Role-Based Access Control for Publish/Subscribe Middleware Architectures

1. Role-Based Access Control for Publish/Subscribe Middleware Architectures DEBS’03, San Diego, CA, USA, June 2003

2. Access Control for Pub/Sub • Security with minimal overhead to pub/sub efficiency • Access control checks at • Client connection time Client Connection Policy • Event type management Type Management Policy • Advertisement time Advertisement Policy • Subscription time Subscription Policy • Only local (edge) brokers need to check policy • Take advantage of the pub/sub system • Introduce Restrictions for advertisements and subscriptions • Scalability • Role-based access control

3. General Architecture • Edge brokers • Perform access control • No overhead at pub time • Subscribe to Policy Evolution Events Generic Restriction Predicate • Black box predicate • May be expensive Pub/Sub Restriction Predicate • Use filters available by pub/sub system • Get access control for “free” Hybrid schemes • Combination of both

4. Broker Trust • May not want to trust all brokers • Trusted broker sub-graphs with certificate chains • Verify connectivity per sub-graph • Use pub/sub for revocation and policy update

5. Conclusions • Scalable and efficient access control is needed for publish/subscribe systems • Take advantage of the pub/sub system for restrictions • Policy can be updated via the pub/sub infrastructure • Brokers may not be fully trusted • Future Work • Complete implementation • Tighter integration of roles and event types

6. Thank You Any Questions?