Options
Onica, Emanuel
Nom
Onica, Emanuel
Affiliation principale
Identifiants
Résultat de la recherche
Voici les éléments 1 - 9 sur 9
- PublicationMétadonnées seulementConfidentiality-Preserving Publish/Subscribe: A Survey(2016-6-30)
; ; ; Publish/subscribe (pub/sub) is an attractive communication paradigm for large-scale distributed applications running across multiple administrative domains. Pub/sub allows event-based information dissemination based on constraints on the nature of the data rather than on pre-established communication channels. It is a natural fit for deployment in untrusted environments such as public clouds linking applications across multiple sites. However, pub/sub in untrusted environments leads to major confidentiality concerns stemming from the content-centric nature of the communications. This survey classifies and analyzes different approaches to confidentiality preservation for pub/sub, from applications of trust and access control models to novel encryption techniques. It provides an overview of the current challenges posed by confidentiality concerns and points to future research directions in this promising field. - PublicationMétadonnées seulementPerformance/Security Tradeoffs for Content-Based Routing Supported by Bloom FiltersContent-based routing is widely used in large-scale distribu-ted systems as it provides a loosely-coupled yet expressive form of communication: consumers of information register their interests by the means of subscriptions, which are subsequently used to determine the set of recipients of every message published in the system. A major challenge of content-based routing is security. Although some techniques have been proposed to perform matching of encrypted subscriptions against encrypted messages, their computational cost is very high. To speed up that process, it was recently proposed to embed Bloom filters in both subscriptions and messages to reduce the space of subscriptions that need to be tested. In this article, we provide a comprehensive analysis of the information leaked by Bloom filters when implementing such a “prefiltering” strategy. The main result is that although there is a fundamental trade-off between prefiltering efficiency and information leakage, it is practically possible to obtain good prefiltering while securing the scheme against leakages with some simple randomization techniques.
- PublicationMétadonnées seulementStreamHub: A Massively Parallel Architecture for High-Performance Content-Based Publish/Subscribe(: ACM, 2013-6-29)
; ; ; ; ; ; Weigert, StefanBy routing messages based on their content, publish/subscribe (pub/sub) systems remove the need to establish and maintain fixed communication channels. Pub/sub is a natural candidate for designing large-scale systems, composed of applications running in different domains and communicating via middleware solutions deployed on a public cloud. Such pub/sub systems must provide high throughput, filtering thousands of publications per second matched against hundreds of thousands of registered subscriptions with low and predictable delays, and must scale horizontally and vertically. As large-scale application composition may require complex publications and subscriptions representations, pub/sub system designs should not rely on the specific characteristics of a particular filtering scheme for implementing scalability. In this paper, we depart from the use of broker overlays, where each server must support the whole range of operations of a pub/sub service, as well as overlay management and routing functionality. We propose instead a novel and pragmatic tiered approach to obtain high-throughput and scalable pub/sub for clusters and cloud deployments. We separate the three operations involved in pub/sub and leverage their natural potential for parallelization. Our design, named StreamHub, is oblivious to the semantics of subscriptions and publications. It can support any type and number of filtering operations implemented by independent libraries. Experiments on a cluster with up to 384 cores indicate that StreamHub is able to register 150 K subscriptions per second and filter next to 2 K publications against 100 K stored subscriptions, resulting in nearly 400 K notifications sent per second. Comparisons against a broker overlay solution shows an improvement of two orders of magnitude in throughput when using the same number of cores. - PublicationMétadonnées seulementInfrastructure Provisioning for Scalable Content-based Routing: Framework and Analysis(2012-1-13)
; ; ; ; ; Content-based publish/subscribe is an attractive paradigm for designing large-scale systems, as it decouples producers of information from consumers. This provides extensive flexibility for applications, which can use a modular architecture. Using this architecture, each participant expresses its interest in events by means of filters on the content of those events instead of using pre-established communication channels. However, matching events against filters has a non-negligible processing cost. Scaling the infrastructure with the number of users or events requires appropriate provisioning of resources for each of the operations involved: routing and filtering. In this paper, we propose and describe a generic, modular, and scalable infrastructure for supporting high-performance content-based publish/subscribe. We analyze its properties and show how it dynamically scales in a realistic setting. Our results provide valuable insights into the design and deployment of scalable content-based routing infrastructures. - PublicationAccès libreEfficient support for confidentiality-preserving publish/subscribe systemsPublish/subscribe (pub/sub) is an attractive communication paradigm that offers efficient and decoupled information dissemination in distributed environments. Publishers generate the flow of information as publications, which are routed to subscribers based on their interests expressed as subscriptions. In the most common functional model, an infrastructure of brokers store the subscriptions, match incoming publications against stored subscriptions, and dispatch matching publications to the corresponding subscribers.
Early research on pub/sub mostly focused on improving performance, e.g., by maximizing the scalability of the pub/sub infrastructure and by minimizing dissemination latencies. The increase in popularity of pub/sub systems and externalized computing infrastructure lead to serious concerns about confidentiality preservation. Several techniques and mechanisms have been proposed to ensure confidentiality in pub/sub. However, these mechanisms come with performance costs. They also set new requirements that impede with the classical functional model of pub/sub systems. In this thesis, we present novel and innovative solutions to address these two aspects and make confidentiality-preserving pub/sub more practical and efficient.
Our first contribution is an overview of confidentiality-oriented research for pub/sub. We identify classes of solutions and highlight existing and future research directions. We observe the most important challenge for confidentiality-preserving pub/sub, which is to hide the content of publications and subscriptions from untrusted brokers, while allowing matching operations. Among the security models and solutions we identify in the existing work, encrypted matching schemes emerge as the most flexible solution.
Encrypted matching mechanisms allow untrusted brokers to match encrypted subscriptions against encrypted publications. However, these mechanisms have major performance overheads compared to non-encrypted matching. They may also prevent from using optimization techniques based on subscription containment. We propose a support mechanism that reduces the cost of encrypted matching, in the form of a prefiltering operator. This reduces the amount of encrypted subscriptions that must be matched against incoming encrypted publications. It leverages subscription containment information, but also ensures that containment confidentiality is preserved otherwise. We propose containment obfuscation techniques and provide a rigorous mathematical analysis to determine the amount of leaked information. We show that while there is a tradeoff between prefiltering efficiency and information leakage, it is practically possible to obtain good prefiltering performance in secure conditions.
Encrypted matching solutions require also appropriate key management support. Due to the use of encrypted subscriptions stored in untrusted domains, a key update may require all subscribers to re-encrypt and resubmit their subscriptions before publishers may use the new key. This is a costly and long operation. We introduce DynamiK, a lightweight key management architecture that takes into account the decoupled nature of pub/sub and allows updating encrypted subscriptions directly at the brokers. We present a security analysis and implementation of DynamiK for the ASPE encryption scheme, observing a minimal effect on the pub/sub service performance. We also extend the functionality and enhance the security of the original ASPE encrypted matching scheme, which we use for encrypted matching throughout our work.
Finally, we provide an overview of the current challenges implied by confidentiality preservation in content based pub/sub and discuss future research avenues. - PublicationMétadonnées seulementEfficient Key Updates through Subscription Re-encryption for Privacy-Preserving Publish/SubscribeContent-based publish/subscribe (pub/sub) is an appealing information dissemination paradigm for distributed systems. Consumers of data subscribe to a pub/sub service, typically offered through a distributed broker overlay, and indicate their interests as constraints over the information content. Publishers generate the information flow, which the brokers filter and route to the interested subscribers. Protecting the information confidentiality, and in particular the interests of subscribers, is an important concern when brokers are located in untrusted domains such as public clouds. Encrypted matching techniques allow untrusted brokers to store encrypted subscriptions and match them against encrypted publications. Updates of encryption keys regularly happen in such contexts due to changes in trust relations. These key updates cause the invalidation of stored encrypted subscriptions and force subscribers to re-encrypt and re-submit them. This long and costly operation impacts the pub/sub service continuity and performance. In this paper, we propose a novel technique that allows updating encrypted subscriptions directly at the brokers while maintaining privacy guarantees. We present an implementation of the technique for the ASPE encrypted matching scheme and prove the security of our extension. We evaluate its practical effectiveness through a prototype implementation including a dependable key dis- tribution protocol. Our experiments show the ability to handle key updates while preserving service continuity and performance.
- PublicationMétadonnées seulementEfficient and Confidentiality-Preserving Content-Based Publish/Subscribe with Prefiltering(2015-6-25)
; ; ; ; Content-based publish/subscribe provides a loosely-coupled and expressive form of communication for large-scale distributed systems. Confidentiality is a major challenge for publish/subscribe middleware deployed over multiple administrative domains. Encrypted matching allows confidentiality-preserving content-based filtering but has high performance overheads. It may also prevent the use of classical optimizations based on subscriptions containment. We propose a support mechanism that reduces the cost of encrypted matching, in the form of a prefiltering operator using Bloom filters and simple randomization techniques. This operator greatly reduces the amount of encrypted subscriptions that must be matched against incoming encrypted publications. It leverages subscription containment information when available, but also ensures that containment confidentiality is preserved otherwise. We propose containment obfuscation techniques and provide a rigorous security analysis of the information leaked by Bloom filters in this case. We conduct a thorough experimental evaluation of prefiltering under a large variety of workloads. Our results indicate that prefiltering is successful at reducing the space of subscriptions to be tested in all cases. We show that while there is a tradeoff between prefiltering efficiency and information leakage when using containment obfuscation, it is practically possible to obtain good prefiltering performance while securing the technique against potential leakages. - PublicationMétadonnées seulementElastic Scaling of a High-Throughput Content-Based Publish/Subscribe Engine(: IEEE, 2014-6-30)
; ; ; ; Publish/subscribe (pub/sub) infrastructures running as a service on cloud environments offer simplicity and flexibility for composing distributed applications. Provisioning them appropriately is however challenging. The amount of stored subscriptions and incoming publications varies over time, and the computational cost depends on the nature of the applications and in particular on the filtering operation they require (e.g., content-based vs. topic-based, encrypted vs. non-encrypted filtering). The ability to elastically adapt the amount of resources required to sustain given throughput and delay requirements is key to achieving cost-effectiveness for a pub/sub service running in a cloud environment. In this paper, we present the design and evaluation of an elastic content-based pub/sub system: E-STREAMHUB. Specific contributions of this paper include: (1) a mechanism for dynamic scaling, both out and in, of stateful and stateless pub/sub operators, (2) a local and global elasticity policy enforcer maintaining high system utilization and stable end-to-end latencies, and (3) an evaluation using real-world tick workload from the Frankfurt Stock Exchange and encrypted content-based filtering. - PublicationMétadonnées seulementThrifty Privacy: Efficient Support for Privacy-Preserving Publish/Subscribe(: ACM, 2012-1-13)
; ; ; ; Content-based publish/subscribe is an appealing paradigm for building large-scale distributed applications. Such applications are often deployed over multiple administrative domains, some of which may not be trusted. Recent attacks in public clouds indicate that a major concern in untrusted domains is the enforcement of privacy. By routing data based on subscriptions evaluated on the content of publications, publish/subscribe systems can expose critical information to unauthorized parties. Information leakage can be avoided by the means of privacy-preserving filtering, which is supported by several mechanisms for encrypted matching. Unfortunately, all existing approaches have in common a high performance overhead and the difficulty to use classical optimization for content-based filtering such as per-attribute containment. In this paper, we propose a novel mechanism that greatly reduces the cost of supporting privacy-preserving filtering based on encrypted matching operators. It is based on a pre-filtering stage that can be combined with containment graphs, if available. Our experiments indicate that pre-filtering is able to significantly reduce the number of encrypted matching for a variety of workloads, and therefore the costs associated with the cryptographic mechanisms. Furthermore, our analysis shows that the additional data structures used for pre-filtering have very limited impact on the effectiveness of privacy preservation.