1.
Trusted Publish/Subscribe Stephen Naicken Foundations of Software Systems University of Sussex stephenn@sussex.ac.uk 15th February 2012(University of Sussex) Trusted Publish/Subscribe 15/02/12 1 / 58
2.
Outline1 Why Apply Trust to Publish/Subscribe Systems? Publish/Subscribe Security Issues Securing Networks Using Trust and Reputation2 Trusted Publish/Subscribe Trees Communication Overheads of PSTs A Trust Metric for Publish/Subscribe Trees PST Trust Maximisation Problem with Overhead Budget3 Algorithms Exhaustive Search Tabu Search4 Results5 Conclusions and Future Work (University of Sussex) Trusted Publish/Subscribe 15/02/12 2 / 58
3.
Publish/Subscribe OverviewWhat is Publish/Subscribe? Publish/Subscribe is an event-based messaging paradigm. Publishers publish notiﬁcations. Subscribers issue subscriptions describing notiﬁcations of interest. Notiﬁcations are delivered only to interested subscribers. Event Notiﬁcation Service (ENS) is responsible for the routing of notiﬁcations from publishers to interested subscribers. ENS may be centralised or it may be a network of brokers. (University of Sussex) Trusted Publish/Subscribe 15/02/12 3 / 58
4.
Publish/Subscribe Data Model Topic-Based Publish/Subscribe Publisher publishes each of its events to a topic or subject. Subscribers subscribe to a topic to receive all events published to it. Content-Based Publish/Subscribe Publisher issues an advertisement - an intent to publish events. Any events published must be covered by the advertisement. Subscription is a function over the event contents. Greater expressiveness. Increased message state and processing complexity at brokers. (University of Sussex) Trusted Publish/Subscribe 15/02/12 4 / 58
5.
Publish/Subscribe in Ad Hoc Networks In ad hoc networks, the presence of an ENS can not be assumed. There may not be any entities responsible for the network. If this is the case, publishers and subscribers will need to assume the responsibility of brokers where necessary. Publish/Subscribe in these environments may become more widespread due to smartphones (e.g. Android 4.0 ad hoc networking support). MANETs, Sensor networks, VANETs (University of Sussex) Trusted Publish/Subscribe 15/02/12 5 / 58
6.
Publish/Subscribe Tree P Modiﬁcation of Huang & Garcia-Molina [HGM03] deﬁnition. S2 R1 S7 For each advertisement, the PST is rooted at the publisher and spans all interested subscribers. S1 S3 S6 Steiner tree - the PST contains a subset of non-publisher & non-subscriber nodes R2 (brokers) to facilitate connectivity. There can be many possible S4 S5 S5 PSTs for a given advertisement. (University of Sussex) Trusted Publish/Subscribe 15/02/12 6 / 58
7.
Publish/Subscribe Tree PST abstraction can be used to model both publish/subscribe using an ENS or in an ad hoc network. In ENS-based publish/subscribe: the internal vertices of the tree are broker nodes; the publisher is the root; all terminals are subscribers. (University of Sussex) Trusted Publish/Subscribe 15/02/12 7 / 58
8.
Publish/Subscribe Security A plethora of research on publish/subscribe data models and infrastructure. Topic-based to Content-based Publish/Subscribe Centralised to decentralised ENS. Optimisation of routing and matching algorithms. But very little on security. Role-Based Access Control (RBAC). Computing on encrypted data. Why? ENS under the control of single or multiple cooperating entities. External contracts between publishers, subscribers and ENS. Implicit trust assumed, but if we break this... (University of Sussex) Trusted Publish/Subscribe 15/02/12 8 / 58
9.
Publish/Subscribe Attacks Denial of Service: Flooding (Events and Subscriptions); Fake unsubscribe & unadvertise (API weakness); Selective & random message dropping. Publish/Subscribe Spam [Tar06] Blackhole advertisement - allows malicious publisher to acquire all subscriptions, if subscriptions are propagated to the publisher. Blackhole subscription - subscribe to all events to allow inference of the subscriptions of others. (University of Sussex) Trusted Publish/Subscribe 15/02/12 9 / 58
10.
Impact of Attacks Wun et al. [WCJ07] provide a taxonomy of DoS attacks and results from DoS experiments. Subscription ﬂooding attack - injecting malicious subscriptions at a high rate into the infrastructure (ENS). Reduction in free memory at the broker, increased processing time of approximately two orders of magnitude, & exponential growth in the response time. (University of Sussex) Trusted Publish/Subscribe 15/02/12 10 / 58
11.
RBAC and CPS RBAC Assign subjects to roles and permissions to roles. Allows limitations on access to events given the subscriber’s role. Limitations on events a publisher can publish. Brokers can perform content-based routing only on attributes that they are permitted to access. CPS Subscriptions and events are encrypted using a shared key. Matching and routing functions are performed on the encrypted data by brokers. Raiciu and Rosenblum [RR06] have deﬁned a number of techniques to implement CPS. RBAC and CPS address many of the security issues, so what’s the problem? (University of Sussex) Trusted Publish/Subscribe 15/02/12 11 / 58
12.
RBAC and CPS RBAC Assign subjects to roles and permissions to roles. Allows limitations on access to events given the subscriber’s role. Limitations on events a publisher can publish. Brokers can perform content-based routing only on attributes that they are permitted to access. CPS Subscriptions and events are encrypted using a shared key. Matching and routing functions are performed on the encrypted data by brokers. Raiciu and Rosenblum [RR06] have deﬁned a number of techniques to implement CPS. RBAC and CPS address many of the security issues, so what’s the problem? (University of Sussex) Trusted Publish/Subscribe 15/02/12 11 / 58
13.
The Problems with RBAC and CPS RBAC requires a trusted organisation to assign roles to entities. This is not feasible in ad hoc environments. Absence of a monitoring component to detect misbehaviour. Both RBAC and CPS are difﬁcult to adapt to stochastic behaviour. CPS requires issuing a new encryption key. RBAC requires issuing new policies. What happens if the shared key is leaked? (University of Sussex) Trusted Publish/Subscribe 15/02/12 12 / 58
14.
Trust Management We know that trust and reputation management can be used to secure network communications. Mitigate against malicious and selﬁsh nodes. EigenTrust in P2P, CONFIDANT in MANET routing. Can we use trust to mitigate attacks in publish/subscribe? (University of Sussex) Trusted Publish/Subscribe 15/02/12 13 / 58
15.
Trust Management Is it possible to deﬁne a trust metric for PSTs? Determine the trustworthiness of a network not a node. Can we construct the most trusted PST for a given advertisement... And at the same time ensure efﬁcient communications? We leave monitoring behaviour for future work. (University of Sussex) Trusted Publish/Subscribe 15/02/12 14 / 58
16.
PST Overhead Metric Deﬁned by Huang and Garcia-Molina [HGM03]. At any node in the tree it costs to receive an event (r ). it costs to forward an event on each outgoing edge, as required by the subscriptions of any descendants (f ). The overhead of a PST is the sum of the overheads at each node. The overhead at a node is given by the sum of: the cost to forward events of interest; the cost to receive and forward events not of interest. (University of Sussex) Trusted Publish/Subscribe 15/02/12 15 / 58
17.
PST Overhead MetricDeﬁnition (Inherent Subscription)The inherent subscription si of a subscriber i is given by itssubscription function sfi .Deﬁnition (Effective Subscription)The effective subscription Si of a subscriber i is given by thedisjunction of its inherent subscription si and its proxied subscriptionsi , Si = si ∨ si .Deﬁnition (Proxied Subscription)The proxied subscription si of a subscriber i is given bysi = j=1,...,n Sj for each child 1, . . . , n of i. (University of Sussex) Trusted Publish/Subscribe 15/02/12 16 / 58
18.
PST Overhead MetricDeﬁnition (Publish/Subscribe Tree Overhead)Let E be a set of events, r be some cost associated with receiving anevent, f be a cost associated with forwarding an event, si be theinherent subscription of node i and si be the proxied subscription of i.For a PST TAp for an advertisement Ap , its overhead is deﬁned as: OTAp (E) = i∈VAp OTAp (E) where i OTAp (E) = (r + f ) · ΦE(¬si ∧ si ) + f · ΦE(si ∧ si ). i (University of Sussex) Trusted Publish/Subscribe 15/02/12 17 / 58
19.
The Problem - Tussles Given two nodes, A and B, A can choose to trust B by using global and/or local information. The decision rests solely with A. This is not the case for PSTs. Node A and B are nodes in PSTs T1 and T2 . Node A considers PST T1 to be more trustworthy than T2 . Node B considers PST T2 to be more trustworthy than T1 . How do we decide upon the PST, which maximises trust for all PST’s nodes? (University of Sussex) Trusted Publish/Subscribe 15/02/12 18 / 58
20.
The Problem - Tussles Given two nodes, A and B, A can choose to trust B by using global and/or local information. The decision rests solely with A. This is not the case for PSTs. Node A and B are nodes in PSTs T1 and T2 . Node A considers PST T1 to be more trustworthy than T2 . Node B considers PST T2 to be more trustworthy than T1 . How do we decide upon the PST, which maximises trust for all PST’s nodes? (University of Sussex) Trusted Publish/Subscribe 15/02/12 18 / 58
21.
Semiring Trust ModelDeﬁnition(S, ⊕) is commutative semigroup with neutral element 0: a⊕b =b⊕a (a ⊕ b) ⊕ c = a ⊕ (b ⊕ c) a⊕0=a(S, ⊗) is a semigroup with a neutral element 1 and an absorbingelement 0: (a ⊗ b) ⊗ c = a ⊗ (b ⊗ c) a⊗1=1⊗a=a a⊗0=0⊗a=0 (University of Sussex) Trusted Publish/Subscribe 15/02/12 19 / 58
22.
Semiring Trust ModelInstantiation The model provides a means to determine the trustworthiness of a path [TB06].DeﬁnitionThe trusted path semiring is a semiring, (S, ⊕, ⊗) where S = [0, 1] and⊕ and ⊗ are deﬁned as: for all s1 , s2 ∈ S, s1 ⊕ s2 = max(s1 , s2 ) for all s1 , s2 ∈ S, s1 ⊗ s2 = s1 s2 No assumption is made upon the deﬁnition of the semiring operators. Alternatives are acceptable. (University of Sussex) Trusted Publish/Subscribe 15/02/12 20 / 58
23.
Semiring Trust ModelExample Path 1 (P1 ): (a, b), (b, c), (c, d). Path 2 (P2 ): (a, e), (e, f), (f, d). Let τ be a trust function, τ : V × V → [0, 1]. τ (a, b) = 0.7, τ (a, b) = 0.7. τ (a, b) = 0.5, τ (a, b) = 1. τ (a, b) ⊗ τ (a, c) = 0.49. τ (a, e) ⊗ τ (a, f ) = 0.5. P1 ⊕ P2 = P2 . (University of Sussex) Trusted Publish/Subscribe 15/02/12 21 / 58
24.
Individual PST Trust Functions We have a means to determine the trust of a path and given two paths we can determine which is more trustworthy. How can we use this to determine the trust of a PST. To do this, we need to identify the communication paths in a PST. (University of Sussex) Trusted Publish/Subscribe 15/02/12 22 / 58
25.
Trust Relationships in PSTs There are many communication paths in a PST that should ideally be trusted. The publisher must have trust in all the paths to all the subscribers. The subscribers must trust the path to the publisher. Any internal subscribers must trust the paths to descendant subscribers and the publisher. To maximise the trust of a PST, we select the PST that maximises the trust of these paths. (University of Sussex) Trusted Publish/Subscribe 15/02/12 23 / 58
26.
Terminal Subscriber Node P Subscriber trusts the publisher S2 R1 S7 sufﬁciently to receive its events, so it is not included in the metric. S1 S3 S6 It must trust the nodes on the path to the publisher, which route events to it. R2 Example Path: S5 , R2 , S6 , R1 , P. S4 S5 S5 (University of Sussex) Trusted Publish/Subscribe 15/02/12 24 / 58
27.
Terminal Subscriber NodeDeﬁnition (Terminal Subscriber Trust Function) 1τs (T ) = τs (Λη 1 ) ⊗ τs (Λη 2 ) ⊗ · · · ⊗ τs (Λη |σs,p |−2 ) ⊗ τs (Λη |σs,p |−1 ) s,v s,v s,v s,v τs is the trust function of subscriber s. Λη |σs,n | is the vector of trust information on n held by s. s,v 1 if s is adjacent to p, otherwise it is given by the product of the trust in the intermediate vertices. (University of Sussex) Trusted Publish/Subscribe 15/02/12 25 / 58
28.
Publisher Trust Function More complicated for the publisher, as there is path to each subscriber. Although the edges may be shared between paths, each is considered individually. Reasoning is that there is "contact" to provide events to each and every subscriber. The publisher’s trust in the tree is given by the aggregation of the trust of all paths to all subscribers. (University of Sussex) Trusted Publish/Subscribe 15/02/12 26 / 58
29.
Publisher Trust FunctionDeﬁnition (Publisher Trust Function) 1τp (σp,s ) = τp (Λη 1 ) ⊗ τp (Λη 2 ) ⊗ · · · ⊗ τp (Λη |σ|−2 ) ⊗ τp (Λη |σ|−1 ) p,v p,v p,v p,v Similar to the terminal subscribe trust function. τp (σp,s ), the trust of the path from publisher p to subscriber s. 1 if p is adjacent to s, otherwise it is given by the product of the trust in the intermediate vertices. (University of Sussex) Trusted Publish/Subscribe 15/02/12 27 / 58
30.
Publisher Trust FunctionDeﬁnition (Publisher Trust Function)The trust of T for p is a function of the trust of the paths to eachsubscriber and is given by τp (T ) = α(τp (σp,s1 ), τp (σp,s2 ), . . . , τp (σp,s|S| )).where α is the aggregation function and τp (σp,s1 ) is the trust p has inthe path from p to subscriber s1 . (University of Sussex) Trusted Publish/Subscribe 15/02/12 28 / 58
31.
Publisher Trust Function How to achieve the aggregation? The number of subscribers for a given advertisement is constant across all PSTs. All subscribers to be treated fairly. This means we can use the leximin aggregation. Similar to maximin, but breaks ties using the next least well off value until tie is broken. Motivation: The publisher’s trust in a PST is dominated by the least trusted path. (University of Sussex) Trusted Publish/Subscribe 15/02/12 29 / 58
32.
Leximin Aggregation FunctionDeﬁnition (Ordered Weighted Average)An ordered weighted average operator F of dimension n is a mappingF : Rn → R that has an associated vector of weightsW = [w1 , w2 , . . . , wn ] such that n wi = 1 and each wi ∈ [0, 1] and i=1where F (y1 , y2 , . . . , yn ) = n wj · zj where zj is the j-largest yi . j=1 (University of Sussex) Trusted Publish/Subscribe 15/02/12 30 / 58
33.
Leximin Aggregation FunctionDeﬁnition (Yager’s Analytical Function [Yag97])The analytical leximin aggregation operator, Fleximin , is an orderedweighted average where the weight vectorW = [w1 , . . . , wn−2 , wn−1 , wn ] is deﬁned as follows: ∆n−1 w1 = , (1 + ∆)n−1 ∆n−j wj = for all 2 ≤ j ≤ n. (1 + ∆)n+1−jIf |a − b| < ∆ then a = b. If a > b then |a − b| > ∆. (University of Sussex) Trusted Publish/Subscribe 15/02/12 31 / 58
34.
Internal Subscriber Trust Function The internal subscriber trust function is a combination of the two previous trust functions. An internal subscriber must trust the path to the publisher (similar to a terminal subscriber). In addition, it also distributes events to descendants that have a matching subscription. So it must also trust the paths to all descendants who are subscribers (similar to a publisher). (University of Sussex) Trusted Publish/Subscribe 15/02/12 32 / 58
35.
Internal Subscriber Trust FunctionDeﬁnitionFor each internal subscribe node s in a PST T , the trust of s in T isgiven by τs (T ) = β(τs (σs,p ), τs (σs,s1 ), . . . , τs (σs,sd−1 )) whereβ : Rd −→ R is some aggregation function of trust values, andd = |Vs ∩ S| + 1 where Vs is set of nodes in the subtree rooted at s. For a internal subscriber, the value d is variable across feasible PSTs. Therefore, the weights of the Yager’s leximin function will be different across PSTs So we use maximin here. (University of Sussex) Trusted Publish/Subscribe 15/02/12 33 / 58
36.
And The Router Trust Function? PST is a Steiner tree - it need not span the network. The opinions of routers are ignored. Incentive compatibility can not be guaranteed. Routers have good reason to lie. A router in a PST contributes resources but has no interest in the content being shared. Declare the paths and consequently the tree to be of low trust. PST is less likely to be most trusted, so reduced possibility of being in this PST. (University of Sussex) Trusted Publish/Subscribe 15/02/12 34 / 58
37.
PST Trust MetricSocial Choice and Welfare We now have a mechanism for each node to assess a tree and come up with a number that represents its belief of how trustworthy that tree is. How do we order the trees given these trust values from the participants? We assume that the trust values provide an ordering of how badly off a member would be, if that tree was chosen. Rawls’ principles of justice, that social and economic inequalities satisfy the condition that they are to be to the greatest beneﬁt of the least advantaged members of society Leximin Deﬁne a lexical ordering on the participants, and in any pair of alternatives, pick the one that improves the lot of the worse off (University of Sussex) Trusted Publish/Subscribe 15/02/12 35 / 58
38.
PST Trust MetricDeﬁnitionLet t = (Vt , Et ) be a PST where Vt = S ∪ R ∪ {p}. For eachi ∈ S ∪ {p}, there is a real-value τi (T ) representing i’s trust value of t.The social trust value of t is given by Fleximin (τi1 (T ), τi2 (T ), . . . ,τi|S∪{p}| (T )). (University of Sussex) Trusted Publish/Subscribe 15/02/12 36 / 58
39.
Interpersonal Incomparability of Trust Leximin requires interpersonal comparability. This means trust values of different entities must share the same trust continuum. Same origin and same unit of trust. This isn’t possible for mental states such as trust. Often assumed to be the case in existing trust models, so we do too.. (University of Sussex) Trusted Publish/Subscribe 15/02/12 37 / 58
40.
The Maximum Trust PST with Overhead BudgetDeﬁnitionGiven an overhead budget B > 0, an event distribution E, anundirected connectivity graph Gc = (Vc , Ec ), a publisher p that holdsan advertisement Ap , a set of subscribers S = {s | sfs (Ap ) = true}where sfs is the subscription function of s, a set of routers R = Vc Cwhere C = {p} ∪ Sﬁnd a PST T that is rooted at p, spans S and maximises the trustvalue τ (T ) = Fleximin (τc1 (T ), . . . , τc|C| (T )) where τci (T ) is the trustevaluation of i th node in C, subject to OT (E) ≤ B. The PST Trust Maximisation Problem with Overhead Budget is NP-complete. (University of Sussex) Trusted Publish/Subscribe 15/02/12 38 / 58
41.
Exhaustive Search Algorithm Find all PSTs in the connectivity graph rooted at p and spanning the subscribers S. For each PST: Find the trust value. Find the overhead value. Select the PST that has the highest trust value with the deﬁned budget B. How to ﬁnd all PSTs? (University of Sussex) Trusted Publish/Subscribe 15/02/12 39 / 58
42.
Spanning Tree Enumeration A PST is a Steiner tree of the connectivity graph. The set of feasible PSTs for an advertisement is a subset of the set of all Steiner trees in the connectivity graph. The set of all spanning trees for all subgraphs of the connectivity graph is the set of all Steiner trees. Modify a spanning tree enumeration algorithm to enumerate all PSTs that span a graph. (University of Sussex) Trusted Publish/Subscribe 15/02/12 40 / 58
43.
Spanning Tree Enumeration Char’s spanning tree algorithm [Cha68] enumerates all spanning trees. Uses DFS to ﬁnd initial tree and label vertices. Representation of the tree is stored in an array. Index is node label, array[index] gives index of an adjacent node. Lexicographically alter the adjacent edges, "cycling" through subgraphs. Each subgraph found is tested to ensure that it is a spanning tree. (University of Sussex) Trusted Publish/Subscribe 15/02/12 41 / 58
44.
Spanning Tree Enumeration The tree test can be modiﬁed to also test if the subgraph is a PST. A router can not be a terminal node - illogical. Test if each router in the tree is has two adjacent edges. (University of Sussex) Trusted Publish/Subscribe 15/02/12 42 / 58
45.
Tabu Search Algorithm Given that the problem is in NP-Complete, the exhaustive search will only be suitable for small problem instances. Instead we choose to use the Tabu search metaheuristic. Similar to local search, but we store list of last n chosen moves (tabu list). To escape local maxima, we do not select moves from the tabu list. (University of Sussex) Trusted Publish/Subscribe 15/02/12 43 / 58
46.
Tabu Search Algorithm First we need to deﬁne a move structure. Given a PST, a move is the addition or removal of a router from the PST. When a router is added to a PST, edges adjacent to nodes in the PST are added too. When a router is removed from the PST, edges from the connectivity graph between pairs of nodes in the PST are added to re-connect the graph. How do we choose the router to add or remove? (University of Sussex) Trusted Publish/Subscribe 15/02/12 44 / 58
47.
Tabu Search Algorithm We use a surrogate objective function - essentially "guesstimate". We know the node that had the least trust in prior PST. So we evaluate the trustworthiness of the paths from this node to the publisher in the graph induced by the application of the move to the PST. The move that yields the greatest improvement in trust for this node is chosen. (University of Sussex) Trusted Publish/Subscribe 15/02/12 45 / 58
48.
Tabu Search Algorithm This leaves us with a second problem, the application of the move gives a graph not a PST. We use the modiﬁed Char algorithm to ﬁnd the PSTs in the graph. The tree that maximises the objective function is chosen. So what is the objective function? (University of Sussex) Trusted Publish/Subscribe 15/02/12 46 / 58
49.
Tabu Search Algorithm Tabu search is designed for combinatorial problems of the following form:DeﬁnitionGiven a set of feasible solutions F and a function F : F → R, ﬁnd theoptimal solution x ∈ F for a minimisation problem such thatF (x) ≤ F (y ) for all y ∈ F, or F (x) ≥ F (y ) for a maximisation problem. But we have an overhead budget to consider. If a solution is overbudget, we penalise the objective value of the solution, i.e. its trust value. (University of Sussex) Trusted Publish/Subscribe 15/02/12 47 / 58
50.
Tabu Search Algorithm We investigated two approaches to tabu search for problems with constraints. The ﬁrst a static penalty function. Penalise all overbudget solutions by reducing their trustworthiness by 50%. The second is Near-Feasibility Threshold approach devised by Kulturel-Konak et al. [KKNCS04] However, as the results were often poor in comparison to the naive static approach, we shall dismiss it. The authors claim that the technique is sometimes not suitable where there are few constraints. We have one. (University of Sussex) Trusted Publish/Subscribe 15/02/12 48 / 58
51.
Tabu Search Algorithm Diversiﬁcation potentially allows the Tabu search to explore unvisited regions of the search space and escape cycles. Every 50 iterations of the Tabu search, the search diversify choosing a new solution from which the search continues. We investigated modiﬁed versions of the Takahashi-Matsuyama [TM80] and Shortest Path Tree algorithms to create PSTs. However, as both are subscription and trust unaware algorithms, little difference can be expected. (University of Sussex) Trusted Publish/Subscribe 15/02/12 49 / 58
52.
Evaluation Environment Experiments were performed using Amazon EC2 infrastructure, with a 6.5 EC2 Compute Units (2x Intel(R) Xeon(R) CPU X5550 @ 2.67GHz), 17.1 GB RAM instance (m2.xlarge) running on a 64-bit Linux OS. The connectivity graph is constructed by power law graph generator [EW02]. The trust graph is generated using Klemm-Eguiluz [KE02] model so that it has both high clustering and power law properties. The Tabu search executed for 1500 iterations. (University of Sussex) Trusted Publish/Subscribe 15/02/12 50 / 58
53.
Problem Data Set A number of problem sets were considered, the results of two of these will be presented. A problem set is identiﬁed using the following format <Problem Data set><Subset Number>-<Problem Number> : "<Problem Data set>" is the data set identiﬁer (A and B), "<Subset Number>" indicates the value of |R| for each problem "<Problem Number>" is the problem identiﬁer where 1 =⇒ B = 2000, 2 =⇒ B = 3000, 3 =⇒ B = 4000, 4 =⇒ B = 5000, 5 =⇒ B = 231 − 1. (University of Sussex) Trusted Publish/Subscribe 15/02/12 51 / 58
54.
Problem Data Set Problem Set A. Publisher: 1, Subscribers: 5, Routers: 1, 2, ..., 9. Problem Set B. Publisher: 1, Subscribers: 5, Routers: 20, 30, 40, ... 90. (University of Sussex) Trusted Publish/Subscribe 15/02/12 52 / 58
55.
Exhaustive Search Results 1e+05 q 8e+04 6e+04 Time (s) 4e+04 2e+04 q q q q q q q q q 0e+00 A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 Problem SubsetFigure: Average Execution Times of Exhaustive Search Results for ProblemSet A (University of Sussex) Trusted Publish/Subscribe 15/02/12 53 / 58
56.
Exhaustive Search Results Pr. Min. (s) Max. (s) Avg. (s) A0 0.0153 0.0871 0.0339 A1 0.0239 0.1522 0.058 A2 0.1238 0.3774 0.1852 A3 0.8051 1.2791 0.9304 A4 1.7682 2.4166 1.9041 A5 19.5833 20.212 19.7224 A6 285.8669 287.4492 286.3381 A7 945.8277 949.9657 947.4963 A8 6149.868 6164.197 6158.712 A9 97672.93 97672.93 - Table: Execution Times of Exhaustive Search Results for Problem Set A (University of Sussex) Trusted Publish/Subscribe 15/02/12 54 / 58
57.
Tabu SearchProblem Set A PST Rel. Error Pr τT OT ητ ηO Sec A1-4 0.0181 2398 - - 3.01 A2-4 0.0931 1850 - - 8.37 A3-4 0.0224 2917 - - 11.03 A4-4 0.1855 2224 - - 7.20 A5-4 0.0812 3580 - 0.1202 8.24 A6-4 0.0360 3846 5×10−7 0.1287 138.96 A7-4 0.0692 3570 - - 78.38 A8-4 0.0031 3657 1×10−6 0.0928 9.77 A9-4 0.2184 1885 - - 20.49 Table: Solutions for Problem Set A using the Tabu Search algorithm (University of Sussex) Trusted Publish/Subscribe 15/02/12 55 / 58
59.
Conclusions It is possible to deﬁne a trust metrics for a network structure, the PST, not just nodes. Trust is interpersonal incomparable. Metrics should consider this. Tabu search efﬁciently solves the Maximum Trust PST with Overhead Budget Problem. (University of Sussex) Trusted Publish/Subscribe 15/02/12 57 / 58
60.
Future Work Is it possible to deﬁne a distributed algorithm to solve the problem? Tussle between trust relationships in a PST. Nodes may be unwilling to share trust data. Possible using local information only? How do we implement monitoring of publish/subscribe services? Space decoupling conﬂicts with long-lived identity requirements. Are these techniques applicable to an Information-Centric Publish/Subscribe Internet? (University of Sussex) Trusted Publish/Subscribe 15/02/12 58 / 58
61.
J. Char.Generation of trees, two-trees, and storage of master forests.IEEE Transactions on Circuit Theory, 15(3):228–238, 1968.David Eppstein and Joseph Yannkae Wang.A steady state model for graph power laws.ACM Computing Research Repository, April 2002.Yongqiang Huang and Hector Garcia-Molina.Publish/subscribe tree construction in wireless ad-hoc networks.In Mobile Data Management, volume 2574 of Lecture Notes inComputer Science, pages 122–140. Springer Berlin/Heidelberg,2003.Konstantin Klemm and V.M. Eguiluz.Growing scale-free networks with small-world behavior.Physical Review E, 65(5):57102, May 2002.Sadan Kulturel-Konak, Bryan A. Norman, David W. Coit, andAlice E. Smith.Exploiting tabu search memory in constrained problems.(University of Sussex) Trusted Publish/Subscribe 15/02/12 58 / 58
62.
INFORMS Journal on Computing, 16(3):241–254, 2004.Costin Raiciu and D.S. Rosenblum.Enabling conﬁdentiality in content-based publish/subscribeinfrastructures.In Proceedings of the Second IEEE/CreatNet InternationalConference on Security and Privacy in Communication Networks,Securecomm ’06, pages 1–11. IEEE, August 2006.S. Tarkoma.Preventing spam in publish/subscribe.In 26th IEEE International Conference on Distributed ComputingSystems Workshops, ICDCSW 2006, pages 21–21. IEEE, 2006.G. Theodorakopoulos and J.S. Baras.On trust models and trust evaluation metrics for ad hoc networks.IEEE Journal on Selected Areas in Communications,24(2):318–328, February 2006.H. Takahashi and A. Matsuyama.An approximate solution for the Steiner problem in graphs.(University of Sussex) Trusted Publish/Subscribe 15/02/12 58 / 58
63.
Mathematica Japonica, 24(6):573–577, 1980.Alex Wun, Alex Cheung, and Hans-Arno Jacobsen.A taxonomy for denial of service attacks in content-basedpublish/subscribe systems.In Proceedings of the 2007 Inaugural International Conference onDistributed event-based systems, DEBS ’07, pages 116–127, NewYork, NY, USA, 2007. ACM.R.R. Yager.On the analytic representation of the Leximin ordering and itsapplication to ﬂexible constraint propagation.European Journal of Operational Research, 102(1):176–192,October 1997.(University of Sussex) Trusted Publish/Subscribe 15/02/12 58 / 58
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.
Be the first to comment