2011 IEEE 13th International Symposium on High-Assurance Systems Engineering (2011)
Boca Raton, Florida USA
Nov. 10, 2011 to Nov. 12, 2011
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/HASE.2011.50
In today's collaborative business environment there is a need to share information across organizational boundaries. Publish/Subscribe systems are ideal for such scenarios as they allow real-time information to be shared in an asynchronous fashion. In this work, we focus on the access control aspect. While access control in general for publish/subscribe systems has been studied before, their usage in a multi-organizational scenario leads to some novel challenges. Here a publisher might wish to enforce restrictions w.r.t. not only subscribers, but also other publishers publishing certain event types due to competitive or regulatory reasons. With different publishers and subscribers having their own preferences and restrictions, conflicts are evident w.r.t. both publishing and subscribing to specific event types. Given this, the first contribution of this work is to provide efficient conflict detection and resolution algorithms The other important (and often ignored) aspect of large scale and evolving systems is that of efficiently handling modifications to existing policies, e.g. a rule may become invalid after a certain period of time. Our approach in handling such modifications is two-fold: (i) to maintain consistency and (ii) to automatically detect and enforce rules which could not have been enforced earlier due to conflicts. The second contribution of our work is thus to provide lifecycle management for access control rules, which is tightly coupled with the conflict detection and resolution algorithms.
Publish/subscribe systems, Access control policies, Conflict detect and resolution, Lifecycle management
L. A. Martucci, P. Hein, D. Biswas and M. Mühlhäuser, "Conflict Detection and Lifecycle Management for Access Control in Publish/Subscribe Systems," 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering(HASE), Boca Raton, Florida USA, 2011, pp. 104-111.