Mudhakar Srivatsa, Ling Liu,
Scalable Access Control in Content-Based Publish-Subscribe Systems
Content-based publish-subscribe (pub-sub) systems are an emerging paradigm for
building a large number of distributed systems. Access control in a pub-sub
system refers to secure distribution of events to clients subscribing to those
events without revealing its secret attributes to the unauthorized subscribers.
To provide confidentiality guarantees the secret attributes in an event is
encrypted so that only authorized subscribers can read them. However, in a
content-based pub-sub system, every event can potentially have a different set
of authorized subscribers. In the worst case, for NS subscribers, there are
2^NS subgroups, and each event can potentially go to a different subgroup.
Hence, efficient key management is a big challenge for implementing access
control in pub-sub systems. In this paper, we describe efficient and scalable
key management algorithms for securely implementing access control rules in
pub-sub systems. We ensure that the key management cost is linear in the number of subscriptions and completely independent of the number
of subscribers NS. We present a concrete implementation of our proposal on an
operational pub-sub system. An experimental evaluation of our prototype shows
that our proposal meets the security requirements while maintaining the
scalability and performance of the pub-sub system.