Information Flow Control Models in Peer-to-Peer Publish/Subscribe Systems

Abstract

A publish/subscribe (PS) model is an event-driven model of a distributed system. In this paper, we consider a peer-to-peer (P2P) type of PS model where each peer (process) can publish and subscribe events. Here, a peer publishes an event message and then the event message is notified to a target peer which is interested in the event. Publications and subscriptions are specified in terms of topics as discussed in topic-based PS systems. In this paper, we newly discuss a topic-based access control (TBAC) model to prevent illegal information flow among peers in PS systems. Here, an access right is a pair "t, op" of a topic t and an operation op which is publish or subscribe. A peer is allowed to publish an event message with topics and subscribe topics only if the topics are granted to the peer. An event message e is notified to a peer pi if the publication of e and subscription of pi include some common topic. If a peer pi publishes an event message e2 after receiving an event message e1, the event message e2 may bring the event of e1, which the peer pi is not allowed to publish. Here, information in the peer pi illegally flow to another peer. We define the legal flow relation among the peers. Then, we newly propose a subscription-based synchronization (SBS) protocol to prevent illegal information flow. Here, a notification is banned if the notification may cause illegal information flow. We evaluate the SBS protocol in terms of number of notifications banned.