1 On the Creation & Discovery of Topics in Distributed Publish/Subscribe systems Shrideep Pallickara, Geoffrey Fox & Harshawardhan Gadgil Community Grids.

Slides:

Advertisements

Similar presentations

Worldwide Messaging Support for High Performance Real-time Collaboration Pete Burnap, Hasan Bulut, Shrideep Pallickara, Geoffrey Fox, David Walker, Ali.

Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

1 A Scalable Approach for the Secure and Authorized Tracking of the Availability of Entities in Distributed Systems Shrideep Pallickara, Jaliya Ekanayake.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Distributed Publish/Subscribe Network Presented by: Yu-Ling Chang.

Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Principles for Collaboration Systems Geoffrey Fox Community Grids Laboratory Indiana University Bloomington IN 47404

11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.

1 A Framework for Network Monitoring and Performance Based Routing in Distributed Middleware Systems Gurhan Gunduz Advisor: Professor.

The NaradaBroker: A Flexible Messaging Infrastructure Rahim Lakhoo (Raz) DSG Seminar 12 th April 2004.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

JMS Compliance in NaradaBrokering Shrideep Pallickara, Geoffrey Fox Community Grid Computing Laboratory Indiana University.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

June 25 th PDPTA Incorporating an XML Matching Engine into Distributed Brokering Systems.

Module 14: WCF Send Adapters. Overview Lesson 1: Introduction to WCF Send Adapters Lesson 2: Consuming a Web Service Lesson 3: Consuming Services from.

Reliable Messaging for Grids and Web Services Geoffrey Fox, Shrideep Pallickara, Damodar Yemme, Hasan Bulut and Sima Patel (gcf, spallick, dyemme, hbulut.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

A Portal Based Approach to Viewing Aggregated Network Performance Data in Distributed Brokering Systems By Gurhan Gunduz, Shrideep Pallickara, Geoffrey.

Rule-Based Data Management Systems Reagan W. Moore Wayne Schroeder Mike Wan Arcot Rajasekar {moore, schroede, mwan, {moore, schroede, mwan,

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

A Transport Framework for Distributed Brokering Systems Shrideep Pallickara, Geoffrey Fox, John Yin, Gurhan Gunduz, Hongbin Liu, Ahmet Uyar, Mustafa Varank.

GlobalMMCS Web Service MCU Architecture SIPH323 Access GridNative XGSP Admire Gateways convert to uniform XGSP Messaging High Performance (RTP) and XML/SOAP.

FINS and FIRMS Notification and Reliable Messaging for the OMII Geoffrey Fox (managerial contact) Shrideep Pallickara (technical contact) July

Chapter 21 Distributed System Security Copyright © 2008.

Reliable Messaging for Grids and Web Services Geoffrey Fox, Shrideep Pallickara, Damodar Yemme, Hasan Bulut and Sima Patel (gcf, spallick, dyemme, hbulut.

Shrideep Pallickara, Jaliya Ekanayake, Geoffrey Fox Community Grids Lab Indiana University Collaborative Analysis of Distributed Data Applied to Particle.

NaradaBrokering for DS-RT 2005 Grid Tutorial IEEE DS-RT 2005 Montreal Canada Oct Geoffrey Fox CTO Anabas Corporation and Computer Science, Informatics,

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Grid Security: Authentication Most Grids rely on a Public Key Infrastructure system for issuing credentials. Users are issued long term public and private.

Ipgdec5-01 Remarks on Web Services PTLIU Laboratory for Community Grids Geoffrey Fox, Marlon Pierce, Shrideep Pallickara, Choonhan Youn Computer Science,

HPSearch for Managing Distributed Services Authors Harshawardhan Gadgil, Geoffrey Fox, Shrideep Pallickara Community Grids Lab Indiana University, Bloomington.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Web Services. 2 Internet Collection of physically interconnected computers. Messages decomposed into packets. Packets transmitted from source to destination.

AMQP, Message Broker Babu Ram Dawadi. overview Why MOM architecture? Messaging broker like RabbitMQ in brief RabbitMQ AMQP – What is it ?

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

NaradaBrokering: Managing data distribution in distributed systems Shrideep Pallickara Community Grids Lab Indiana University.

June 18 th ACM Middleware NaradaBrokering: A Middleware Framework and Architecture for.

Managing Grid and Web Services and their exchanged messages OGF19 Workshop on Reliability and Robustness Friday Center Chapel Hill NC January Authors.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Fall 2006CS 395: Computer Security1 Key Management.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

Framework for High Performance Grid and Web Services GGF15 October Geoffrey Fox Computer Science, Informatics, Physics Pervasive Technology Laboratories.

@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Scaling and Fault Tolerance for Distributed Messages in a Service and Streaming Architecture Hasan Bulut Advisor: Prof. Geoffrey Fox Ph.D. Defense Exam.

Cryptography CSS 329 Lecture 13:SSL.

AMSA TO 4 Advanced Technology for Sensor Clouds 09 May 2012 Anabas Inc. Indiana University.

COMP3220 Web Infrastructure COMP6218 Web Architecture

Shrideep Pallickara, Hasan Bulut & Geoffrey Fox Community Grids Lab

THE STEPS TO MANAGE THE GRID

NAAS 2.0 Features and Enhancements

Wireless Reliable Messaging Protocol for Web Services (WS-WRM)

Distributed Publish/Subscribe Network

A Framework for Secure End-to-End Delivery of Messages in Publish/Subscribe Systems Shrideep Pallickara, Marlon Pierce, Harshawardhan Gadgil, Geoffrey.

Presentation transcript:

1 On the Creation & Discovery of Topics in Distributed Publish/Subscribe systems Shrideep Pallickara, Geoffrey Fox & Harshawardhan Gadgil Community Grids Lab, Indiana University

ACM/IEEE GRID 2005 November 13 th, Messaging Systems Messaging is the routing of content from the producer to the consumer. This can be point-to-point (involving a single producer and consumer) or many-to-many (involving many producers and consumers). Approaches to messaging include systems such as queuing, P2P systems and publish/subscribe.

ACM/IEEE GRID 2005 November 13 th, Publish/Subscribe Systems Software multicast Routing is based on the message content Routing of messages, from the publisher to the subscriber, is within the purview of the middleware Gained a lot of traction in recent years.  JMS, WS-Notification and WS-Eventing.

ACM/IEEE GRID 2005 November 13 th, Topics and Subscriptions A message comprises a set of headers and the payload A Topic is a content descriptor and is present is all messages.  Complexity of a topic varies proportionally with the richness of the content descriptor. Subscriptions are constraints specified on these content descriptors (or Topics). Depending on the type of topics, specified subscriptions vary.

ACM/IEEE GRID 2005 November 13 th, Topic related issues Topics tend to be treated as communal resources  No dissemination constraints; launching attacks is easy. No one owns a Topic, so policies cannot be enforced. No discovery of topics.  Topics to publish or subscribe to are established in an out-of-band fashion (typically hard-coded). No concept of lifecycle management for Topics.  Once created, topics are alive forever: no garbage collection  In some systems lifecycles associated with subscriptions Collisions in the topic space Problems increase as the number of topics increase

ACM/IEEE GRID 2005 November 13 th, Features of our framework Scheme for creation and advertisement of Topics  Establish provenance: Precursor to enforcing policies  Establish lifetimes for topic: Garbage collection of topics.  Topics are guaranteed to be unique across the system Facilitates discovery of topics.  Mandate possession of credentials for discovery. Subscribers can subscribe to trusted sources. Scheme is asynchronous and resilient to failures. Secure creation, advertisement & discovery of topics

ACM/IEEE GRID 2005 November 13 th, Topic Discovery Nodes (TDN) Specialized nodes that serve as a repository of topics There can be several TDNs within the system  Need not be exact replicas of each other  A domain may have its own private TDN Responsible for the generation of unique topics. Establish topic ownership Subscribes to the following topics  Services/Discovery/Topics  Services/Discovery/TopicDiscoveryNode  Services/Discovery/TopicDiscoveryNode/TDN-ID

ACM/IEEE GRID 2005 November 13 th, Anatomy of a Topic creation Request Creator’s certificate including name and institution Information about topic type and lifecycle: start & end Topic template – TDN adds information to this to make topic unique throughout the system Descriptive info to enable discovery of the topic  Could be based on Strings, verbose text or XML  Discovery queries are evaluated against this part. Restrictions on who can discover this topic Sign this request to demonstrate private-key possession

ACM/IEEE GRID 2005 November 13 th, Locating a TDN Issue a TDN discovery request to a specialized private topic or Services/Discovery/TopicDiscoveryNode This request contains  The requestor’s credentials  The topic on which responses should be sent back A TDN responds based on the presented credentials  Also includes the dedicated topic for communications There could be one or more responses to the request. Requestor chooses TDN based on response times or credentials.

ACM/IEEE GRID 2005 November 13 th, Processing a Topic Creation Request The TDN generates a new UUID. This UUID is added to the topic template to generate a unique topic. UUID generation at TDN prevents a malicious user from claiming someone else’s topic as theirs. TDN then signs the info supplied in the topic creation request, and the generated topic structure.  This is the Topic Advertisement. Topic creator posts Advertisement on different TDNs.

ACM/IEEE GRID 2005 November 13 th, Topic Discovery Topic Discovery requests are targeted to all willing TDNs or a specific TDN (possibly private)  Queries can also include start/end times At a TDN, the discovery query is evaluated against the descriptions to locate matching topics.  Discovery constraints imposed by owner are enforced here. Matching advertisements are routed back to requestor. Requestor decides on topic based on the advertisement  Owner, Institution etc.

ACM/IEEE GRID 2005 November 13 th, Security & Fault Tolerant Aspects Topic Creation & Discovery is restricted to possession of valid credentials. Once a TDN has been discovered, all exchanges between a TDN and entity are secured.  Messages are encrypted with a secret key, the secret key is encrypted with the public-key of the intended recepient. TDNs may fail at any time.  Topic creation requires only one TDN to be available  Discovery requests can be flushed through system, and clients may service these requests.

ACM/IEEE GRID 2005 November 13 th, Performance Broker in Tallahassee, TDN at Indianapolis and Client in Bloomington. All results in Milliseconds. Mean Std. Dev. MaxMin Std. Err Topic Creation Topic Discovery Discovering 1 Topic Discovering 10 Topics Discovering 100 Topics

ACM/IEEE GRID 2005 November 13 th, Overview of NaradaBrokering Multiple Transport Support: Transport protocols supported include TCP, Parallel TCP streams, UDP, Multicast, SSL, HTTP and HTTPS Subscription Formats: Subscription constraints can be expressed as Strings, Integers, XPath queries, Regular Expressions, SQL and tag=value pairs Messaging Related Compliance: Java Message Service (JMS) 1.02b compliant, WS-Eventing support. Reliable Delivery: Robust and exactly-once delivery of messages in the presence of failures Ordered Delivery: Producer Order and Total Order over a message type. Time Ordered delivery using Grid-Wide NTP-based absolute time Recovery and Replay: Recovery from failures and disconnects. Replay of messages while preserving time-spacing between successive messages. Buffering services to reduce Jitter. Security: Secure end-to-end delivery of messages Message Payload Options: Compression and Decompression of payloads. Fragmentation and Coalescing of payloads. Web Services: WS-Eventing, WS-Reliable Messaging and WS-Reliablility

ACM/IEEE GRID 2005 November 13 th, Conclusions Provenance: We used this in our security framework to enforce dissemination authorizations and the corresponding durations for these rights.  Was used to cope with denial of service attacks. Life cycle management: Topics can be garbage collected. Discovery: May be restricted to the possession of valid credentials.