trusted publish/subscribe

Trusted Publish/Subscribe

Stephen Naicken

Foundations of Software SystemsUniversity of Sussex

[email protected]

15th February 2012

(University of Sussex) Trusted Publish/Subscribe 15/02/12 1 / 58

Outline

1 Why Apply Trust to Publish/Subscribe Systems?Publish/Subscribe Security IssuesSecuring Networks Using Trust and Reputation

2 Trusted Publish/Subscribe TreesCommunication Overheads of PSTsA Trust Metric for Publish/Subscribe TreesPST Trust Maximisation Problem with Overhead Budget

3 AlgorithmsExhaustive SearchTabu Search

4 Results

5 Conclusions and Future Work


Publish/Subscribe OverviewWhat is Publish/Subscribe?

Publish/Subscribe is an event-based messaging paradigm.Publishers publish notifications.Subscribers issue subscriptions describing notifications of interest.Notifications are delivered only to interested subscribers.Event Notification Service (ENS) is responsible for the routing ofnotifications from publishers to interested subscribers.ENS may be centralised or it may be a network of brokers.


Publish/Subscribe Data Model

Topic-Based Publish/SubscribeI Publisher publishes each of its events to a topic or subject.I Subscribers subscribe to a topic to receive all events published to it.

Content-Based Publish/SubscribeI Publisher issues an advertisement - an intent to publish events.I Any events published must be covered by the advertisement.I Subscription is a function over the event contents.I Greater expressiveness.I Increased message state and processing complexity at brokers.


Publish/Subscribe in Ad Hoc Networks

In ad hoc networks, the presence of an ENS can not be assumed.There may not be any entities responsible for the network.If this is the case, publishers and subscribers will need to assumethe responsibility of brokers where necessary.Publish/Subscribe in these environments may become morewidespread due to smartphones (e.g. Android 4.0 ad hocnetworking support).MANETs, Sensor networks, VANETs


Publish/Subscribe Tree

P

R1S2

S1 S3 S6

S7

R2

S4 S5 S5

Modification of Huang &Garcia-Molina [HGM03]definition.For each advertisement, thePST is rooted at the publisherand spans all interestedsubscribers.Steiner tree - the PST containsa subset of non-publisher &non-subscriber nodes(brokers) to facilitateconnectivity.There can be many possiblePSTs for a givenadvertisement.


Publish/Subscribe Tree

PST abstraction can be used to model both publish/subscribeusing an ENS or in an ad hoc network.In ENS-based publish/subscribe:

I the internal vertices of the tree are broker nodes;I the publisher is the root;I all terminals are subscribers.


Publish/Subscribe Security

A plethora of research on publish/subscribe data models andinfrastructure.

I Topic-based to Content-based Publish/SubscribeI Centralised to decentralised ENS.I Optimisation of routing and matching algorithms.

But very little on security.I Role-Based Access Control (RBAC).I Computing on encrypted data.

Why?I ENS under the control of single or multiple cooperating entities.I External contracts between publishers, subscribers and ENS.I Implicit trust assumed, but if we break this...


Publish/Subscribe Attacks

Denial of Service:I Flooding (Events and Subscriptions);I Fake unsubscribe & unadvertise (API weakness);I Selective & random message dropping.

Publish/Subscribe Spam [Tar06]I Blackhole advertisement - allows malicious publisher to acquire all

subscriptions, if subscriptions are propagated to the publisher.I Blackhole subscription - subscribe to all events to allow inference of

the subscriptions of others.


Impact of Attacks

Wun et al. [WCJ07] provide a taxonomy of DoS attacks andresults from DoS experiments.Subscription flooding attack - injecting malicious subscriptions at ahigh rate into the infrastructure (ENS).Reduction in free memory at the broker, increased processingtime of approximately two orders of magnitude, & exponentialgrowth in the response time.


RBAC and CPS

RBACI Assign subjects to roles and permissions to roles.I Allows limitations on access to events given the subscriber’s role.I Limitations on events a publisher can publish.I Brokers can perform content-based routing only on attributes that

they are permitted to access.CPS

I Subscriptions and events are encrypted using a shared key.I Matching and routing functions are performed on the encrypted

data by brokers.I Raiciu and Rosenblum [RR06] have defined a number of

techniques to implement CPS.

RBAC and CPS address many of the security issues, so what’sthe problem?


The Problems with RBAC and CPS

RBAC requires a trusted organisation to assign roles to entities.This is not feasible in ad hoc environments.Absence of a monitoring component to detect misbehaviour.Both RBAC and CPS are difficult to adapt to stochastic behaviour.CPS requires issuing a new encryption key.RBAC requires issuing new policies.What happens if the shared key is leaked?


Trust Management

We know that trust and reputation management can be used tosecure network communications.Mitigate against malicious and selfish nodes.EigenTrust in P2P, CONFIDANT in MANET routing.Can we use trust to mitigate attacks in publish/subscribe?


Trust Management

Is it possible to define a trust metric for PSTs?Determine the trustworthiness of a network not a node.Can we construct the most trusted PST for a givenadvertisement...And at the same time ensure efficient communications?We leave monitoring behaviour for future work.


PST Overhead Metric

Defined by Huang and Garcia-Molina [HGM03].At any node in the tree

I it costs to receive an event (r ).I it costs to forward an event on each outgoing edge, as required by

the subscriptions of any descendants (f ).

The overhead of a PST is the sum of the overheads at each node.The overhead at a node is given by the sum of:

I the cost to forward events of interest;I the cost to receive and forward events not of interest.


PST Overhead Metric

Definition (Inherent Subscription)The inherent subscription si of a subscriber i is given by itssubscription function sfi .

Definition (Effective Subscription)The effective subscription Si of a subscriber i is given by thedisjunction of its inherent subscription si and its proxied subscriptions′

i , Si = si ∨ s′

i .

Definition (Proxied Subscription)

The proxied subscription s′

i of a subscriber i is given bys′

i =⋃

j=1,...,n Sj for each child 1, . . . ,n of i .


PST Overhead Metric

Definition (Publish/Subscribe Tree Overhead)Let E be a set of events, r be some cost associated with receiving anevent, f be a cost associated with forwarding an event, si be theinherent subscription of node i and s

′

i be the proxied subscription of i .

For a PST TAp for an advertisement Ap, its overhead is defined as:

OTAp(E) =

∑i∈VAp

OTAp i(E) where

OTAp i(E) = (r + f ) · ΦE(¬si ∧ s

′

i ) + f · ΦE(si ∧ s′

i ).


The Problem - Tussles

Given two nodes, A and B, A can choose to trust B by using globaland/or local information. The decision rests solely with A.This is not the case for PSTs.Node A and B are nodes in PSTs T1 and T2.Node A considers PST T1 to be more trustworthy than T2.Node B considers PST T2 to be more trustworthy than T1.How do we decide upon the PST, which maximises trust for allPST’s nodes?


Semiring Trust Model

Definition(S,⊕) is commutative semigroup with neutral element 0:

a⊕ b = b ⊕ a(a⊕ b)⊕ c = a⊕ (b ⊕ c)

a⊕ 0 = a

(S,⊗) is a semigroup with a neutral element 1 and an absorbingelement 0:

(a⊗ b)⊗ c = a⊗ (b ⊗ c)a⊗ 1 = 1⊗ a = aa⊗ 0 = 0⊗ a = 0


Semiring Trust ModelInstantiation

The model provides a means to determine the trustworthiness ofa path [TB06].

DefinitionThe trusted path semiring is a semiring, (S,⊕,⊗) where S = [0,1] and⊕ and ⊗ are defined as:

for all s1, s2 ∈ S, s1 ⊕ s2 = max(s1, s2)for all s1, s2 ∈ S, s1 ⊗ s2 = s1s2

No assumption is made upon the definition of the semiringoperators. Alternatives are acceptable.


Semiring Trust ModelExample

Path 1 (P1): (a, b), (b, c), (c, d).Path 2 (P2): (a, e), (e, f), (f, d).Let τ be a trust function, τ : V × V → [0,1].τ(a,b) = 0.7, τ(a,b) = 0.7.τ(a,b) = 0.5, τ(a,b) = 1.τ(a,b)⊗ τ(a, c) = 0.49.τ(a,e)⊗ τ(a, f ) = 0.5.P1 ⊕ P2 = P2.


Individual PST Trust Functions

We have a means to determine the trust of a path and given twopaths we can determine which is more trustworthy.How can we use this to determine the trust of a PST.To do this, we need to identify the communication paths in a PST.


Trust Relationships in PSTs

There are many communication paths in a PST that should ideallybe trusted.The publisher must have trust in all the paths to all thesubscribers.The subscribers must trust the path to the publisher.Any internal subscribers must trust the paths to descendantsubscribers and the publisher.To maximise the trust of a PST, we select the PST that maximisesthe trust of these paths.


Terminal Subscriber Node

P

R1S2

S1 S3 S6

S7

R2

S4 S5 S5

Subscriber trusts the publishersufficiently to receive itsevents, so it is not included inthe metric.It must trust the nodes on thepath to the publisher, whichroute events to it.Example Path:S5,R2,S6,R1,P.


Terminal Subscriber Node

Definition (Terminal Subscriber Trust Function)

τs(T ) =

{1τs(Ληs,v1

)⊗ τs(Ληs,v2)⊗ · · · ⊗ τs(Ληs,v|σs,p|−2

)⊗ τs(Ληs,v|σs,p|−1)

τs is the trust function of subscriber s.Ληs,v|σs,n|

is the vector of trust information on n held by s.

1 if s is adjacent to p, otherwise it is given by the product of thetrust in the intermediate vertices.


Publisher Trust Function

More complicated for the publisher, as there is path to eachsubscriber.Although the edges may be shared between paths, each isconsidered individually.Reasoning is that there is "contact" to provide events to each andevery subscriber.The publisher’s trust in the tree is given by the aggregation of thetrust of all paths to all subscribers.



Definition (Publisher Trust Function)

τp(σp,s) =

{1τp(Ληp,v1

)⊗ τp(Ληp,v2)⊗ · · · ⊗ τp(Ληp,v|σ|−2

)⊗ τp(Ληp,v|σ|−1)

Similar to the terminal subscribe trust function.τp(σp,s), the trust of the path from publisher p to subscriber s.1 if p is adjacent to s, otherwise it is given by the product of thetrust in the intermediate vertices.



Definition (Publisher Trust Function)The trust of T for p is a function of the trust of the paths to eachsubscriber and is given by

τp(T ) = α(τp(σp,s1), τp(σp,s2), . . . , τp(σp,s|S|)).

where α is the aggregation function and τp(σp,s1) is the trust p has inthe path from p to subscriber s1.



How to achieve the aggregation?The number of subscribers for a given advertisement is constantacross all PSTs.All subscribers to be treated fairly.This means we can use the leximin aggregation.Similar to maximin, but breaks ties using the next least well offvalue until tie is broken.Motivation: The publisher’s trust in a PST is dominated by theleast trusted path.


Leximin Aggregation Function

Definition (Ordered Weighted Average)An ordered weighted average operator F of dimension n is a mappingF : Rn → R that has an associated vector of weightsW = [w1,w2, . . . ,wn] such that

∑ni=1 wi = 1 and each wi ∈ [0,1] and

where F (y1, y2, . . . , yn) =∑n

j=1 wj · zj where zj is the j-largest yi .


Leximin Aggregation Function

Definition (Yager’s Analytical Function [Yag97])The analytical leximin aggregation operator, Fleximin, is an orderedweighted average where the weight vectorW = [w1, . . . ,wn−2,wn−1,wn] is defined as follows:

w1 =∆n−1

(1 + ∆)n−1 ,

wj =∆n−j

(1 + ∆)n+1−j for all 2 ≤ j ≤ n.

If |a− b| < ∆ then a = b. If a > b then |a− b| > ∆.


Internal Subscriber Trust Function

The internal subscriber trust function is a combination of the twoprevious trust functions.An internal subscriber must trust the path to the publisher (similarto a terminal subscriber).In addition, it also distributes events to descendants that have amatching subscription.So it must also trust the paths to all descendants who aresubscribers (similar to a publisher).


Internal Subscriber Trust Function

DefinitionFor each internal subscribe node s in a PST T , the trust of s in T isgiven by τs(T ) = β(τs(σs,p), τs(σs,s′1

), . . . , τs(σs,s′d−1)) where

β : Rd −→ R is some aggregation function of trust values, andd = |Vs ∩ S|+ 1 where Vs is set of nodes in the subtree rooted at s.

For a internal subscriber, the value d is variable across feasiblePSTs.Therefore, the weights of the Yager’s leximin function will bedifferent across PSTsSo we use maximin here.


And The Router Trust Function?

PST is a Steiner tree - it need not span the network.The opinions of routers are ignored.Incentive compatibility can not be guaranteed.Routers have good reason to lie. A router in a PST contributesresources but has no interest in the content being shared.Declare the paths and consequently the tree to be of low trust.PST is less likely to be most trusted, so reduced possibility ofbeing in this PST.


PST Trust MetricSocial Choice and Welfare

We now have a mechanism for each node to assess a tree andcome up with a number that represents its belief of howtrustworthy that tree is.How do we order the trees given these trust values from theparticipants?We assume that the trust values provide an ordering of how badlyoff a member would be, if that tree was chosen.Rawls’ principles of justice, that social and economic inequalitiessatisfy the condition that they are to be to the greatest benefit ofthe least advantaged members of societyLeximin Define a lexical ordering on the participants, and in anypair of alternatives, pick the one that improves the lot of the worseoff


PST Trust Metric

DefinitionLet t = (Vt ,Et ) be a PST where Vt = S ∪ R ∪ {p}. For eachi ∈ S ∪ {p}, there is a real-value τi(T ) representing i ’s trust value of t .The social trust value of t is given by Fleximin(τi1(T ), τi2(T ), . . . ,τi|S∪{p}|(T )).


Interpersonal Incomparability of Trust

Leximin requires interpersonal comparability.This means trust values of different entities must share the sametrust continuum.Same origin and same unit of trust.This isn’t possible for mental states such as trust.Often assumed to be the case in existing trust models, so we dotoo..


The Maximum Trust PST with Overhead Budget

DefinitionGiven an overhead budget B > 0, an event distribution E , anundirected connectivity graph Gc = (Vc ,Ec), a publisher p that holdsan advertisement Ap, a set of subscribers S = {s | sfs(Ap) = true}where sfs is the subscription function of s, a set of routers R = Vc \ Cwhere C = {p} ∪ S

find a PST T that is rooted at p, spans S and maximises the trustvalue τ(T ) = Fleximin(τc1(T ), . . . , τc|C|(T )) where τci (T ) is the trustevaluation of i th node in C, subject to OT (E) ≤ B.

The PST Trust Maximisation Problem with Overhead Budget isNP-complete.


Exhaustive Search Algorithm

Find all PSTs in the connectivity graph rooted at p and spanningthe subscribers S.For each PST:

I Find the trust value.I Find the overhead value.

Select the PST that has the highest trust value with the definedbudget B.How to find all PSTs?


Spanning Tree Enumeration

A PST is a Steiner tree of the connectivity graph.The set of feasible PSTs for an advertisement is a subset of theset of all Steiner trees in the connectivity graph.The set of all spanning trees for all subgraphs of the connectivitygraph is the set of all Steiner trees.Modify a spanning tree enumeration algorithm to enumerate allPSTs that span a graph.



Char’s spanning tree algorithm [Cha68] enumerates all spanningtrees.Uses DFS to find initial tree and label vertices.Representation of the tree is stored in an array.Index is node label, array[index] gives index of an adjacent node.Lexicographically alter the adjacent edges, "cycling" throughsubgraphs.Each subgraph found is tested to ensure that it is a spanning tree.



The tree test can be modified to also test if the subgraph is a PST.A router can not be a terminal node - illogical.Test if each router in the tree is has two adjacent edges.


Tabu Search Algorithm

Given that the problem is in NP-Complete, the exhaustive searchwill only be suitable for small problem instances.Instead we choose to use the Tabu search metaheuristic.Similar to local search, but we store list of last n chosen moves(tabu list).To escape local maxima, we do not select moves from the tabulist.



First we need to define a move structure.Given a PST, a move is the addition or removal of a router fromthe PST.When a router is added to a PST, edges adjacent to nodes in thePST are added too.When a router is removed from the PST, edges from theconnectivity graph between pairs of nodes in the PST are addedto re-connect the graph.How do we choose the router to add or remove?



We use a surrogate objective function - essentially "guesstimate".We know the node that had the least trust in prior PST.So we evaluate the trustworthiness of the paths from this node tothe publisher in the graph induced by the application of the moveto the PST.The move that yields the greatest improvement in trust for thisnode is chosen.



This leaves us with a second problem, the application of the movegives a graph not a PST.We use the modified Char algorithm to find the PSTs in the graph.The tree that maximises the objective function is chosen.So what is the objective function?



Tabu search is designed for combinatorial problems of thefollowing form:

DefinitionGiven a set of feasible solutions F and a function F : F → R, find theoptimal solution x ∈ F for a minimisation problem such thatF (x) ≤ F (y) for all y ∈ F , or F (x) ≥ F (y) for a maximisation problem.

But we have an overhead budget to consider.If a solution is overbudget, we penalise the objective value of thesolution, i.e. its trust value.



We investigated two approaches to tabu search for problems withconstraints.The first a static penalty function. Penalise all overbudgetsolutions by reducing their trustworthiness by 50%.The second is Near-Feasibility Threshold approach devised byKulturel-Konak et al. [KKNCS04]However, as the results were often poor in comparison to thenaive static approach, we shall dismiss it.The authors claim that the technique is sometimes not suitablewhere there are few constraints. We have one.



Diversification potentially allows the Tabu search to exploreunvisited regions of the search space and escape cycles.Every 50 iterations of the Tabu search, the search diversifychoosing a new solution from which the search continues.We investigated modified versions of the Takahashi-Matsuyama[TM80] and Shortest Path Tree algorithms to create PSTs.However, as both are subscription and trust unaware algorithms,little difference can be expected.


Evaluation Environment

Experiments were performed using Amazon EC2 infrastructure,with a 6.5 EC2 Compute Units (2x Intel(R) Xeon(R) CPU X5550@ 2.67GHz), 17.1 GB RAM instance (m2.xlarge) running on a64-bit Linux OS.The connectivity graph is constructed by power law graphgenerator [EW02].The trust graph is generated using Klemm-Eguiluz [KE02] modelso that it has both high clustering and power law properties.The Tabu search executed for 1500 iterations.


Problem Data Set

A number of problem sets were considered, the results of two ofthese will be presented.A problem set is identified using the following format<Problem Data set><Subset Number>-<Problem Number> :

I "<Problem Data set>" is the data set identifier (A and B),I "<Subset Number>" indicates the value of |R| for each problemI "<Problem Number>" is the problem identifier where

1 =⇒ B = 2000,2 =⇒ B = 3000,3 =⇒ B = 4000,4 =⇒ B =5000,5 =⇒ B = 231 − 1.


Problem Data Set

Problem Set A.I Publisher: 1, Subscribers: 5, Routers: 1, 2, ..., 9.

Problem Set B.I Publisher: 1, Subscribers: 5, Routers: 20, 30, 40, ... 90.


Exhaustive Search Results

Problem Subset

Tim

e (s

)

0e+00

2e+04

4e+04

6e+04

8e+04

1e+05

● ● ● ● ● ● ● ●

●

●

A0 A1 A2 A3 A4 A5 A6 A7 A8 A9

Figure: Average Execution Times of Exhaustive Search Results for ProblemSet A


Exhaustive Search Results

Pr. Min. (s) Max. (s) Avg. (s)

A0 0.0153 0.0871 0.0339A1 0.0239 0.1522 0.058A2 0.1238 0.3774 0.1852A3 0.8051 1.2791 0.9304A4 1.7682 2.4166 1.9041A5 19.5833 20.212 19.7224A6 285.8669 287.4492 286.3381A7 945.8277 949.9657 947.4963A8 6149.868 6164.197 6158.712A9 97672.93 97672.93 -

Table: Execution Times of Exhaustive Search Results for Problem Set A


Tabu SearchProblem Set A

PST Rel. Error

Pr τT OT ητ ηO Sec

A1-4 0.0181 2398 - - 3.01

A2-4 0.0931 1850 - - 8.37

A3-4 0.0224 2917 - - 11.03

A4-4 0.1855 2224 - - 7.20

A5-4 0.0812 3580 - 0.1202 8.24

A6-4 0.0360 3846 5×10−7 0.1287 138.96

A7-4 0.0692 3570 - - 78.38

A8-4 0.0031 3657 1×10−6 0.0928 9.77

A9-4 0.2184 1885 - - 20.49

Table: Solutions for Problem Set A using the Tabu Search algorithm


Tabu SearchPr τT OT Sec Pr τT OT Sec

B20-1 0.1210 2948 42.00 B30-1 0.1329 2234 57.19B20-2 0.1210 2948 41.97 B30-2 0.1329 2234 61.82B20-3 0.1210 3254 36.33 B30-3 0.1329 2234 72.58B20-4 0.1210 3254 33.76 B30-4 0.1329 2234 88.44B20-5 0.1210 3254 33.73 B30-5 0.1329 2234 84.46

B40-1 0.0245 2564 56.52 B50-1 0.0124 2224 18.96B40-2 0.0245 2564 60.04 B50-2 0.0124 2224 18.87B40-3 0.0245 2564 50.73 B50-3 0.0124 2224 18.70B40-4 0.0245 2564 50.77 B50-4 0.0124 2224 19.70B40-5 0.0245 2564 50.81 B50-5 0.0124 2224 19.96

B60-1 0.0661 1630 9.86 B70-1 0.0381 2838 30.00B60-2 0.0661 1630 9.98 B70-2 0.0381 2838 29.99B60-3 0.0661 1630 9.82 B70-3 0.0381 2838 46.44B60-4 0.0661 1630 9.89 B70-4 0.0381 2838 46.77B60-5 0.0661 1630 9.91 B70-5 0.0381 2838 45.85

B80-1 0.1320 1962 17.84 B90-1 0.0354 1282 11.56B80-2 0.1320 1962 13.54 B90-2 0.0354 1282 11.59B80-3 0.1320 1962 13.56 B90-3 0.0354 1282 11.59B80-4 0.1320 1962 13.55 B90-4 0.0354 1282 11.57B80-5 0.1320 1962 13.57 B90-5 0.0354 1282 11.57


Conclusions

It is possible to define a trust metrics for a network structure, thePST, not just nodes.Trust is interpersonal incomparable. Metrics should consider this.Tabu search efficiently solves the Maximum Trust PST withOverhead Budget Problem.


Future Work

Is it possible to define a distributed algorithm to solve theproblem?

I Tussle between trust relationships in a PST.I Nodes may be unwilling to share trust data.I Possible using local information only?

How do we implement monitoring of publish/subscribe services?I Space decoupling conflicts with long-lived identity requirements.

Are these techniques applicable to an Information-CentricPublish/Subscribe Internet?


J. Char.Generation of trees, two-trees, and storage of master forests.IEEE Transactions on Circuit Theory, 15(3):228–238, 1968.

David Eppstein and Joseph Yannkae Wang.A steady state model for graph power laws.ACM Computing Research Repository, April 2002.

Yongqiang Huang and Hector Garcia-Molina.Publish/subscribe tree construction in wireless ad-hoc networks.In Mobile Data Management, volume 2574 of Lecture Notes inComputer Science, pages 122–140. Springer Berlin/Heidelberg,2003.

Konstantin Klemm and V.M. Eguiluz.Growing scale-free networks with small-world behavior.Physical Review E, 65(5):57102, May 2002.

Sadan Kulturel-Konak, Bryan A. Norman, David W. Coit, andAlice E. Smith.Exploiting tabu search memory in constrained problems.(University of Sussex) Trusted Publish/Subscribe 15/02/12 58 / 58

INFORMS Journal on Computing, 16(3):241–254, 2004.

Costin Raiciu and D.S. Rosenblum.Enabling confidentiality in content-based publish/subscribeinfrastructures.In Proceedings of the Second IEEE/CreatNet InternationalConference on Security and Privacy in Communication Networks,Securecomm ’06, pages 1–11. IEEE, August 2006.

S. Tarkoma.Preventing spam in publish/subscribe.In 26th IEEE International Conference on Distributed ComputingSystems Workshops, ICDCSW 2006, pages 21–21. IEEE, 2006.

G. Theodorakopoulos and J.S. Baras.On trust models and trust evaluation metrics for ad hoc networks.IEEE Journal on Selected Areas in Communications,24(2):318–328, February 2006.

H. Takahashi and A. Matsuyama.An approximate solution for the Steiner problem in graphs.(University of Sussex) Trusted Publish/Subscribe 15/02/12 58 / 58

Mathematica Japonica, 24(6):573–577, 1980.

Alex Wun, Alex Cheung, and Hans-Arno Jacobsen.A taxonomy for denial of service attacks in content-basedpublish/subscribe systems.In Proceedings of the 2007 Inaugural International Conference onDistributed event-based systems, DEBS ’07, pages 116–127, NewYork, NY, USA, 2007. ACM.

R.R. Yager.On the analytic representation of the Leximin ordering and itsapplication to flexible constraint propagation.European Journal of Operational Research, 102(1):176–192,October 1997.


trusted publish/subscribe

Business

publishsubscribe systems

publishsubscribe overviewwhat

ensbased publishsubscribe

publishsubscribe data

subscribers role

flooding events

contentbased routing

malicious publisher