Assertions a Decade Later (invited talk at ICSE 2002)David Rosenblum
Invited talk upon receiving the 2002 ICSE Most Influential Paper Award for ICSE 1992, at the 24th International Conference on Software Engineering (ICSE 2002), 22 May 2002.
SIGSOFT Impact Award: Reflections and Prospects (invited talk at SIGSOFT FSE ...David Rosenblum
Invited talk with Alexander L. Wolf upon receiving the first ACM SIGSOFT Impact Paper Award, at the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (ACM SIGSOFT FSE), 13 November 2008.
Scalability in Software Systems Engineering: The Good, the Bad, and the Ugly ...David Rosenblum
1) Scalability is an important requirement for modern software systems as hardware capabilities and user demands continue to grow rapidly.
2) There are various definitions of scalability relating to performance, complexity, and abstraction. It can be characterized as how resource consumption grows with problem size.
3) Techniques for achieving scalability include abstraction, execution analysis, coarse-grained analysis, distribution, and approximation, each with associated costs and tradeoffs.
4) True scalability engineering is needed to systematically apply scalability techniques, evaluate designs, and compare alternatives to build systems that can demonstrably scale from the start.
Assertions a Decade Later (invited talk at ICSE 2002)David Rosenblum
Invited talk upon receiving the 2002 ICSE Most Influential Paper Award for ICSE 1992, at the 24th International Conference on Software Engineering (ICSE 2002), 22 May 2002.
SIGSOFT Impact Award: Reflections and Prospects (invited talk at SIGSOFT FSE ...David Rosenblum
Invited talk with Alexander L. Wolf upon receiving the first ACM SIGSOFT Impact Paper Award, at the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (ACM SIGSOFT FSE), 13 November 2008.
Scalability in Software Systems Engineering: The Good, the Bad, and the Ugly ...David Rosenblum
1) Scalability is an important requirement for modern software systems as hardware capabilities and user demands continue to grow rapidly.
2) There are various definitions of scalability relating to performance, complexity, and abstraction. It can be characterized as how resource consumption grows with problem size.
3) Techniques for achieving scalability include abstraction, execution analysis, coarse-grained analysis, distribution, and approximation, each with associated costs and tradeoffs.
4) True scalability engineering is needed to systematically apply scalability techniques, evaluate designs, and compare alternatives to build systems that can demonstrably scale from the start.
Known Unknowns: Testing in the Presence of Uncertainty (talk at ACM SIGSOFT F...David Rosenblum
talk presented in the Visions & Challenges Track of the ACM SIGSOFT 22nd International Symposium on the Foundations of Software Engineering (FSE 2014), Hong Kong, 20 November 2014; the paper won 2nd Prize in the track
invited talk presented for the Distinguished Speaker Series of the Institute for Software Research (ISR) at the University of California, Irvine, 5 April 2013
Jogging While Driving, and Other Software Engineering Research Problems (invi...David Rosenblum
invited talk presented for the Distinguished Lecturer Series of the Department of Computer Science at the University of Illinois at Chicago, 10 April 2014
XSiena: The Content-Based Publish/Subscribe SystemZbigniew Jerzak
This document is a slide presentation about content-based publish-subscribe systems. It discusses the evolution of networking from telephone systems to packet switching and then to content-based publish-subscribe. It describes key concepts of publish-subscribe like publishers, subscribers, events, and brokers. It also covers content-based matching and routing approaches and challenges like reusing matching results. Finally, it introduces Bloom filter-based routing techniques.
Pub/Sub is a messaging paradigm that allows publishers to send messages to subscribers through a broker. In Drupal, it allows content like nodes to be published from one site to another. Key aspects of Pub/Sub in Drupal include topics defined by views, filtering content via rules, and supporting push and pull of content between loosely coupled systems. It can integrate with other modules via hooks and is used on a case study site to sync over 57k nodes across 21 channels.
The document provides an overview of the publish-subscribe model from the perspective of a database. It discusses key aspects of the publish-subscribe model including decoupling of publishers and subscribers, subscription models, and quality measures. It also examines applying publish-subscribe concepts in databases through expressions, continuous queries, and using XML with XFilters and SQL queries.
- The document provides a snapshot of various Indian stock market indices as of 14-Nov-2013 at 16:00 and 16:10, including the SENSEX, NIFTY, Bank Nifty, and other sectoral indices. It lists the current value, day's high and low, previous close, change in points and percentage, and other statistical details for each index.
- The indices covered include sectoral indices tracking automobiles, banks, capital goods, consumer durables, FMCG, healthcare, information technology, metals, oil & gas, and others.
- Market statistics like 52-week highs and lows, P/E ratios, and number of stocks trading higher or lower on
- The document provides a snapshot of various Indian stock market indices as of November 20, 2013 at 4:00 PM, including the SENSEX, NIFTY, Bank Nifty, and other sectoral indices.
- It lists the current value, day's high and low, previous close, change from previous close in absolute and percentage terms, and other statistical data like 52-week high and low, P/E ratio, etc. for each index.
- The indices cover various sectors of the Indian economy like banking, automobiles, IT, healthcare, infrastructure, metals, and small/mid cap companies.
- In summary, the document presents a detailed overview of the performance of key stock market indices
This document analyzes music magazine advertisements for several bands. It finds that the ads generally have simple designs with only one main image, a solid colored background, limited fonts, and inclusion of the band's logo. Details like the slanted image and literal representation of the band name in The Vines ad, and the double page spread and noir style of the Paramore ad are called out. The conclusion reiterates that the ads keep designs simple with mostly one image or color, limited fonts, and inclusion of logos in bold, easy to read text.
The document provides a snapshot of various Indian stock market indices as of 17 October 2012. It lists the current value, day's high and low, change from the previous day's close, and other metrics for over 30 indices tracking different sectors of the Indian economy. The key indices like SENSEX, Nifty 50, and Bank Nifty saw modest gains of around 0.1-0.5% for the day.
The document provides a snapshot of index performance on the BSE and NSE stock exchanges in India as of July 1, 2014. It includes the current, open, high, low, previous closing values as well as changes in points and percentage for various indices tracking different sectors such as auto, banks, IT, healthcare, infrastructure, and more. It also lists the number of companies included in each index and other statistical data like 52-week highs and lows, and price-to-earnings ratios.
- The key Indian stock market indices like SENSEX, Nifty 50 closed higher by around 1% on October 18, 2012 led by gains in banking, capital goods and auto stocks.
- The BSE Bankex and Nifty Bank indices gained over 2% each, while sectoral indices like capital goods, autos, and oil & gas rose around 1-1.5%.
- Midcap and smallcap stocks also saw gains of around 1% for the day according to the BSE Midcap and Smallcap indices.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Known Unknowns: Testing in the Presence of Uncertainty (talk at ACM SIGSOFT F...David Rosenblum
talk presented in the Visions & Challenges Track of the ACM SIGSOFT 22nd International Symposium on the Foundations of Software Engineering (FSE 2014), Hong Kong, 20 November 2014; the paper won 2nd Prize in the track
invited talk presented for the Distinguished Speaker Series of the Institute for Software Research (ISR) at the University of California, Irvine, 5 April 2013
Jogging While Driving, and Other Software Engineering Research Problems (invi...David Rosenblum
invited talk presented for the Distinguished Lecturer Series of the Department of Computer Science at the University of Illinois at Chicago, 10 April 2014
XSiena: The Content-Based Publish/Subscribe SystemZbigniew Jerzak
This document is a slide presentation about content-based publish-subscribe systems. It discusses the evolution of networking from telephone systems to packet switching and then to content-based publish-subscribe. It describes key concepts of publish-subscribe like publishers, subscribers, events, and brokers. It also covers content-based matching and routing approaches and challenges like reusing matching results. Finally, it introduces Bloom filter-based routing techniques.
Pub/Sub is a messaging paradigm that allows publishers to send messages to subscribers through a broker. In Drupal, it allows content like nodes to be published from one site to another. Key aspects of Pub/Sub in Drupal include topics defined by views, filtering content via rules, and supporting push and pull of content between loosely coupled systems. It can integrate with other modules via hooks and is used on a case study site to sync over 57k nodes across 21 channels.
The document provides an overview of the publish-subscribe model from the perspective of a database. It discusses key aspects of the publish-subscribe model including decoupling of publishers and subscribers, subscription models, and quality measures. It also examines applying publish-subscribe concepts in databases through expressions, continuous queries, and using XML with XFilters and SQL queries.
- The document provides a snapshot of various Indian stock market indices as of 14-Nov-2013 at 16:00 and 16:10, including the SENSEX, NIFTY, Bank Nifty, and other sectoral indices. It lists the current value, day's high and low, previous close, change in points and percentage, and other statistical details for each index.
- The indices covered include sectoral indices tracking automobiles, banks, capital goods, consumer durables, FMCG, healthcare, information technology, metals, oil & gas, and others.
- Market statistics like 52-week highs and lows, P/E ratios, and number of stocks trading higher or lower on
- The document provides a snapshot of various Indian stock market indices as of November 20, 2013 at 4:00 PM, including the SENSEX, NIFTY, Bank Nifty, and other sectoral indices.
- It lists the current value, day's high and low, previous close, change from previous close in absolute and percentage terms, and other statistical data like 52-week high and low, P/E ratio, etc. for each index.
- The indices cover various sectors of the Indian economy like banking, automobiles, IT, healthcare, infrastructure, metals, and small/mid cap companies.
- In summary, the document presents a detailed overview of the performance of key stock market indices
This document analyzes music magazine advertisements for several bands. It finds that the ads generally have simple designs with only one main image, a solid colored background, limited fonts, and inclusion of the band's logo. Details like the slanted image and literal representation of the band name in The Vines ad, and the double page spread and noir style of the Paramore ad are called out. The conclusion reiterates that the ads keep designs simple with mostly one image or color, limited fonts, and inclusion of logos in bold, easy to read text.
The document provides a snapshot of various Indian stock market indices as of 17 October 2012. It lists the current value, day's high and low, change from the previous day's close, and other metrics for over 30 indices tracking different sectors of the Indian economy. The key indices like SENSEX, Nifty 50, and Bank Nifty saw modest gains of around 0.1-0.5% for the day.
The document provides a snapshot of index performance on the BSE and NSE stock exchanges in India as of July 1, 2014. It includes the current, open, high, low, previous closing values as well as changes in points and percentage for various indices tracking different sectors such as auto, banks, IT, healthcare, infrastructure, and more. It also lists the number of companies included in each index and other statistical data like 52-week highs and lows, and price-to-earnings ratios.
- The key Indian stock market indices like SENSEX, Nifty 50 closed higher by around 1% on October 18, 2012 led by gains in banking, capital goods and auto stocks.
- The BSE Bankex and Nifty Bank indices gained over 2% each, while sectoral indices like capital goods, autos, and oil & gas rose around 1-1.5%.
- Midcap and smallcap stocks also saw gains of around 1% for the day according to the BSE Midcap and Smallcap indices.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
6. Publish/Subscribe
symbol ==MSFT
symbol IBM
price = 29.34
83.47
30.17
symbol == MSFT
&&
pri
sym ce =
bo 30.
l= 17 price > 30.00
MS
FT
OTM/DOA 2005 31 October 2005
7. Publish/Subscribe Features
Asynchronous delivery
Multi-way delivery
Content-driven interaction
Anonymity
Strong decoupling
Many applications are a natural fit
OTM/DOA 2005 31 October 2005
8. Some Ancient History
YEAST
Pub/sub for LANs of UNIX workstations
Centralised server implementation
Novelty: Applications
.cpp
Process awareness
Office automation
Telco feature deployment
Many others
.h
OTM/DOA 2005 31 October 2005
9. Some Ancient History
YEAST
Pub/sub for LANs of UNIX workstations
Centralised server implementation
Novelty: Applications
OTM/DOA 2005 31 October 2005
10. Some Ancient History
YEAST
Pub/sub for LANs of UNIX workstations
Centralised server implementation
Novelty: Applications
.cpp
Process awareness
.h
OTM/DOA 2005 31 October 2005
11. Some Ancient History
YEAST
Pub/sub for LANs of UNIX workstations
Centralised server implementation
Novelty: Applications
Process awareness
212-555-8076
Office automation
OTM/DOA 2005 31 October 2005
12. Some Ancient History
YEAST
Pub/sub for LANs of UNIX workstations
Centralised server implementation
Novelty: Applications
Process awareness
212-555-8076
Phone call awareness
Telco feature deployment
Several others
OTM/DOA 2005 31 October 2005
13. Some More Recent History
SIENA
Wide-area content-based publish/subscribe
Decentralised overlay network of
publish/subscribe ‘routers’
Routing and forwarding based on
subscription and notification content
Novelty:
Algorithms, Protocols, Architectures
Assumed that the applications
would naturally appear!
OTM/DOA 2005 31 October 2005
14. Most Recently
PreCache
Sony-funded startup to commercialise
content-based publish/subscribe
Survived 2.5 years
Successful technology development
Less successful business development
Video-on-demand (???)
Anti-virus updates
Travel alerts
OTM/DOA 2005 31 October 2005
15. So What Are the Killer
Applications?
Many research projects
Many novel research results
No significant deployments yet
Need to take a closer look
at some proposed approaches
OTM/DOA 2005 31 October 2005
19. Implications of SIENA’s Design
Notifications can be very frequent
But subscriptions should be relatively
infrequent
Yet there should be a lot of subscription
variation
But there should be some similar
subscriptions
And the similar subscriptions should come
from the same part of the network
Which applications are like this?
OTM/DOA 2005 31 October 2005
20. Other Approaches
Gryphon
Subscription flooding over tree of clusters
Applicable if subscriptions are few and stable
Hermes
Rendezvous nodes allocated to content types
Applicable if load is spread evenly by type
PreCache
Trie- and kd-tree-based subscription storage
Applicable if unsubscription occurs very infrequently
All of these limit application suitability
OTM/DOA 2005 31 October 2005
21. Publish/Subscribe Features
Conceptual Features Infrastructure Features
Asynchronous delivery Message flooding
Multi-way delivery Subscription merging
Content-driven interaction Tree-based routing
Anonymity Localised forwarding
Strong decoupling Content partitioning
Few applications can naturally exploit these features
OTM/DOA 2005 31 October 2005
22. Example
Stock Quotes vs Online Gaming
Stock Quotes Online Gaming
Message flooding Message flooding
? Subscription merging ? Subscription merging
Tree-based routing Tree-based routing
Localised forwarding ? Localised forwarding
Content partitioning Content partitioning
One size infrastructure does not fit all
OTM/DOA 2005 31 October 2005
23. Matching Applications with
Infrastructures
Application ??? Infrastructure
Characteristics Characteristics
Notification size Number of routers
Notification throughput Number of routing hops
Notification latency Path redundancy
Notification variability Subscription replication
Subscription selectivity Matching complexity
Subscription stability Matching accuracy
Locality
…
…
OTM/DOA 2005 31 October 2005
24. Example
Stock Quotes vs Online Gaming
Stock Quotes Online Gaming
Notification size Notification size
Notification frequency Notification frequency
Notification variability Notification variability
Notification latency Notification latency
Subscription selectivity Subscription selectivity
Subscription stability Subscription stability
Locality ? Locality
How do we translate these to design decisions?
OTM/DOA 2005 31 October 2005
25. Additional Complications
Mobility
Of publishers
Of subscribers
Of routers
Firewalls
Edge Fanout
Security
OTM/DOA 2005 31 October 2005
26. The Value of Information
Can we do secure content-based routing
over an OTM/DOA 2005
untrusted infrastructure? 2005
31 October
27. Security in Content-Based
Publish/Subscribe
Encryption used to implement many security goals
Authentication
Confidentiality
Integrity
But content-based routing intrinsically requires
some transparency of content
Infrastructure must be able to determine if a subscription
matches notification
Existing approaches have limited applicability
In large part due to need to secure multiple messages
OTM/DOA 2005 31 October 2005
28. A Cryptographic Protocol Based
on Yao’s Garbled Circuits
Subscriptions transformed to Boolean
circuits and then garbled based on shared
secret
Notifications encrypted with shared secret
Router evaluates circuit on encrypted
notification
Router knows result but not content!
Weak but inexpensive security
OTM/DOA 2005 31 October 2005
29. A Cryptographic Protocol Based
on PSM
PSM = Private Simultaneous Messages (Feige et al.)
Subscription matching transformed to graph
reachability
Notifications and subscriptions transformed to
subgraphs and encrypted based on shared secret
Router sums adjacency matrices for subgraphs
Router checks rank of resulting matrix for match
Router knows result but not content!
Better security but very expensive
OTM/DOA 2005 31 October 2005
30. Inherent Security Limitations
(1)
Must provide confidentiality of both
notifications and subscriptions
Range of plaintext notifications can be matched
against confidential subscription
Range of plaintext subscriptions can be matched
against confidential notification
Router must know outcome of match
This alone can sometimes be useful information
Example: Battlefield Awareness
OTM/DOA 2005 31 October 2005
31. Inherent Security Limitations
(2)
Router can determine subscription coverage
over time
Again, this may be useful information
Router can determine Euclidean distance
between notifications over time
Studied protocols require sharing of secret
among potentially large number of
publishers and subscribers
OTM/DOA 2005 31 October 2005
32. Inherent Limitations of Possible
Security Solutions
Cryptographic group membership protocols
Too expensive with high subscription volatility
Padding notification stream with dummy messages
Reduces throughput and increases latency of
infrastructure
Defeats the whole purpose of the infrastructure!
Proxy publishers and subscribers
Increases latency of messages
Trusted infrastructure
Can be expensive to deploy for each application
OTM/DOA 2005 31 October 2005
33. A Generic Architecture for
Content-Based Matching
Cluster
Cluster
2
3
Cluster
1
Cluster
Cluster 4
C
Separates matching from routing
Fully-connected mesh of N nodes in C clusters
Full connectivity simulated on DHT with minimal overhead
Choose 2 of 3 configuration parameters
Subscription replication rate R (= N/C)
Notification routing hops H (1 ≤ H ≤ C)
Load-balancing factor B 2005
OTM/DOA 31 October 2005
34. Conclusion
The Past
There have been many innovations in wide-
area content-based publish/subscribe
But researchers have ignored application
characteristics for too long
A universal infrastructure shared by all
applications is probably not feasible
Security is very difficult to achieve over an
untrusted infrastructure
OTM/DOA 2005 31 October 2005
35. Conclusion
The Future
We need to understand better the
relationship between application
requirements and infrastructure design
Andwe need to explore further the limits of
security in content-based publish/subscribe
OTM/DOA 2005 31 October 2005
36. Questions?
Prof. David S. Rosenblum
London Software Systems
University College London
d.rosenblum@cs.ucl.ac.uk
http://www.cs.ucl.ac.uk/staff/D.Rosenblum/
OTM/DOA 2005 31 October 2005