MIDDLEWARE SYSTEMS RESEARCH GROUP Middleware 20071 A Policy Management Framework for Content-based Publish/Subscribe Middleware Hans-Arno Jacobsen Department.

Slides:



Advertisements
Similar presentations
TSpaces Services Suite: Automating the Development and Management of Web Services Presenter: Kevin McCurley IBM Almaden Research Center Contact: Marcus.
Advertisements

Opportunistic Multipath Forwarding in Publish/Subscribe Systems Reza Sherafat Kazemzadeh AND Hans-Arno Jacobsen Middleware Systems Research Group University.
Efficient Event-based Resource Discovery Wei Yan*, Songlin Hu*, Vinod Muthusamy +, Hans-Arno Jacobsen +, Li Zha* * Chinese Academy of Sciences, Beijing.
1 Cycle Detection in Publish/Subscribe Overlay Networks Reza Sherafat Alex Cheung Prof. Cristiana Amza ECE1747 – Course Project University of Toronto.
Management of Uncertainty in Publish/Subscribe Systems Haifeng Liu Department of Computer Sceince University of Toronto.
Ludger Fiege, TU Darmstadt, Germany Slide 1 A Modular Approach to Build Structured Event-based Systems Ludger Fiege Dep. of Computer Science.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Transactional Mobility in Distributed Content-Based Publish/Subscribe Systems Songlin Hu*, Vinod Muthusamy +, Guoli Li +, Hans-Arno Jacobsen + * Chinese.
MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno.
Subscription Subsumption Evaluation for Content-Based Publish/Subscribe Systems Hojjat Jafarpour, Bijit Hore, Sharad Mehrotra, and Nalini Venkatasubramanian.
Distributed Mobile Event Systems Sasu Tarkoma MiNEMA Workshop.
©NEC Laboratories America 1 Hui Zhang Samrat Ganguly Sudeept Bhatnagar Rauf Izmailov NEC Labs America Abhishek Sharma University of Southern California.
University of Jyväskylä An Observation Framework for Multi-Agent Systems Joonas Kesäniemi, Artem Katasonov * and Vagan Terziyan University of Jyväskylä,
Chapter 10: Stream-based Data Management Title: Design, Implementation, and Evaluation of the Linear Road Benchmark on the Stream Processing Core Authors:
Illustrating a Publish-Subscribe Internet Architecture Nikolaos Fotiou 1 George C. Polyzos 1 Dirk Trossen 2 Presenter: Konstantinos Katsaros 1 1 Athens.
Peter R. Pietzuch, Brian Shand, and Jean Bacon A Framework for Distributed Event Composition Middleware’03, Rio de Janeiro,
Darmstadt University of Technology CoopIS 2001, TrentoGero Mühl Generic Constraints for Content-Based Publish/Subscribe Gero Mühl PhD Program “Enabling.
Hermes: A Distributed Event- Based Middleware Architecture Peter Pietzuch and Jean Bacon 1st DEBS Workshop, Vienna,
A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
Fuego Event Service: Towards Modularity in Event Routing Sasu Tarkoma Rutgers-Helsinki Workshop
Distributed Publish/Subscribe Network Presented by: Yu-Ling Chang.
Condor Project Computer Sciences Department University of Wisconsin-Madison Asynchronous Notification in Condor By Vidhya Murali.
Messaging Technologies Group: Yuzhou Xia Yi Tan Jianxiao Zhai.
Effects of Routing Computations in Content-Based Routing Networks with Mobile Data Sources Vinod Muthusamy, Milenko Petrovic, Hans-Arno Jacobsen University.
Scalable Security and Accounting Services for Content-based Publish/Subscribe Systems Himanshu Khurana NCSA, University of Illinois.
Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September
Publisher Mobility in Distributed Publish/Subscribe Systems Vinod Muthusamy, Milenko Petrovic, Dapeng Gao, Hans-Arno Jacobsen University of Toronto June.
The Architecture of Secure Systems Jim Alves-Foss Laboratory for Applied Logic Department of Computer Science University of Idaho By, Nagaashwini Katta.
MIDDLEWARE SYSTEMS RESEARCH GROUP Denial of Service in Content-based Publish/Subscribe Systems M.A.Sc. Candidate: Alex Wun Thesis Supervisor: Hans-Arno.
Content-Based Routing in Mobile Ad Hoc Networks Milenko Petrovic, Vinod Muthusamy, Hans-Arno Jacobsen University of Toronto July 18, 2005 MobiQuitous 2005.
AMPol-Q: Adaptive Middleware Policy to support QoS Raja Afandi, Jianqing Zhang, Carl A. Gunter Computer Science Department, University of Illinois Urbana-Champaign.
DISTRIBUTED EVENT AGGREGATION FOR CONTENT-BASED PUBLISH/SUBSCRIBE SYSTEMS Navneet Kumar Pandey 1 Stéphane Weiss 1 Roman Vitenberg 1 Kaiwen Zhang 2 Hans-Arno.
Dynamic Load Balancing in Distributed Content-based Publish/Subscribe Alex K. Y. Cheung & Hans-Arno Jacobsen University of Toronto November 30 th, 2006.
MIDDLEWARE SYSTEMS RESEARCH GROUP MSRG.ORG Total Order in Content-based Publish/Subscribe Systems Joint work with: Vinod Muthusamy, Hans-Arno Jacobsen.
Distributed Automatic Service Composition in Large-Scale Systems Songlin Hu*, Vinod Muthusamy +, Guoli Li +, Hans-Arno Jacobsen + * Chinese Academy of.
Historic Data Access in Publish/Subscribe Middleware System Research Group University of Toronto.
MIDDLEWARE SYSTEMS RESEARCH GROUP Modelling Performance Optimizations for Content-based Publish/Subscribe Alex Wun and Hans-Arno Jacobsen Department of.
Parallel Event Processing for Content-Based Publish/Subscribe Systems Amer Farroukh Department of Electrical and Computer Engineering University of Toronto.
MIDDLEWARE SYSTEMS RESEARCH GROUP Adaptive Content-based Routing In General Overlay Topologies Guoli Li, Vinod Muthusamy Hans-Arno Jacobsen Middleware.
Minimal Broker Overlay Design for Content-Based Publish/Subscribe Systems Naweed Tajuddin Balasubramaneyam Maniymaran Hans-Arno Jacobsen University of.
ICDCS Beijing China Routing of XML and XPath Queries in Data Dissemination Networks Guoli Li, Shuang Hou Hans-Arno Jacobsen Middleware Systems Research.
András Belokosztolszki, David M Eyers, Peter R Pietzuch, Jean Bacon and Ken Moody Role-Based Access Control for Publish/Subscribe.
Information-Centric Networks10b-1 Week 10 / Paper 2 Hermes: a distributed event-based middleware architecture –P.R. Pietzuch, J.M. Bacon –ICDCS 2002 Workshops.
AMQP, Message Broker Babu Ram Dawadi. overview Why MOM architecture? Messaging broker like RabbitMQ in brief RabbitMQ AMQP – What is it ?
Information-Centric Networks Section # 10.2: Publish/Subscribe Instructor: George Xylomenos Department: Informatics.
25 April Unified Cryptologic Architecture: A Framework for a Service Based Architecture Unified Cryptologic Architecture: A Framework for a Service.
Copyright © Hans-Arno Jacobsen DRDC-UofT Workshop, 2010 Information Infrastructure for Situational Awareness and Systems Integration Hans-Arno Jacobsen.
Optimizing BPM Through SLAs & Event Monitoring
Distributed Automatic Service Composition in Large-Scale Systems Songlin Hu*, Vinod Muthusamy +, Guoli Li +, Hans-Arno Jacobsen + * Chinese Academy of.
Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption.
MIDDLEWARE SYSTEMS RESEARCH GROUP MSRG.ORG Distributed Ranked Data Dissemination in Social Networks Joint work with: Mo Sadoghi Vinod Muthusamy Hans-Arno.
Community Clustering in Distributed Publish/Subscribe System Wei Li 1,2,Songlin Hu 1, Jintao Li 1, Hans-Arno Jacobsen 3 1 Institute of Computing Technology,
Stream SQL, Rules, Subscriptions: It’s All The Same Hans-Arno Jacobsen Bell University Laboratory Chair Middleware Systems Research Group University of.
Web Services Security Standards Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.
Congestion Avoidance with Incremental Filter Aggregation in Content-Based Routing Networks Mingwen Chen 1, Songlin Hu 1, Vinod Muthusamy 2, Hans-Arno Jacobsen.
Design of a Notification Engine for Grid Monitoring Events and Prototype Implementation Natascia De Bortoli INFNGRID Technical Board Bologna Feb.
AMSA TO 4 Advanced Technology for Sensor Clouds 09 May 2012 Anabas Inc. Indiana University.
1 Towards Scalable Pub/Sub Systems Shuping Ji 1, Chunyang Ye 2, Jun Wei 1 and Arno Jacobsen 3 1 Chinese Academy of Sciences 2 Hainan University 3 Middleware.
Miklós Zoltán Technical University of Vienna Distributed Systems Group
Navneet Kumar Pandey1 Stéphane Weiss1 Roman Vitenberg1
Composite Subscriptions in Content-based Pub/Sub Systems
Foundations for Highly-Available Content-based Publish/Subscribe Overlays Young Yoon, Vinod Muthusamy and Hans-Arno Jacobsen.
Message Queuing.
Indirect Communication Paradigms (or Messaging Methods)
Indirect Communication Paradigms (or Messaging Methods)
Presentation transcript:

MIDDLEWARE SYSTEMS RESEARCH GROUP Middleware A Policy Management Framework for Content-based Publish/Subscribe Middleware Hans-Arno Jacobsen Department of Electrical and Computer Engineering & Department of Computer Science University of Toronto v1.1 Joint work with Alex Wun.

2 Logistics Retailer Manufacturer Supplier/Distributor RFID Tracking Sensor Network Management Business Activity Monitoring SLA Monitoring Content-based Publish/Subscribe (CPS)

The PADRES Project Acknowledgements

4 B B B S S P B P B input queue output queue dest2 output queue dest3 dest1 dest2 dest3 P S = publisher = subscriber subscriptiondest Matching Engine Routing Table + temperature > 37 dest2 temperature > 40 dest3 Publications temperature = 38temperature = 42temperature = 36 A Pub/Sub Message Broker

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Content-based Publish/Subscribe Many additional application-specific features often needed  Security  Message transformation  System debugging & message tracing Application integration  Different requirements from diverse applications must co-exist on same running infrastructure

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Content-based Policy Framework Policy Framework  Flexible: separates application requirements from infrastructure mechanisms  Dynamic: change behavior of running system Content-based Policy Framework  Leverage content-based matching to achieve expressive, low overhead policies  More coupled with CPS systems  More efficient than generic policy layer

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Contributions and Presentation Agenda Novel policy model for CPS systems  Focus on post-matching policy model Implementation of policy framework for CPS systems  Focus on policy mechanisms  Not interested in developing policy language or syntax Interesting new features enabled by our policy framework  Qualitative validation of approach using application scenarios Performance overhead experimental results  Quantitative validation of approach

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Post-matching Policy Model In terms of Event-Condition-Action rules: When content-based match occurs If additional policy condition(s) satisfied then Perform Action1 …. ActionN

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Post-matching Policy Model Given a message M, matching algorithm computes: Filter (Subscription, Advertisement) Associated Policy Statement Policies T 1 … T n are applied to M M is a publication, contains subscriptions and advertisements M is a subscription, contains advertisements

10 Message Associated Policy Policies Applied on Injection

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Policy Composition Publication space: [(a 1,x 1 ), …,(a N,x N )] Require Authentication Append Debugging Info. Trim Attributes S 1 = [(a 1 > T 1 )] : AuthenticateSender() S 2 = [(a 1 T 2 )] : AppendDebug(…) S 3 = [(a1 T 4 )] : TrimAttributes()

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware API with Policy Support publish/subscribe/advertise(Message, PolicyStatement) setPolicy(MessageID, PolicyStatement) PolicyStatement { On(MessageType) { [Overlay location type] If Then Elseif Then … } … }

MIDDLEWARE SYSTEMS RESEARCH GROUP Middleware Policy Framework Validation Scenarios Enabling policies for  Security  CPS Semantics

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Content-based Firewall On(Publication) Routing If {} Then {BlockMessage()} } Subscription-associated policy: (applied to publications) Acts like negation subscription Firewall

15 Content-based Firewall Individual Subscriptions Merged Subscription External Firewall BrokerInternal Firewall Broker

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Authentication On(Publication) Ingress,Routing,Egress If {AuthenticateReceiver(group1)} Then{} Elseif {} Then {BlockMessage()} } Shared group secret K g. Brokers either exchange via public/private key mechanisms or are bootstrapped with K g. B G1 B B P Advertisement-associated policy: Uncontrolled advertisement and subscription propagation Controlled publication injection, routing, and delivery

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Authentication On(Subscription) Ingress,Routing If {AuthenticateReceiver(group1) && AuthenticateSender(group1)} Then{} Elseif {} Then {BlockMessage()} } Shared group secret K g. Brokers either exchange via public/private key mechanisms or are bootstrapped with K g. B G1 B B S Advertisement-associated policy: Controlled subscription injection and routing S

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Notification Semantics On(Publication) Egress If {} Then {TrimAttributes(…), ToXML()} } SS P 1 = [(a,1)(b,2)(c,3)] P 1 ’= [(a,1)] P 2 ’= [(b,4),(c,3)] P 2 = [(a,9)(b,4)(c,3)] P 1 ’= [(a,1),(b,2)] P 2 ’= 1 4 Subscription-associated policy: Subscribers have fine-grained control over format of delivered publications

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Meta-Events On(Subscription) Ingress If {AuthenticateSender(group1)} Then {} Elseif {} Then {Publish(“[class,UnauthorizedSubscribe], [message,$message], [brokerID,$brokerID]”)} } Advertisement-associated policy: Self-generated event by system in response to unauthorized subscription injection B1 S S S = [(class = UnauthorizedSubscribe), (brokerID = B1)]

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Healthcare Example “Doctors with appropriate specialties may only enter prescriptions for their own patients in their designated ward when they are on shift. If they try to write prescriptions in violation, a notification to be sent to the chief physician” Features used  Check doctor qualifications (authentication)  Check registration and shift status (authorization)  Report violations (meta-events)

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Healthcare Example S Hospital Ward Access Point P Chief Physician Healthcare Broker Network [(class = Violation), (type = prescription)] [(class = Prescription), (doctor = *),(patient = *), (drug = *),(ward = x)] Advertise Policy Subscribe On(Publication) Ingress If {CanPrescribe($doctor) && Registered($doctor,$patient) && OnShift($doctor,$ward)} Then {} Elseif {} Then {Publish(“[class,Violation], [type,prescription], [doctor,$doctor],…”)}}

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Performance Overhead Setup Publication policy attached to subscriptions: On(Publication) Egress If {} Then {Augment($Delay)} } Subscription policy attached to advertisements: On(Advertisement) Ingress,Routing If {} Then {BlockMessage()} } On(Subscription) Ingress,Routing If {} Then {Flood()}} Each run: 1000 Subscriptions (avg. 4 predicates – Poisson distribution) 1000 Publications (all attributes) ~20 Advertisements From 0% to 100% of Subscriptions/Advertisements associated with policies

23 Performance Overhead Publication Policy Subscription Policy

RESEARCH GROUP MIDDLEWARE SYSTEMS Conclusions Applications have diverse feature requirements on messaging middleware  Security  Message transformations  System debugging Policies can leverage content-based publish/subscribe matching algorithms (Post-matching policies)  Flexible and expressive  Enables interesting features  Low overhead Thank You - Questions?

MIDDLEWARE SYSTEMS RESEARCH GROUP Middleware *** Extra Slides ***

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Healthcare Example II “Only members of the finance department with titles of Director or VP can access patient billing history of more than 1 year ago” Features used  Historic data access (supported by PADRES)  Role-Based Access Control (authentication)  Data privacy (notification trimming) Alternative: content encryption

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Healthcare Example II S Patient Database Client P Patient Info Access Point Healthcare Broker Network [(class = Historic), (patient = x),(date after y)] [(class = Historic), (patient = *),(billing_info = *), (medical_info = *),(date = *)] Advertise Policy Subscribe On(Publication) always If {AuthenticateReceiver(Director) || AuthenticateReceive(VP)} Then {} Elseif {DateBefore($now-1year)} Then {Trim(billing_info)}} P

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Security Zones and Privacy Authentication: Control message propagation Message Transformation: Restrict attribute visbility Meta-Events: Monitor unauthorized subscriptions

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Authentication

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Notification Semantic

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Policy Composition Publications of the form: [(class,C),(a 1,x 1 ),…,(a N,x N )] If class = c 1 & a 1 < T low AppendPrevHop() If class = c 1 & a 1 > T high RemoveAttrs(x 2...x N ) If class = c 2 … S 1 = [(class=c 1 ),(a 1 <T low )] : AppendPrevHop() S 2 = [(class=c 1 ),(a 1 >T high )] : RemoveAttrs(…) S 3 = [(class=c 2 )] : … Policies Subscriptions : Policy Statements

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Content-based Match Event Filters (Subscriptions, Advertisements) Message (Publication) XOXO Associated Policies

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Generic Policy Frameworks Focus on framework mechanisms and not policy language If-Then  If conditions evaluate on message content and duplicates work of CPS system  Post-matching policy model for content-based policies

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Policy Framework Architecture Advertisement Subscription Store Policy Store Policy Evaluation Policy Manager Matching Engine Previous Broker or Client Next Broker(s) or Client(s) Policy Statement Policy Rule Filter/ Message

RESEARCH GROUP MIDDLEWARE SYSTEMS Middleware Policy Statement Data Structure Policy Statement Policy Rule (on egress) A B C D E F G H If {A & B} Then {C} Elseif {D} Then {E,F} Elseif {} Then {G,H} Policy Rule (on ingress) Policy Rule (on ingress)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.