On security in publish/subscribe services: A survey

IEEE Communications Surveys and Tutorials

Volumn 17, Issue 2, 2015, Pages 966-997

  Esposito, Christian ^a   Ciampi, Mario ^a  

^a ICAR CNR   (Italy)

Author keywords

Multicast; Publish subscribe services; Security

Indexed keywords

MULTICASTING; PUBLISHING; SURVEYS;

ACADEMIC LITERATURE; EVENT NOTIFICATION; MISSION CRITICAL SYSTEMS; NON-FUNCTIONAL REQUIREMENTS; PUBLISH/SUBSCRIBE; RESEARCH EFFORTS; SECURITY; STATE OF THE ART;

MOBILE SECURITY;

EID: 84929587517     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/COMST.2014.2364616     Document Type: Review

References (217)

1. P. Eugster, P. Felber, R. Guerraoui, and A.-M. Kermarrec, "The many faces of publish/subscribe, " ACM Comput. Surveys, vol. 35, no. 2, pp. 114-131, Jun. 2003.
2. C. Esposito, M. Ciampi, and G. De Pietro, "An event-based notification approach for the delivery of patient medical information, " Inf. Syst., vol. 39, pp. 22-44, Jan. 2014.
3. M. Cinque, C. Di Martino, and C. Esposito, "On data dissemination for large-scale complex critical infrastructures, " Comput. Netw., vol. 56, no. 4, pp. 1215-1235, Mar. 2012.
4. I. Delamer and J. Lastra, "Service-oriented architecture for distributed publish/subscribe middleware in electronics production, " IEEE Trans. Ind. Informat., vol. 2, no. 4, pp. 281-294, Nov. 2006.
5. Data Distribution Service (DDS) for Real-Time Systems, OMG, Needham, MA, USA, 2007, Accessed: Sep. 2012. [Online]. Available: www.omg.org
6. Java Message Service, Sun Microsystems, Santa Clara, CA, USA, 2002, Accessed: Sep. 2012. [Online]. Available: docs.sun.com/app/docs/doc/816-5904-10
7. FuseSource, FuseSource Customers, Accessed: Jul. 2013. [Online]. Available: http://www.w3.org/TR/xmldsig-core
8. Real-Time Innovations (RTI), Industries, Sunnyvale, CA, USA, Accessed: Apr. 2013. [Online]. Available: http://www.rti.com/industries/customers.html
9. PrismTech Ltd., Industry Solutions, Tyne and Wear, U.K., Accessed: Apr. 2013. [Online]. Available: http://www.prismtech.com/opensplice/industry-solutions
10. C. Esposito, D. Cotroneo, and S. Russo, "On reliability in publish/subscribe services, " Comput. Netw., vol. 57, no. 5, pp. 1318-1343, Apr. 2013.
11. G. Muhl, L. Fiege, and P. Pietzuch, Distributed Event-Based Systems. Berlin, Germany: Springer-Verlag, 2006.
12. T. Faison, Event-Based Programming-Taking Events to the Limit. Berkeley, CA, USA: Apress, 2006.
13. CORBA Event Service Specification, OMG, Needham, MA, USA, 2001, Accessed: May 2011. [Online]. Available: www.omg.org/
14. Web Services Notification (WSN), OASIS, Burlington, MA, USA, 2006, Accessed: Sep. 2012. [Online]. Available: www.oasis-open.org/
15. Advanced Message Queueing Protocol, v1.0, 2011, Accessed: Sep. 2012. [Online]. Available: www.amqp.org
16. E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design Patterns. Reading, MA, USA: Addison-Wesley, 1995.
17. D. Riehle, "The event notification pattern-Integrating implicit invocation with object-orientation, " Theor. Pract. Obj. Syst., vol. 2, no. 1, pp. 43-52, 1996.
18. D. Garlan and D. Notkin, "Formalizing design spaces: Implicit invocation mechanisms, " in Proc. 4th Int. Symp. VDM Europe Formal Softw. Develop., vol. 551, Volume I, Lecture Notes in Computer Science, 1991, pp. 31-44.
19. D. Schmidt, M. Stal, H. Rohnert, and F. Buschmann, Pattern-Oriented Software Architecture: Patterns for Concurrent and Networked Objects. Hoboken, NJ, USA: Wiley, 2000.
20. F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, and M. Stal, Pattern-Oriented SoftwareArchitecture:ASystem ofPatterns. Hoboken, NJ, USA: Wiley, 1996.
21. F. Buschmann, K. Henney, and D. Schmidt, Pattern-Oriented Software Architecture: A Pattern Language for Distributed Computing. Hoboken, NJ, USA: Wiley, 2007.
22. B. Grone, "Conceptual patterns, " in Proc. 13th Annu. IEEE Int. Symp. Workshop Eng. Comput. Based Syst., 2006, pp. 241-246.
23. T. Schlossnagle, Scalable Internet Architectures. Indianapolis, IN, USA: Sams, 2006.
24. B. Oki, M. Pfluegl, A. Siegel, and D. Skeen, "The information bus: An architecture for extensible distributed systems, " ACM SIGOPS Oper. Syst. Rev., vol. 27, no. 5, pp. 58-68, Dec. 1993.
25. P. Eugster, "Type-based publish/subscribe: Concepts and experiences, " ACM Trans. Programm. Lang. Syst., vol. 29, no. 1, pp. 1-50, Jan. 2007.
26. D. Rosenblum and A.Wolf, "A design framework for internet-scale event observation and notification, " ACM SIGSOFT Softw. Eng. Notes, vol. 22, no. 6, pp. 344-360, Nov. 1997.
27. R. Baldoni, L. Querzoni, S. Tarkoma, and A. Virgillito, "Distributed event routing in publish/subscribe systems, " in Middleware for Network Eccentric and Mobile Applications. Berlin, Germany: Springer-Verlag, 2009, pp. 219-244.
28. A. Carzaniga, M. Papalini, and A. Wolf, "Content-based publish/subscribe networking and information-centric networking, " in Proc. ACM SIGCOMM Workshop Inf.-Centric Netw., Aug. 2011, pp. 56-61.
29. J. Martins and S. Duarte, "Routing algorithms for content-based publish/subscribe systems, " IEEE Commun. Surveys Tuts., vol. 12, no. 1, pp. 39- 58, 2010.
30. K. Obraczka, "Multicast transport protocols: A survey and taxonomy, " IEEE Commun. Mag., vol. 36, no. 1, pp. 94-102, Jan. 1998.
31. C. K. Yeo, B. S. Lee, and M. H. Er, "A survey of application level multicast techniques, " Comput. Commun., vol. 27, no. 15, pp. 1547- 1568, Sep. 2004.
32. M. Hosseini, D. Tanvir, S. Shimohammadi , and N. D. Georganas, "A survey of application-layer multicast protocols, " IEEE Commun. Surveys Tuts., vol. 9, no. 3, pp. 58-74, 2007.
33. Y. Chu, S. G. Rao, S. Seshan, and H. Zhang, "A case for end system multicast, " IEEE J. Sel. Areas Commun., vol. 20, no. 8, pp. 1456-1471, Oct. 2002.
34. S. Deering and D. Cheriton, "Multicast routing in datagram internetworks and extended LANs, " ACM Trans. Comput. Syst., vol. 8, no. 2, pp. 85-100, May 1990.
35. S. Deering et al., "The PIM architecture for wide-area multicast routing, " IEEE/ACM Trans. Netw., vol. 4, no. 2, pp. 784-803, Apr. 1997.
36. J. Kurian and K. Sarac, "A survey on the design, applications, enhancements of application-layer overlay networks, " ACM Comput. Surveys, vol. 43, no. 1, pp. 5:1-5:34, Nov. 2010.
37. N. Magharei, R. Rejaie, and Y. Guo, "Mesh or multiple-tree: A comparative study of live P2P streaming approaches, " in Proc. 26th IEEE Int. Conf. Comput. Commun., May 2007, pp. 1424-1432.
38. G. V. Chockler, I. Keidar, and R. Vitenberg, "Group communication specifications: A comprehensive study, " ACM Comput. Surveys, vol. 33, no. 4, pp. 427-469, Dec. 2001.
39. A. Carzaniga, D. Rosenblum, and A. Wolf, "Design and evaluation of a wide-area event notification service, " ACMTrans. Comput. Syst., vol. 19, no. 3, pp. 332-383, Aug. 2001.
40. M. Castro, P. Drushel, A. Kermarec, and A. Rowstrom, "Scribe: A largescale and decentralized application-level multicast infrastructure, " IEEE J. Sel. Areas Commun., vol. 20, no. 8, pp. 1489-1499, Oct. 2004.
41. W. Stallings, Network Security Essentials-Applications and Standards, 4th ed. Upper Saddle River, NJ, USA: Prentice-Hall, 2010.
42. B. Schneier, Applied Cryptography: Protocols, Algorithms, Source Code in C, 2nd ed. Hoboken, NJ, USA: Wiley, 1996.
43. W. M. Petullo, X. Zhang, J. A. Solworth, D. J. Bernstein, and T. Lange, "Minimalt: Minimal-latency networking through better security, " in Proc. ACM SIGSAC Conf. Comput. Commun. Security, 2013, pp. 425- 438, Accessed: Jul. 2013. [Online]. Available: http://eprint.iacr.org/
44. A. A. Hasib and A. Haque, "A comparative study of the performance and security issues of aes and rsa cryptography, " in Proc. 3rd Int. Conf. Convergence Hybrid Inf. Technol., Nov. 2008, vol. 2, pp. 505-510.
45. S. Goldwasser and S. Micali, "Probabilistic encryption, " J. Comput. Syst. Sci., vol. 28, no. 2, pp. 270-299, Apr. 1984.
46. P. Paillier, "Public-key cryptosystems based on composite degree residuosity classes, " in Proc. 17th Int. Conf. Theory Appl. Cryptogr. Tech., 1999, pp. 223-238.
47. C. Fontaine and F. Galand, "A survey of homomorphic encryption for nonspecialists, " EURASIP J. Inf. Security, vol. 2007, no. 1, pp. 013801:1-013801:15, Jan. 2007.
48. A. Shamir, "Identity-based cryptosystems and signature schemes, " in Advances in Cryptology, Lecture Notes in Computer Science, vol. 196. Berlin, Germany: Springer-Verlag, 1985, pp. 47-53.
49. P. Barreto, H.Kim, B.Lynn, andM. Scott, "Efficient algorithms for pairingbased cryptosystems, " in Proc. 22ndAnnu. Int.Cryptol.Conf.Adv.Cryptol., vol. 2442, Lecture Notes in Computer Science, 2002, pp. 354-369.
50. F. Zhang, R. Safavi-Naini, andW. Susilo, "An efficient signature scheme from bilinear pairings and its applications, " in Proc. PKC, vol. 2947, Lecture Notes in Computer Science, 2004, pp. 277-290.
51. V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-based encryption for fine-grained access control of encrypted data, " in Proc. 13th ACM Conf. Comput. Commun. Security, 2006, pp. 89-98.
52. D. Song, D. Wagner, and A. Perrig, "Practical techniques for searches on encrypted data, " in Proc. IEEE Symp. Security Privacy, 2000, pp. 44-55.
53. C. Gentry, "Fully homomorphic encryption using ideal lattices, " in Proc. 41st ACM Symp. Theory Comput., May/Jun. 2009, pp. 169-178.
54. C. Dong, G. Russello, and N. Dulay, "Shared and searchable encrypted data for untrusted servers, " in Proc. 22nd Annu. IFIP WG 11.3 Work. Conf. Data Appl. Security, 2008, pp. 127-143.
55. M. O'Brien and G. Weir, "Understanding digital certificates, " in Proc. 2nd Int. Conf. Cybercrime Forensics Educ. Training, London, U.K., Sep. 2008, pp. 1-9.
56. ISO/IEC13888-3:2009-InformationTechnology-SecurityTechniques- Non-Repudiation-Part 3: Mechanisms Using Asymmetric Techniques, ISO/IEC JTC 1/SC 27, 2009, Accessed: Jul. 2014. [Online]. Available: http://www.iso.org/iso/home/store/catalogue-tc/catalogue-detail.htm? csnumber=44735
57. R. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems, " Commun. ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.
58. R. Cramer and V. Shoup, "Signature schemes based on the strong RSA assumption, " ACM Trans. Inf. Syst. Security, vol. 3, no. 3, pp. 161-185, Aug. 2000.
59. T. E. Gamal, "Apublic key cryptosystem and a signature scheme based on discrete logarithms, " in Proc.CRYPTO84Adv.Cryptol., 1985, pp. 10-18.
60. W. Stallings, Cryptography and Network Security: Principles and Practice, 6th ed. Upper Saddle River, NJ, USA: Prentice-Hall, 2013.
61. M. J. Wiener, "Performance comparison of public-key cryptosystems, " RSA Crypto Bytes, vol. 4, no. 1, pp. 1-5, 1998.
62. R. Merkle, "A certified digital signature, " in Proc. Adv. Cryptol., 1989, pp. 218-238.
63. S. Rohde, T. Eisenbarth, E. Dahmen, J. Buchmann, and C. Paar, "Fast hash-based signatures on constrained devices, " in Smart Card Research and Advanced Applications, vol. 5189, Lecture Notes in Computer Science. Berlin, Germany: Springer-Verlag, 2008, pp. 104-117.
64. G. Ateniese, D. Chou, B. de Medeiros, and G. Tsudik, "Sanitizable signatures, " in Proc. Eur. Symp. Res. Comput. Security, vol. 3679, Lecture Notes in Computer Science, 2005, pp. 159-177.
65. C. Brzuska et al., "Security of sanitizable signatures revisited, " in Proc. 12th Int. Conf. Pract. Theory Public Key Cryptogr., Mar. 2009, pp. 317-336.
66. M. Suzuki, T. Isshiki, and K. Tanaka, Sanitizable signature with secret information, Tokyo Inst. Technol., Tokyo, Japan, Accessed: Jul. 2014.
67. [Online]. Available: http://www.is.titech.ac.jp/research/research-report/C/C-215.pdf
68. H. Meijer and S. Akl, "Digital signature schemes for computer communication networks, " ACM SIGCOMM Comput. Commun. Rev., vol. 11, no. 4, pp. 37-41, Oct. 1981.
69. M. van Dijk, L. F. G. Sarmenta, C.W. O'Donnell, and S. Devadas, "Proof of freshness: How to efficiently use an online single secure clock to secure shared untrusted memory, " MIT, Cambridge, MA, USA, 2006, Accessed: Jul. 2014. [Online]. Available: http://csg.csail.mit.edu/pubs/memos/Memo-496/memo496.pdf
70. H. Kopetz and W. Ochsenreiter, "Clock synchronization in distributed real-time systems, " IEEE Trans. Comput., vol. C-36, no. 8, pp. 933-940, Aug. 1987.
71. R. Baldoni, A. Corsaro, L. Querzoni, S. Scipioni, and S. Piergiovanni, "Coupling-based internal clock synchronization for large-scale dynamic distributed systems, " IEEE Trans. Parallel Distrib. Syst., vol. 21, no. 5, pp. 607-619, May 2010.
72. S. Kremer, O.Markowitch, and J. Zhou, "An intensive survey of fair nonrepudiation protocols, " Comput. Commun., vol. 25, no. 17, pp. 1606- 1621, Nov. 2002.
73. M. Mambo and E. Okamoto, "Proxy cryptosystems: Delegation of the power to decrypt ciphertexts, " IEICE Trans. Fundam. Electron., Commun. Comput. Sci., vol. 80, no. 1, pp. 54-63, Jan. 1997.
74. M. Jakobsson, "On quorum controlled asymmetric proxy re-encryption, " in Proc. 2nd Int. Workshop Pract. Theory Public Key Cryptogr., vol. 1560, Lecture Notes in Computer Science, 1999, pp. 112-121.
75. G. Ateniese, K. Fu, M. Green, and S. Hohenberger, "Improved proxy re-encryption schemes with applications to secure distributed storage, " ACM Trans. Inf. Syst. Security, vol. 9, no. 1, pp. 1-30, Feb. 2006.
76. A. Ivan and Y. Dodis, "Proxy cryptography revisited, " in Proc. Netw. Distrib. Syst. Security Symp., 2003, pp. 1-20.
77. J. Torres, M. Nogueira, and G. Pujolle, "A survey on identity management for the future network, " IEEE Commun. Surveys Tuts., vol. 15, no. 2, pp. 787-802, 2013.
78. J. Lopez, R. Oppliger, and G. Pernul, "Authentication and Authorization Infrastructures (aais): A comparative survey, " Comput. Security, vol. 23, no. 7, pp. 578-590, Oct. 2004.
79. R. Housley, W. Polk, W. Ford, and D. Solo, Internet x.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, Accessed: Jul. 2013. [Online]. Available: http://www.ietf.org/rfc/rfc3280.txt
80. S. Cantor, J. Kemp, R. Philpott, and E. Maler, Assertions and Protocols for the Oasis Security Assertion Markup Language (SAML) V2.0- OASIS Standard, Accessed: Jul. 2013. [Online]. Available: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
81. Y. Cao and L. Yang, "A survey of identity management technology, " in Proc. IEEE Int. Conf. Inf. Theory Inf. Security, Dec. 2010, pp. 287-293.
82. A Guide to Understanding Discretionary Access Control in Trusted Systems, National Computer Security Center (NCSC), Jul. 2013. [Online]. Available: http://fas.org/irp/nsa/rainbow/tg003.htm
83. D. Ferraiolo, D. Kuhn, and R. Chandramouli, Role-Based Access Control, 2nd ed. Norwood, MA, USA: Artech House, Jan. 2007, Print on Demand.
84. T. Priebe, E. Fernandez, J. Mehlau, and G. Pernul, "A pattern system for access control, " in Proc. 18th Annu. IFIP WG 11.3 Work. Conf. Data Appl. Security, Jul. 2004, pp. 235-249.
85. L. Zhi, W. Jing, C. Xiao-su, and J. Lian-Xing, "Research on policybased access control model, " in Proc. Int. Conf. Netw. Security, Wireless Commun. Trusted Comput., 2009, vol. 2, pp. 164-167.
86. T. Moses, eXtensible Access Control Markup Language (XACML)- OASIS Standard, Accessed: Jul. 2013. [Online]. Available: http://docs.oasis-open.org/xacml/2.0/access-control-xacml-2.0-core-spec-os.pdf
87. S. Bistarelli, F. Martinelli, and F. Santini, "A formal framework for trust policy negotiation in autonomic systems: Abduction with soft constraints, " in Proc. 7th Int. Conf. Auton. Trusted Comput., 2010, pp. 268-282.
88. Integrating the Healthcare Enterprise (IHE), Access Control, Accessed: Jul. 2013. [Online]. Available: http://www.ihe.net/Technical-Framework/upload/IHE-ITI-TF-WhitePaper-AccessControl-2009-09-28.pdf
89. D. DeCouteau, M. Davis, and D. Staggs, Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version 1.0-OASIS Standard, Accessed: Jul. 2013. [Online]. Available: http://docs.oasis-open.org/xacml/xspa/v1.0/xacml-xspa-1.0-cs02.html
90. P. T. Eugster, R. Guerraoui, A.-M. Kermarrec, and L. Massoulié, "Epidemic information dissemination in distributed systems, " IEEE Comput., vol. 37, no. 5, pp. 60-67, May 2004.
91. P. Costa, M. Migliavacca, G. Picco, and G. Cugola, "Epidemic algorithms for reliable content-based publish-subscribe: An evaluation, " in Proc. 24th IEEE Int. Conf. Distrib. Comput. Syst., Mar. 2004, pp. 552-561.
92. H. Li et al., "Bar gossip, " in Proc. 7th Symp. Oper. Syst. Des. Implementation, 2006, pp. 191-204.
93. Glossary of Key Information Security Terms, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA, Apr. 2006. [Online]. Available: http://csrc.nist.gov/publications/
94. National Information Assurance Glossary, Committee on National Security Systems, Fort Meade, MD, USA, Apr. 2010. [Online]. Available: http://www.cnss.gov/Assets/pdf/cnssi-4009.pdf
95. I. Sommerville, Software Engineering. Reading, MA, USA: Addison- Wesley, 2004.
96. E. Jonsson and T. Olovsson, "On the integration of security and dependability in computer systems, " in Proc. IASTED Int. Conf. Rel., Qual. Control Risk Assess., Nov. 1992, pp. 93-97.
97. A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, "Basic concepts and taxonomy of dependable and secure computing, " IEEE Trans. Dependable Secure Comput., vol. 1, no. 1, pp. 11-33, Jan.-Mar. 2004.
98. L. Lamport, R. Shostak, and M. Pease, "The byzantine generals problem, " ACM Trans. Programm. Lang. Syst., vol. 4, no. 3, pp. 382-401, Jul. 1982.
99. C. Tiancheng and H. Meling, "Byzantine fault-tolerant publish/subscribe: A cloud computing infrastructure, " in Proc. 31st IEEE Symp. Rel. Distrib. Syst., 2012, pp. 454-456.
100. M. Merideth et al., "Thema: Byzantine-fault-tolerant middleware for web-service applications, " in Proc. 24th IEEE Symp. Rel. Distrib. Syst., 2005, pp. 131-140.
101. C. Wang, A. Carzaniga, D. Evans, and A. Wolf, "Security issues and requirements for internet-scale publish-subscribe systems, " in Proc. 35th Annu. Hawaii Int. Conf. Syst. Sci., Jan. 2002, vol. 9, pp. 7-10.
102. D. Gollmann, "Facets of security, " in Global Computing. Programming Environments, Languages, Security, Analysis of Systems, vol. 2874, Lecture Notes in Computer Science. Berlin, Germany: Springer-Verlag, 2003, pp. 192-202.
103. J. Zhou and D. Gollmann, "Evidence and non-repudiation, " J. Netw. Comput. Appl., vol. 20, no. 3, pp. 267-281, Jul. 1997.
104. K.-Y. Lam and D. Gollmann, "Freshness assurance of authentication protocols, " in Proc. Comput. Security-ESORICS, vol. 648, Lecture Notes in Computer Science, 1992, pp. 261-271.
105. J. Zhou and R. Deng, "On the validity of digital signatures, " ACM SIGCOMM Comput. Commun. Rev., vol. 30, no. 2, pp. 29-34, Apr. 2000.
106. L. Hollaar and A. Asay, "Legal recognition of digital signatures, " IEEE Micro, vol. 16, no. 3, pp. 44-45, Jul. 1996.
107. A. Rowstrom and P. Drushel, "Pastry: Scalable, decentralized object localization and routing for large-scale peer-to-peer systems, " in Proc. IFIP/ACM Int. Conf. Distrib. Syst. Platforms, vol. 2218, Lecture Notes in Computer Science, Nov. 2001, pp. 329-351.
108. S. Banerjee and B. Bhattacharjee, "Scalable secure group communication over ip multicast, " IEEE J. Sel. Areas Commun., vol. 20, no. 8, pp. 1511-1527, Oct. 2002.
109. R. Atkinson, "Toward a more secure internet, " IEEE Comput., vol. 30, no. 1, pp. 57-61, Jan. 1997.
110. G. Urdaneta, G. Pierre, and M. V. Steen, "A survey of dht security techniques, " ACM Comput. Surveys, vol. 43, no. 2, pp. 8:1-8:49, Feb. 2011.
111. H.-A. Jacobsen et al., "The PADRES publish/subscribe system, " in Handbook of Research on Advanced Distributed Event-Based Systems, Publish/Subscribe and Message Filtering Technologies. Hershey, PA, USA: IGI Global, 2009.
112. A. Wun, A. Cheung, and H.-A. Jacobsen, "A taxonomy for denial of service attacks in content-based publish/subscribe systems, " in Proc. Inaugural Int. Conf. Distrib. Event-Based Syst., Jun. 2007, pp. 116-127.
113. P. Judge and M. Ammar, "Security issues and solutions in multicast content distribution: A survey, " IEEE Netw., vol. 17, no. 1, pp. 30-36, Jan./Feb. 2003.
114. L. Opyrchal and A. Prakash, "Secure distribution of events in contentbased publish subscribe systems, " in Proc. 10th USENIX Security Symp., Aug. 2001, pp. 1-16.
115. Z. Miklos, "Towards an access control mechanism for wide-area publish/subscribe systems, " in Proc. 22nd Int. Conf. Distrib. Comput. Syst. Workshops, 2002, pp. 516-521.
116. Y. Yan et al., "Implementing a prototype of the security framework for distributed brokering systems, " in Proc. Int. Conf. Security Manage., 2003, pp. 212-218.
117. S. Pallickara and G. Fox, "Naradabrokering: A distributed middleware framework and architecture for enabling durable peer-to-peer grids, " in Proc. ACM/IFIP/USENIX Int. Conf. Middleware, 2003, pp. 41-61.
118. S. Pallickara et al., "A framework for secure end-to-end delivery of messages in publish/subscribe systems, " in Proc. 7th IEEE/ACM Int. Conf. Grid Comput., 2006, pp. 215-222.
119. A. Belokosztolszki, D. Eyers, P. Pietzuch, J. Bacon, and K. Moody, "Role-based access control for publish/subscribe middleware architectures, " in Proc. 2nd Int. Workshop Distrib. Event-Based Syst., 2003, pp. 1-8.
120. P. Pietzuch and J. Bacon, "Hermes: A distributed event-based middleware architecture, " in Proc. 22nd Int. Conf. Distrib. Comput. Syst. Workshops, 2002, pp. 611-618.
121. L. Pesonen, D. Eyers, and J. Bacon, "A capability-based access control architecture for multi-domain publish/subscribe systems, " in Proc. Int. Symp. Appl. Internet, 2007, pp. 222-228.
122. L. Pesonen, D. Eyers, and J. Bacon, "Access control in decentralised publish/subscribe systems, " J. Netw., vol. 2, no. 2, pp. 57-67, Apr. 2006.
123. B. Shand et al., "Security policy and information sharing in distributed event-based systems, " in Reasoning in Event-Based Distributed Systems, vol. 347. Berlin, Germany: Springer-Verlag, 2011, pp. 151-172.
124. L. Fiege, A. Zeidler, A. Buchmann, R. K. Kehr, and G. Mühl, "Security aspects in publish/subscribe systems, " in Proc. 3rd Int. Workshop Distrib. Event-Based Syst., 2004, pp. 44-49.
125. H. Parzyjegla, D. Graff, A. Schröter, J. Richling, and G. Mühl, "Design and implementation of the rebeca publish/subscribe middleware, " in From Active Data Management to Event-Based Systems and More. Berlin, Germany: Springer-Verlag, 2010, pp. 124-140.
126. H. Khurana, "Scalable security and accounting services for contentbased publish/subscribe systems, " in Proc. ACM Symp. Appl. Comput., 2005, pp. 801-807.
127. C. Raiciu and D. Rosenblum, "Enabling confidentiality in contentbased publish/subscribe infrastructures, " in Proc. Securecomm Workshops, 2006, pp. 1-11.
128. Y. Zhao and D. Sturman, "Dynamic access control in a content-based publish/subscribe system with delivery guarantees, " in Proc. 26th IEEE Int. Conf. Distrib. Comput. Syst., 2006, pp. 1-8.
129. R. Strom et al., "Gryphon: An information flow based approach to message brokering, " in Proc. Int. Symp. Softw. Rel. Eng., Paderborn, Germany, 1998, pp. 1-2.
130. G. Padmavathi and S. Annadurai, "A security framework for contentbased publish-subscribe system, " J. Electron. Commerce Res. Appl., vol. 5, no. 1, pp. 78-90, Jul. 2006.
131. A. Corman, P. Schachte, and V. Teague, "Quip: A protocol for securing content in peer-to-peer publish/subscribe overlay networks, " in Proc. 30th Australasian Conf. Comput. Sci., 2007, vol. 62, pp. 35-40.
132. M. Srivatsa and L. Liu, "Secure event dissemination in publishsubscribe networks, " in Proc. 27th Int. Conf. Distrib. Comput. Syst., 2007, pp. 1-8.
133. M. Srivatsa, L. Liu, and A. Iyengar, "Eventguard: A system architecture for securing publish-subscribe networks, " ACM Trans. Comput. Syst., vol. 29, no. 4, pp. 10:1-10:40, Dec. 2011.
134. W. Wong, F. Verdi, and F. Magalhães, "A security plane for publish/subscribe based content oriented networks, " in Proc. ACM CoNEXT Conf., 2008, pp. 45:1-45:2.
135. A. Shikfa, M. Onen, and R. Molva, "Privacy-preserving content-based publish/subscribe networks, " in Proc. Emerging Challenges Security, Privacy Trust-24th IFIP TC 11 Int. Inf. Security Conf., May 2009, pp. 270-282.
136. W. Chen, J. Jiang, and N. Skocik, "On the privacy protection in publish/subscribe systems, " in Proc. IEEE Int. Conf. Wireless Commun., Netw. Inf. Security, 2010, pp. 597-601.
137. T.-H. Yuen, W. Susilo, and Y. Mu, "Towards a cryptographic treatment of publish/subscribe systems, " in Cryptology and Network Security, vol. 6467, Lecture Notes in Computer Science. Berlin, Germany: Springer-Verlag, 2010, pp. 201-220.
138. S. Choi, G. Ghinita, and E. Bertino, "A privacy-enhancing content-based publish/subscribe system using scalar product preserving transformations, " in Proc. 21st Int. Conf. Database Expert Syst. Appl. I, 2010, pp. 368-384.
139. M. Ion, G. Russello, and B. Crispo, "Design and implementation of a confidentiality and access control solution for publish/subscribe systems, " Comput. Netw., vol. 56, no. 7, pp. 2014-2037, May 2012.
140. M. Nabeel, N. Shang, and E. Bertino, "Efficient privacy preserving content based publish subscribe systems, " in Proc. 17th ACM Symp. Access Control Models Technol., Jun. 2012, pp. 133-144.
141. M. Nabeel, S. Appel, E. Bertino, and A. Buchmann, "Privacy preserving context aware publish subscribe systems, " in Network and System Security, vol. 7873, Lecture Notes in Computer Science. Berlin, Germany: Springer-Verlag, 2013, pp. 465-478.
142. A. Fongen and F. Mancini, "Identity management and integrity protection in publish-subscribe systems, " in Policies and Research in Identity Management, vol. 396. Berlin, Germany: Springer-Verlag, 2013, pp. 68-82.
143. M. Tariq, B. Koldehofe, and K. Rothermel, "Securing broker-less publish/subscribe systems using identity-based encryption, " IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 2, pp. 518-528, Feb. 2014.
144. L. Fiege, M. Mezini, G. Mühl, and A. Buchmann, "Engineering eventbased systems with scopes, " in Proc. 16th Eur. Conf. Object-Oriented Programm., 2002, pp. 309-333.
145. S. Farrell and R. Housley, An Internet Attribute Certificate Profile for Authorization, Accessed: Jul. 2013. [Online]. Available: http://www.ietf.org/rfc/rfc3281.txt
146. J. Bethencourt, A. Sahai, and B.Waters, "Ciphertext-policy attribute-based encryption, " in Proc. IEEE Symp. Security Privacy, 2007, pp. 321-334.
147. J. Bacon, K. Moody, and W. Yao, "A model of oasis role-based access control and its support for active security, " ACM Trans. Inf. Syst. Security, vol. 5, no. 4, pp. 492-540, Nov. 2002.
148. A. Fongen, "Architecture patterns for a ubiquitous identity management system, " in Proc. 6th Int. Conf. Syst., Jan. 2011, pp. 66-71.
149. A. Hegland, E.Winjum, and O.-E. Hedenstad, "A framework for authentication in nbd tactical ad hoc networks, " IEEE Commun. Mag., vol. 49, no. 10, pp. 64-71, Oct. 2011.
150. S. Rafaeli and D. Hutchison, "A survey of key management for secure group communication, " ACM Comput. Surveys, vol. 35, no. 3, pp. 309- 329, Sep. 2003.
151. E.-J. Goh, "Secure indexes, " Cryptology ePrint Archive-Report 2003/216, 2003.
152. Y. Kim, A. Perrig, and G. Tsudik, "Tree-based group key agreement, " ACM Trans. Inf. Syst. Security, vol. 7, no. 1, pp. 60-96, Feb. 2004.
153. S. Mittra, "Iolus: A framework for scalable secure multicasting, " SIGCOMMComputCommun.Rev., vol. 27, no. 4, pp. 277-288, Oct. 1997.
154. C. K. Wong, M. G. Gouda, and S. S. Lam, "Secure group communications using key graphs, " IEEE/ACM Trans. Netw., vol. 8, no. 1, pp. 16- 30, Feb. 2000.
155. W.-G. Tzeng and Z.-J. Tzeng, "A public-key traitor tracing scheme with revocation using dynamic shares, " in Public Key Cryptography, vol. 1992, Lecture Notes in Computer Science. Berlin, Germany: Springer-Verlag, 2001, pp. 207-224.
156. J. Baek, R. Safavi-Naini, andW. Susilo, "Public key encryption with keyword search revisited, " in Proc. Int. Conf. Comput. Sci. Appl., vol. 5072, Lecture Notes in Computer Science, 2008, pp. 1249-1259.
157. A. Pannetrat and R. Molva, "Multiple layer encryption for multicast groups, " in Proc. IFIP TC6/TC11 6th Joint Working Conf. Commun. Multimedia Security-Adv. Commun. Multimedia Security, 2002, pp. 137-153.
158. M. Bartel, J. Boyer, B. Fox, B. L. Macchia, and E. Simon, XMLSignature Syntax and Processing, Accessed: Apr. 2013. [Online]. Available: http://fusesource.com/community/fuse-customers/
159. J. Bacon, D. Eyers, J. Singh, and P. Pietzuch, "Access control in publish/subscribe systems, " in Proc. 2nd Int. Conf. Distrib. Event-Based Syst., 2008, pp. 23-34.
160. X. Su, G. Peng, and S. Chan, "Forbid: Cope with byzantine behaviors in wireless multi-path routing and forwarding, " in Proc. IEEE Global Telecommun. Conf., 2011, pp. 1-6.
161. K. Kihlstrom, L. Moser, and P. Melliar-Smith, "The securering protocols for securing group communication, " in Proc. 31st Annu. Hawaii Int. Conf. Syst. Sci., 1998, vol. 3, pp. 317-326.
162. F. Kon et al., "Monitoring, security, dynamic configuration with the dynamic TAO reflective ORB, " in Proc. IFIP/ACM Int. Conf. Distrib. Syst. Platforms, 2000, pp. 121-143.
163. D. Povey, "Optimistic security: A new access control paradigm, " in Proc. Workshop New Security Paradigms, 2000, pp. 40-45.
164. M. Dekker and S. Etalle, "Audit-based access control for electronic health records, " Electron. Notes Theor. Comput. Sci., vol. 168, pp. 221- 236, Feb. 2007.
165. A. Brucker and H. Petritsch, "Extending access control models with break-glass, " in Proc. 14th ACM Symp. Access Control Models Technol., 2009, pp. 197-206.
166. R. Shaikh, K. Adi, L. Logrippo, and S. Mankovski, "Risk-based decision method for access control systems, " in Proc. 9th Annu. Int. Conf. Privacy, Security Trust, 2011, pp. 189-192.
167. L. Su, W. Wang, and A. Niu, "Reputation service and reputation based access control, " in Proc. Int. Conf. E-Prod. E-Serv. E-Entertain., 2010, pp. 1-4.
168. Directive 95/46/EC on the Protection of Individuals With Regard to the Processing of Personal Data and on the Free Movement of Such Data, The European Parliament and the Council of the European Union, Brussels, Belgium, 1995. Accessed: Dec. 2013. [Online]. Available: eur-lex.europa.eu/LexUriServ/LexUriServ.do? uri=CELEX:31995L0046:en:NOT
169. 42 CFR Part 59-Attachment B, U.S. Department of Health and Human Services, Washington, DC, USA, 2000, Accessed: Jan. 2014. [Online]. Available: http://www.hhs.gov/opa/title-x-family-planning/title-x-policies/program-guidelines/
170. R. Perlman, "An overview of PKI trust models, " IEEE Netw., vol. 13, no. 6, pp. 38-43, Nov. 1999.
171. X. Li, Y. R. Yang, M. Gouda, and S. Lam, "Batch rekeying for secure group communications, " in Proc. 10th Int. Conf. World Wide Web, 2001, pp. 525-534.
172. P. Lee, J.-S. Lui, and D. Yau, "Distributed collaborative key agreement and authentication protocols for dynamic peer groups, " IEEE/ACM Trans. Netw., vol. 14, no. 2, pp. 263-276, Apr. 2006.
173. M. Li, Z. Feng, N. Zang, R. Graham, and F. Yao, "Approximately optimal trees for group key management with batch updates, " Theor. Comput. Sci., vol. 410, no. 11, pp. 1013-1021, Mar. 2009.
174. B. Li, Y. Yang, Z. Lu, B. Yuan, and T. Long, "Secure distributed batch rekeying algorithm for dynamic group, " in Proc. IEEE 14th Int. Conf. Commun. Technol., Nov. 2012, pp. 664-667.
175. X. Zhang, S. Lam, D.-Y. Lee, and Y. Yang, "Protocol design for scalable and reliable group rekeying, " IEEE/ACM Trans. Netw., vol. 11, no. 6, pp. 908-922, Dec. 2003.
176. Y. Dodis, R. Gennaro, J. Håstad, H. Krawczyk, and T. Rabin, "Randomness extraction and key derivation using the CBC, cascade and HMAC modes, " in Proc. Adv. CRYPTO, vol. 3152, Lecture Notes in Computer Science, 2004, pp. 494-510.
177. A. Pour, K. Kumekawa, T. Kato, and S. Itoh, "A hierarchical group key management scheme for secure multicast increasing efficiency of key distribution in leave operation, " Comput. Netw., vol. 51, no. 17, pp. 4727-4743, Dec. 2007.
178. J.-C. Lin, K.-H. Huang, F. Lai, and H.-C. Lee, "Secure and efficient group key management with shared key derivation, " Comput. Std. Interfaces, vol. 31, no. 1, pp. 192-208, Jan. 2009.
179. S. Jarecki, K. Jihye, and G. Tsudik, "Flexible robust group key agreement, " IEEE Trans. Parallel Distrib. Syst., vol. 22, no. 5, pp. 879-886, May 2011.
180. T. Rams and P. Pacyna, "A survey of group key distribution schemes with self-healing property, " IEEE Commun. Surveys Tuts., vol. 15, no. 2, pp. 820-842, 2013.
181. S. Al-Riyami and K. Paterson, "Certificateless public key cryptography, " in Proc. Adv. ASIACRYPT, vol. 2894, Lecture Notes in Computer Science, 2003, pp. 452-473.
182. R. Tso, X. Huang, and W. Susilo, "Strongly secure certificateless short signatures, " J. Syst. Softw., vol. 85, no. 6, pp. 1409-1417, Jun. 2012.
183. J. Zhang and J. Mao, "An efficient RSA-based certificateless signature scheme, " J. Syst. Softw., vol. 85, no. 3, pp. 638-642, Mar. 2012.
184. D. Chaum and E. Heyst, "Group signatures, " in Proc. Adv. EUROCRYPT, vol. 547, Lecture Notes in Computer Science, 1991, pp. 257-265.
185. J. Camenisch and A. Lysyanskaya, "Dynamic accumulators and application to efficient revocation of anonymous credentials, " in Proc. Adv. CRYPTO, vol. 2442, Lecture Notes in Computer Science, 2002, pp. 61-76.
186. D. Boneh, X. Boyen, and H. Shacham, "Short group signatures, " in Proc. Adv. CRYPTO, vol. 3152, Lecture Notes in Computer Science, 2004, pp. 41-55.
187. S. Zhou and D. Lin, "Group signatures with reduced bandwidth, " Proc. Inst. Elect. Eng.-Inf. Security, vol. 153, no. 4, pp. 146-152, Dec. 2006.
188. R. Rivest, A. Shamir, and Y. Tauman, "How to leak a secret, " in Proc. Adv. ASIACRYPT, vol. 2248, Lecture Notes in Computer Science, 2001, pp. 552-565.
189. M. Mambo, K. Usuda, and E. Okamoto, "Proxy signatures for delegating signing operation, " in Proc. 3rd ACM Conf. Comput. Commun. Security, 1996, pp. 48-57.
190. W. Lei and L. Daxing, "An efficient id-based proxy ring signature scheme, " in Proc. WRI Int. Conf. Commun. Mobile Comput., Jan. 2009, vol. 3, pp. 560-563.
191. D. Johnson and A. Menezes, "The Elliptic Curve Digital Signature Algorithm (ECDSA), " Univ. Waterloo, Waterloo, ON, Canada, 2000, Accessed: Mar. 2014. [Online]. Available: http://cacr.uwaterloo.ca/techreports/1999/corr99-34.pdf
192. T. Cui, L. Chen, and T. Ho, "Optimization based rate control for multicast with network coding: A multipath formulation, " in Proc. 46th IEEE Conf. Decision Control, Dec. 2007, pp. 6041-6046.
193. Y. Yang, C. Zhong, Y. Sun, and J. Yang, "Network coding based reliable disjoint and braided multipath routing for sensor networks, " J. Netw. Comput. Appl., vol. 33, no. 4, pp. 422-432, Jul. 2010.
194. M. Afzaal, C. D. Sarno, L. Coppolino, S. D'Antonio, and L. Romano, "A resilient architecture for forensic storage of events in critical infrastructures, " in Proc. IEEE 14th Int. Symp. High-Assur. Syst. Eng., 2012, pp. 48-55.
195. J. Hansen and D. Siewiorek, "Models for time coalescence in event logs, " in Proc. Int. Symp. Fault-Tolerant Comput., 1992, pp. 221-227.
196. D. Tang and R. Iyer, "Analysis and modeling of correlated failures in multicomputer systems, " IEEE Trans. Comput., vol. 41, no. 5, pp. 567- 577, May 1992.
197. A. Pecchia, D. Cotroneo, Z. Kalbarczyk, and R. Iyer, "Improving logbased field failure data analysis of multi-node computing systems, " in Proc. IEEE/IFIP 41st Int. Conf. Dependable Syst. Netw., Jun. 2011, pp. 97-108.
198. R. Baldoni, R. Beraldi, L. Querzoni, and A. Virgillito, "A self-organizing crash-resilient topology management system for content-based publish/subscribe, " in Proc. Int. Workshop Distrib. Event-Based Syst., Jan. 2004, pp. 3-87.
199. E. D. Nitto, D. Dubois, and R. Mirandola, "On exploiting decentralized bio-inspired self-organization algorithms to develop real systems, " in Proc. Int. Workshop Softw. Eng. Adapt. Self-Managing Syst., May 2009, pp. 68-75.
200. C. Esposito, D. Cotroneo, and N. Silva, "Investigation on safety-related standards for critical systems, " in Proc. 1st Int. Workshop Softw. Certification, Nov. 2011, pp. 49-54.
201. G. Uchenick, "Middleware for security and safety critical systems, " in Proc. Embedded Syst. Europe, May 2006, pp. 24-26.
202. C. Esposito, S. Russo, and D. Di Crescenzo, "Performance assessment of omg compliant data distribution middleware, " in Proc. IEEE Int. Symp. Parallel Distrib. Process., Apr. 2008, pp. 1-8.
203. OMG. CORBA Notification Service Specification, ver. 1.1. Accessed: May 2011. [Online]. Available: www.omg.org/
204. OMG, CORBA Security Specifications. Accessed: December 2012. [Online]. Available: www.omg.org/
205. Information technology-Open Systems Interconnection-Security Frameworks in Open Systems-Part 4: Non-Repudiation Framework, ISO/IEC Std. Ref. 10181-4, 1996.
206. G. Castellote, "OMG data-distribution service: Architectural overview, " in Proc. 23rd Int. Conf. Distrib. Comput. Syst. Workshops, May 2003, pp. 19-22.
207. OMG, DDS Interoperability Protocol (DDSI), Needham, MA, USA, Accessed: Sep. 2012. [Online]. Available: www.omg.org
208. N. Modadugu and E. Rescorla, "The design and implementation of datagram TLS, " in Proc. Netw. Distrib. Syst. Security Symp., San Diego, CA, USA, Feb. 2004, pp. 1-7.
209. A. Melnikov and K. Zeilenga, Simple Authentication and Security Layer (SASL), Jun. 2006. [Online]. Available: http://tools.ietf.org/html/rfc4422
210. N. A. Nordbotten, "XML and web services security standards, " IEEE Commun. Surveys Tuts., vol. 36, no. 4, pp. 96-98, Apr. 2003.
211. M. Naedele, "Standards for XML and web services security, " IEEE Comput. Mag., vol. 11, no. 3, pp. 4-21, 2009.
212. D. Eastlake et al., XML Signature Syntax and Processing (Second Edition)-W3C Recommendation, Accessed: Jul. 2013. [Online]. Available: http://www.w3.org/TR/xmldsig-core/
213. D. Eastlake and J. Reagle, XML Encryption Syntax and Processing (Second Edition)-W3C Recommendation, Accessed: Jul. 2013. [Online]. Available: http://www.w3.org/TR/xmlenc-core/
214. P. Hallam-Baker and S. H. Mysore, XML Key Management Specification (XKMS 2.0)-W3C Recommendation, Accessed: Jul. 2013. [Online]. Available: http://www.w3.org/TR/xkms/
215. A. Tsalgatidou and T. Pilioura, "An overview of standards and related technology in web services, " Distrib. Parallel Databases, vol. 12, no. 1/2, pp. 135-162, Sep./Nov. 2002.
216. A. Chuvakin and G. Peterson, "Logging in the age of web services, " IEEE Security Privacy, vol. 7, no. 3, pp. 82-85, Jun. 2009.
217. C. Chandersekaran andW. Simpson, "An agent based monitoring system for web services, " in Proc. 16th Int. Command Control Res. Technol. Symp., Apr. 2011, pp. 84-89.