructure”

  24. Server Models • Trusted Gateways • Authenticated Publications/Subscriptions • Loss of Anonymity • Foreign Networks Still a Problem • Audit • Loss of Anonymity

  25. Main Problem • Specifying a Security Model Without a Well Defined Environment Will Result in Many Problems

  26. Directions • SSL Aware Communication Layer • Encryption • Authentication • IPSEC Between Servers • Clients if System is Homogeneous • Trusted Gateways

  27. Trusted Gateways • Tunnel Flagged Messages (Encrypted) to Remote Trusted Networks • Unflagged Messages Forwarded Blindly • Rate Limit Unflagged Messages • Minimize Need for Obfuscated Publications • Permits Large Public SIENA Backbones

  28. Parting Comments On Securing SIENA • All Users are Equal in SIENA • Concept of Users and Permissions/Roles Needs to be Introduced.

  29. Trusted Gateways TGW TGW

  30. Q&A Time :)

More Related