An information flow control model in a topic-based publish/subscribe system

Abstract

A publish/subscribe (PS) model is an event-driven model of a distributed system. In traditional PS systems, each peer (process) can either publish or subscribe events. In this paper, we consider a peer-to-peer (P2P) type of topic-based PS model where each peer can both publish and subscribe events. In this paper, we newly propose a topic-based access control (TBAC) model for topic-based PS systems. Here, an access right is a pair $⟨ t, op ⟩$ of a topic t and a publish or subscribe operation $op$ . A peer is allowed to publish an event message with publication topics and subscribe interesting topics only if the publication and subscription access rights are granted to the peer, respectively. An event message e is delivered to a peer $p_{i}$ if the publication of e and subscription of $p_{i}$ include some common topic. If a peer $p_{i}$ publishes an event message $e_{2}$ after receiving an event message $e_{1}$ , the event message $e_{2}$ may bring some information of the event message $e_{1}$ . If a target peer $p_{j}$ is not allowed to subscribe at least one topic which is related with the event message $e_{1}$ , information in the peer $p_{i}$ illegally flows to the target peer $p_{j}$ . We newly propose a subscription-based synchronization (SBS) protocol to prevent illegal information flow. Here, an event message is banned by a target peer if the event message implies illegal information flow. However, event messages may be unnecessarily banned by a peer even if no illegal information flow to the peer occurs. In the evaluation, we show the number of event messages unnecessarily banned in the SBS protocol.

Keywords

Information flow control peer-to-peer (P2P) model topic-based publish/subscribe (PS) systems subscription-based synchronization (SBS) protocol topic-based access control (TBAC) model unnecessarily banned message

Get full access to this article

View all access options for this article.

References

Bacon,

D.M.

Eyers,

Singh and

P.R.

Pietzuch, Access control in publish/subscribe systems, in: Proc. of the 2nd International Conference on Distributed Event-Based Systems, 2008, pp. 23–34.

Blanco and

Alencar, Event models in distributed event based systems, in: Principles and Applications of Distributed Event-Based Systems, 2010, pp. 19–42. doi:10.4018/978-1-60566-697-6.ch002.

Coulouris,

Dollimore,

Kindberg and

Blair, Distributed Systems Concepts and Design, Addison Wesley, 2011.

D.E.R.

Denning, Cryptography and Data Security, Addison Wesley, 1982.

Enokido and

Takizawa, A legal information flow (LIF) scheduler based on role-based access control model, International Journal of Computer Standard and Interfaces 31(5) (2009), 906–912. doi:10.1016/j.csi.2008.03.013.

Enokido and

Takizawa, A purpose-based synchronization protocol for secure information flow control, International Journal of Computer Systems Science and Engineering 25(2) (2010), 25–32.

Enokido and

Takizawa, Purpose-based information flow control for cyber engineering, IEEE Transactions on Industrial Electronics 58(6) (2011), 2216–2225. doi:10.1109/TIE.2010.2051393.

Esposito,

Castiglione,

Palmieri,

Ficco and

K.-K.R.

Choo, A publish/subscribe protocol for event-driven communications in the Internet of things, in: Proc. of the IEEE 14th International Conference on Dependable, Autonomic and Secure Computing, 2016, pp. 376–383.

P.T.

Eugster,

P.A.

Felber,

Guerraoui and

A.-M.

Kermarrec, The many faces of publish/subscribe, ACM Computing Surveys 35(2) (2003), 114–131. doi:10.1145/857076.857078.

10.

D.F.

Ferraiolo,

D.R.

Kuhn and

Chandramouli, Role-Based Access Controls, 2nd ed., Artech, 2007.

11.

Google alert. http://www.google.com/alerts.

12.

Lamport, Time, clocks, and the ordering of event in a distributed systems, Communications of the ACM 21(7) (1978), 558–565. doi:10.1145/359545.359563.

13.

Nakamura,

Duolikun,

Enokido and

Takizawa, A write abortion-based protocol in role-based access control systems, International Journal of Adaptive and Innovative Systems 2(2) (2015), 142–160. doi:10.1504/IJAIS.2015.072139.

14.

Nakamura,

Duolikun,

Enokido and

Takizawa, A flexible read-write abortion protocol to prevent illegal information flow among objects, Journal of Mobile Multimedia 11(3–4) (2015), 263–280.

15.

Nakamura,

Duolikun,

Enokido and

Takizawa, A read-write abortion (RWA) protocol to prevent illegal information flow in role-based access control systems, International Journal of Space-Based and Situated Computing 6(1) (2016), 43–53. doi:10.1504/IJSSC.2016.076564.

16.

Nakamura,

Duolikun and

Takizawa, Read-abortion (RA) based synchronization protocols to prevent illegal information flow, Journal of Computer and System Sciences 81(8) (2015), 1441–1451. doi:10.1016/j.jcss.2014.12.020.

17.

Nakamura,

Enokido and

Takizawa, Subscription initialization (SI) protocol to prevent illegal information flow in peer-to-peer publish/subscribe systems, in: Proc. of the 19th International Conference on Network-Based Information Systems (NBiS-2016), 2016, pp. 42–49.

18.

Nakamura,

Enokido and

Takizawa, Topic-based synchronization (TBS) protocols to prevent illegal information flow in peer-to-peer publish/subscribe systems, in: Proc. of the 11th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA-2016), 2016, pp. 57–68.

19.

Nakamura,

Enokido and

Takizawa, Sensitivity-based synchronization protocol to prevent illegal information flow among objects, International Journal of Web and Grid Services (IJWGS) 13(3) (2017), 315–333. doi:10.1504/IJWGS.2017.085147.

20.

Nakamura,

Enokido and

Takizawa, A flexible read-write abortion protocol with role safety concept to prevent illegal information flow, Journal of Ambient Intelligence and Humanized Computing (AIHC) (accepted).

21.

Nakamura,

Ogiela,

Enokido and

Takizawa, Flexible synchronization protocol to prevent illegal information flow in peer-to-peer publish/subscribe systems, in: Proc. of the 11th International Conference on Complex, Intelligent, and Software Intensive Systems (CISIS-2017), 2017, pp. 82–93.

22.

Nakamura,

Ogiela,

Enokido and

Takizawa, Evaluation of flexible synchronization protocol to prevent illegal information flow in P2PPS systems, in: Proc. of the 20th International Conference on Network-Based Information Systems (NBiS-2017), 2017, pp. 66–77.

23.

Nakamura,

Ogiela,

Enokido and

Takizawa, Evaluation of protocols to prevent illegal information flow in peer-to-peer publish/subscribe systems, in: Proc. of IEEE the 31st International Conference on Advanced Information Networking and Applications (AINA-2017), 2017, pp. 631–638.

24.

Nakayama,

Duolikun,

Enokido and

Takizawa, Selective delivery of event messages in peer-to-peer topic-based publish/subscribe systems, in: Proc. of the 18th International Conference on Network-Based Information Systems (NBiS-2015), 2015, pp. 379–386.

25.

Nakayama,

Duolikun,

Enokido and

Takizawa, Reduction of unnecessarily ordered event messages in peer-to-peer model of topic-based publish/subscribe systems, in: Proc. of IEEE the 30th International Conference on Advanced Information Networking and Applications (AINA-2016), 2016, pp. 1160–1167.

26.

Nakayama,

Nakamura,

Enokido and

Takizawa, Topic-based causally ordered delivery of event messages in a peer-to-peer (P2P) model of publish/subscribe systems, in: Proc. of the 7th International Workshop on Heterogeneous Networking Environments and Technologies (W-HETNET-2016), 2016, pp. 348–354.

27.

Nakayama,

Ogawa,

Nakamura,

Enokido and

Takizawa, Topic-based selective delivery of event messages in peer-to-peer model of publish/subscribe systems in heterogeneous networks, in: Proc. of the 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA-2017), 2017, pp. 327–334.

28.

Osborn,

R.S.

Sandhu and

Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security 3(2) (2000), 85–106. doi:10.1145/354876.354878.

29.

R.S.

Sandhu, Lattice-based access control models, IEEE Computer 26(11) (1993), 9–19. doi:10.1109/2.241422.

30.

R.S.

Sandhu,

E.J.

Coyne,

H.L.

Feinstein and

C.E.

Youman, Role-based access control models, IEEE Computer 29(2) (1996), 38–47. doi:10.1109/2.485845.

31.

Sarath and

Eric, Controlling privacy disclosure of third party applications in online social networks, International Journal of Web Information Systems (IJWIS) 12(2) (2016).

32.

Setty,

van Steen,

Vitenberg and

Voulgaris, PolderCast: Fast, robust, and scalable architecture for P2P topic-based pub/sub, in: Proc. of ACM/IFIP/USENIX 13th International Conference on Middleware (Middleware 2012), 2012, pp. 271–291.

33.

Tarkoma, Publish/Subscribe System: Design and Principles, 1st edn., John Wiley and Sons, Ltd, 2012. doi:10.1002/9781118354261.

34.

Tarkoma,

Ain and

Visala, The publish/subscribe Internet routing paradigm (PSIRP): Designing the future Internet architecture, in: Future Internet Assembly, 2009, pp. 102–111.

35.

A.B.

Waluyo,

Taniar,

Rahayu,

Aikebaier,

Takizawa and

Srinivasan, Trustworthy-based efficient data broadcast model for P2P interaction in resource-constrained wireless environments, Journal of Computer and System Sciences (JCSS) 78(6) (2012), 1716–1736. doi:10.1016/j.jcss.2011.10.019.

36.

Yamamoto and

Hayashibara, Merging topic groups of a publish/subscribe system in causal order, in: Proc. of the 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA-2017), 2017, pp. 172–177.

37.

Zeng,

Yang and

Luo, Content-based access control: Use data content to assist access control for large-scale content-centric databases, in: IEEE International Conference on Big Data, 2014, pp. 701–710.