Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Ā
Trusted Publish/Subscribe Trees for Securing Ad Hoc Publish/Subscribe Systems
1. Trusted Publish/Subscribe
Stephen Naicken
Foundations of Software Systems
University of Sussex
stephenn@sussex.ac.uk
15th February 2012
(University of Sussex) Trusted Publish/Subscribe 15/02/12 1 / 58
2. Outline
1 Why Apply Trust to Publish/Subscribe Systems?
Publish/Subscribe Security Issues
Securing Networks Using Trust and Reputation
2 Trusted Publish/Subscribe Trees
Communication Overheads of PSTs
A Trust Metric for Publish/Subscribe Trees
PST Trust Maximisation Problem with Overhead Budget
3 Algorithms
Exhaustive Search
Tabu Search
4 Results
5 Conclusions and Future Work
(University of Sussex) Trusted Publish/Subscribe 15/02/12 2 / 58
3. Publish/Subscribe Overview
What is Publish/Subscribe?
Publish/Subscribe is an event-based messaging paradigm.
Publishers publish notiļ¬cations.
Subscribers issue subscriptions describing notiļ¬cations of interest.
Notiļ¬cations are delivered only to interested subscribers.
Event Notiļ¬cation Service (ENS) is responsible for the routing of
notiļ¬cations from publishers to interested subscribers.
ENS may be centralised or it may be a network of brokers.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 3 / 58
4. Publish/Subscribe Data Model
Topic-Based Publish/Subscribe
Publisher publishes each of its events to a topic or subject.
Subscribers subscribe to a topic to receive all events published to it.
Content-Based Publish/Subscribe
Publisher issues an advertisement - an intent to publish events.
Any events published must be covered by the advertisement.
Subscription is a function over the event contents.
Greater expressiveness.
Increased message state and processing complexity at brokers.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 4 / 58
5. Publish/Subscribe in Ad Hoc Networks
In ad hoc networks, the presence of an ENS can not be assumed.
There may not be any entities responsible for the network.
If this is the case, publishers and subscribers will need to assume
the responsibility of brokers where necessary.
Publish/Subscribe in these environments may become more
widespread due to smartphones (e.g. Android 4.0 ad hoc
networking support).
MANETs, Sensor networks, VANETs
(University of Sussex) Trusted Publish/Subscribe 15/02/12 5 / 58
6. Publish/Subscribe Tree
P
Modiļ¬cation of Huang &
Garcia-Molina [HGM03]
deļ¬nition.
S2 R1 S7
For each advertisement, the
PST is rooted at the publisher
and spans all interested
subscribers.
S1 S3 S6
Steiner tree - the PST contains
a subset of non-publisher &
non-subscriber nodes
R2
(brokers) to facilitate
connectivity.
There can be many possible
S4 S5 S5
PSTs for a given
advertisement.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 6 / 58
7. Publish/Subscribe Tree
PST abstraction can be used to model both publish/subscribe
using an ENS or in an ad hoc network.
In ENS-based publish/subscribe:
the internal vertices of the tree are broker nodes;
the publisher is the root;
all terminals are subscribers.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 7 / 58
8. Publish/Subscribe Security
A plethora of research on publish/subscribe data models and
infrastructure.
Topic-based to Content-based Publish/Subscribe
Centralised to decentralised ENS.
Optimisation of routing and matching algorithms.
But very little on security.
Role-Based Access Control (RBAC).
Computing on encrypted data.
Why?
ENS under the control of single or multiple cooperating entities.
External contracts between publishers, subscribers and ENS.
Implicit trust assumed, but if we break this...
(University of Sussex) Trusted Publish/Subscribe 15/02/12 8 / 58
9. Publish/Subscribe Attacks
Denial of Service:
Flooding (Events and Subscriptions);
Fake unsubscribe & unadvertise (API weakness);
Selective & random message dropping.
Publish/Subscribe Spam [Tar06]
Blackhole advertisement - allows malicious publisher to acquire all
subscriptions, if subscriptions are propagated to the publisher.
Blackhole subscription - subscribe to all events to allow inference of
the subscriptions of others.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 9 / 58
10. Impact of Attacks
Wun et al. [WCJ07] provide a taxonomy of DoS attacks and
results from DoS experiments.
Subscription ļ¬ooding attack - injecting malicious subscriptions at a
high rate into the infrastructure (ENS).
Reduction in free memory at the broker, increased processing
time of approximately two orders of magnitude, & exponential
growth in the response time.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 10 / 58
11. RBAC and CPS
RBAC
Assign subjects to roles and permissions to roles.
Allows limitations on access to events given the subscriberās role.
Limitations on events a publisher can publish.
Brokers can perform content-based routing only on attributes that
they are permitted to access.
CPS
Subscriptions and events are encrypted using a shared key.
Matching and routing functions are performed on the encrypted
data by brokers.
Raiciu and Rosenblum [RR06] have deļ¬ned a number of
techniques to implement CPS.
RBAC and CPS address many of the security issues, so whatās
the problem?
(University of Sussex) Trusted Publish/Subscribe 15/02/12 11 / 58
12. RBAC and CPS
RBAC
Assign subjects to roles and permissions to roles.
Allows limitations on access to events given the subscriberās role.
Limitations on events a publisher can publish.
Brokers can perform content-based routing only on attributes that
they are permitted to access.
CPS
Subscriptions and events are encrypted using a shared key.
Matching and routing functions are performed on the encrypted
data by brokers.
Raiciu and Rosenblum [RR06] have deļ¬ned a number of
techniques to implement CPS.
RBAC and CPS address many of the security issues, so whatās
the problem?
(University of Sussex) Trusted Publish/Subscribe 15/02/12 11 / 58
13. The Problems with RBAC and CPS
RBAC requires a trusted organisation to assign roles to entities.
This is not feasible in ad hoc environments.
Absence of a monitoring component to detect misbehaviour.
Both RBAC and CPS are difļ¬cult to adapt to stochastic behaviour.
CPS requires issuing a new encryption key.
RBAC requires issuing new policies.
What happens if the shared key is leaked?
(University of Sussex) Trusted Publish/Subscribe 15/02/12 12 / 58
14. Trust Management
We know that trust and reputation management can be used to
secure network communications.
Mitigate against malicious and selļ¬sh nodes.
EigenTrust in P2P, CONFIDANT in MANET routing.
Can we use trust to mitigate attacks in publish/subscribe?
(University of Sussex) Trusted Publish/Subscribe 15/02/12 13 / 58
15. Trust Management
Is it possible to deļ¬ne a trust metric for PSTs?
Determine the trustworthiness of a network not a node.
Can we construct the most trusted PST for a given
advertisement...
And at the same time ensure efļ¬cient communications?
We leave monitoring behaviour for future work.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 14 / 58
16. PST Overhead Metric
Deļ¬ned by Huang and Garcia-Molina [HGM03].
At any node in the tree
it costs to receive an event (r ).
it costs to forward an event on each outgoing edge, as required by
the subscriptions of any descendants (f ).
The overhead of a PST is the sum of the overheads at each node.
The overhead at a node is given by the sum of:
the cost to forward events of interest;
the cost to receive and forward events not of interest.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 15 / 58
17. PST Overhead Metric
Deļ¬nition (Inherent Subscription)
The inherent subscription si of a subscriber i is given by its
subscription function sfi .
Deļ¬nition (Effective Subscription)
The effective subscription Si of a subscriber i is given by the
disjunction of its inherent subscription si and its proxied subscription
si , Si = si āØ si .
Deļ¬nition (Proxied Subscription)
The proxied subscription si of a subscriber i is given by
si = j=1,...,n Sj for each child 1, . . . , n of i.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 16 / 58
18. PST Overhead Metric
Deļ¬nition (Publish/Subscribe Tree Overhead)
Let E be a set of events, r be some cost associated with receiving an
event, f be a cost associated with forwarding an event, si be the
inherent subscription of node i and si be the proxied subscription of i.
For a PST TAp for an advertisement Ap , its overhead is deļ¬ned as:
OTAp (E) = iāVAp OTAp (E) where
i
OTAp (E) = (r + f ) Ā· Ī¦E(Ā¬si ā§ si ) + f Ā· Ī¦E(si ā§ si ).
i
(University of Sussex) Trusted Publish/Subscribe 15/02/12 17 / 58
19. The Problem - Tussles
Given two nodes, A and B, A can choose to trust B by using global
and/or local information. The decision rests solely with A.
This is not the case for PSTs.
Node A and B are nodes in PSTs T1 and T2 .
Node A considers PST T1 to be more trustworthy than T2 .
Node B considers PST T2 to be more trustworthy than T1 .
How do we decide upon the PST, which maximises trust for all
PSTās nodes?
(University of Sussex) Trusted Publish/Subscribe 15/02/12 18 / 58
20. The Problem - Tussles
Given two nodes, A and B, A can choose to trust B by using global
and/or local information. The decision rests solely with A.
This is not the case for PSTs.
Node A and B are nodes in PSTs T1 and T2 .
Node A considers PST T1 to be more trustworthy than T2 .
Node B considers PST T2 to be more trustworthy than T1 .
How do we decide upon the PST, which maximises trust for all
PSTās nodes?
(University of Sussex) Trusted Publish/Subscribe 15/02/12 18 / 58
21. Semiring Trust Model
Deļ¬nition
(S, ā) is commutative semigroup with neutral element 0:
aāb =bāa
(a ā b) ā c = a ā (b ā c)
aā0=a
(S, ā) is a semigroup with a neutral element 1 and an absorbing
element 0:
(a ā b) ā c = a ā (b ā c)
aā1=1āa=a
aā0=0āa=0
(University of Sussex) Trusted Publish/Subscribe 15/02/12 19 / 58
22. Semiring Trust Model
Instantiation
The model provides a means to determine the trustworthiness of
a path [TB06].
Deļ¬nition
The trusted path semiring is a semiring, (S, ā, ā) where S = [0, 1] and
ā and ā are deļ¬ned as:
for all s1 , s2 ā S, s1 ā s2 = max(s1 , s2 )
for all s1 , s2 ā S, s1 ā s2 = s1 s2
No assumption is made upon the deļ¬nition of the semiring
operators. Alternatives are acceptable.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 20 / 58
23. Semiring Trust Model
Example
Path 1 (P1 ): (a, b), (b, c), (c, d).
Path 2 (P2 ): (a, e), (e, f), (f, d).
Let Ļ be a trust function, Ļ : V Ć V ā [0, 1].
Ļ (a, b) = 0.7, Ļ (a, b) = 0.7.
Ļ (a, b) = 0.5, Ļ (a, b) = 1.
Ļ (a, b) ā Ļ (a, c) = 0.49.
Ļ (a, e) ā Ļ (a, f ) = 0.5.
P1 ā P2 = P2 .
(University of Sussex) Trusted Publish/Subscribe 15/02/12 21 / 58
24. Individual PST Trust Functions
We have a means to determine the trust of a path and given two
paths we can determine which is more trustworthy.
How can we use this to determine the trust of a PST.
To do this, we need to identify the communication paths in a PST.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 22 / 58
25. Trust Relationships in PSTs
There are many communication paths in a PST that should ideally
be trusted.
The publisher must have trust in all the paths to all the
subscribers.
The subscribers must trust the path to the publisher.
Any internal subscribers must trust the paths to descendant
subscribers and the publisher.
To maximise the trust of a PST, we select the PST that maximises
the trust of these paths.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 23 / 58
26. Terminal Subscriber Node
P
Subscriber trusts the publisher
S2 R1 S7
sufļ¬ciently to receive its
events, so it is not included in
the metric.
S1 S3 S6
It must trust the nodes on the
path to the publisher, which
route events to it.
R2
Example Path:
S5 , R2 , S6 , R1 , P.
S4 S5 S5
(University of Sussex) Trusted Publish/Subscribe 15/02/12 24 / 58
27. Terminal Subscriber Node
Deļ¬nition (Terminal Subscriber Trust Function)
1
Ļs (T ) =
Ļs (ĪĪ· 1 ) ā Ļs (ĪĪ· 2 ) ā Ā· Ā· Ā· ā Ļs (ĪĪ· |Ļs,p |ā2 ) ā Ļs (ĪĪ· |Ļs,p |ā1 )
s,v s,v s,v s,v
Ļs is the trust function of subscriber s.
ĪĪ· |Ļs,n | is the vector of trust information on n held by s.
s,v
1 if s is adjacent to p, otherwise it is given by the product of the
trust in the intermediate vertices.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 25 / 58
28. Publisher Trust Function
More complicated for the publisher, as there is path to each
subscriber.
Although the edges may be shared between paths, each is
considered individually.
Reasoning is that there is "contact" to provide events to each and
every subscriber.
The publisherās trust in the tree is given by the aggregation of the
trust of all paths to all subscribers.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 26 / 58
29. Publisher Trust Function
Deļ¬nition (Publisher Trust Function)
1
Ļp (Ļp,s ) =
Ļp (ĪĪ· 1 ) ā Ļp (ĪĪ· 2 ) ā Ā· Ā· Ā· ā Ļp (ĪĪ· |Ļ|ā2 ) ā Ļp (ĪĪ· |Ļ|ā1 )
p,v p,v p,v p,v
Similar to the terminal subscribe trust function.
Ļp (Ļp,s ), the trust of the path from publisher p to subscriber s.
1 if p is adjacent to s, otherwise it is given by the product of the
trust in the intermediate vertices.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 27 / 58
30. Publisher Trust Function
Deļ¬nition (Publisher Trust Function)
The trust of T for p is a function of the trust of the paths to each
subscriber and is given by
Ļp (T ) = Ī±(Ļp (Ļp,s1 ), Ļp (Ļp,s2 ), . . . , Ļp (Ļp,s|S| )).
where Ī± is the aggregation function and Ļp (Ļp,s1 ) is the trust p has in
the path from p to subscriber s1 .
(University of Sussex) Trusted Publish/Subscribe 15/02/12 28 / 58
31. Publisher Trust Function
How to achieve the aggregation?
The number of subscribers for a given advertisement is constant
across all PSTs.
All subscribers to be treated fairly.
This means we can use the leximin aggregation.
Similar to maximin, but breaks ties using the next least well off
value until tie is broken.
Motivation: The publisherās trust in a PST is dominated by the
least trusted path.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 29 / 58
32. Leximin Aggregation Function
Deļ¬nition (Ordered Weighted Average)
An ordered weighted average operator F of dimension n is a mapping
F : Rn ā R that has an associated vector of weights
W = [w1 , w2 , . . . , wn ] such that n wi = 1 and each wi ā [0, 1] and
i=1
where F (y1 , y2 , . . . , yn ) = n wj Ā· zj where zj is the j-largest yi .
j=1
(University of Sussex) Trusted Publish/Subscribe 15/02/12 30 / 58
33. Leximin Aggregation Function
Deļ¬nition (Yagerās Analytical Function [Yag97])
The analytical leximin aggregation operator, Fleximin , is an ordered
weighted average where the weight vector
W = [w1 , . . . , wnā2 , wnā1 , wn ] is deļ¬ned as follows:
ānā1
w1 = ,
(1 + ā)nā1
ānāj
wj = for all 2 ā¤ j ā¤ n.
(1 + ā)n+1āj
If |a ā b| < ā then a = b. If a > b then |a ā b| > ā.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 31 / 58
34. Internal Subscriber Trust Function
The internal subscriber trust function is a combination of the two
previous trust functions.
An internal subscriber must trust the path to the publisher (similar
to a terminal subscriber).
In addition, it also distributes events to descendants that have a
matching subscription.
So it must also trust the paths to all descendants who are
subscribers (similar to a publisher).
(University of Sussex) Trusted Publish/Subscribe 15/02/12 32 / 58
36. And The Router Trust Function?
PST is a Steiner tree - it need not span the network.
The opinions of routers are ignored.
Incentive compatibility can not be guaranteed.
Routers have good reason to lie. A router in a PST contributes
resources but has no interest in the content being shared.
Declare the paths and consequently the tree to be of low trust.
PST is less likely to be most trusted, so reduced possibility of
being in this PST.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 34 / 58
37. PST Trust Metric
Social Choice and Welfare
We now have a mechanism for each node to assess a tree and
come up with a number that represents its belief of how
trustworthy that tree is.
How do we order the trees given these trust values from the
participants?
We assume that the trust values provide an ordering of how badly
off a member would be, if that tree was chosen.
Rawlsā principles of justice, that social and economic inequalities
satisfy the condition that they are to be to the greatest beneļ¬t of
the least advantaged members of society
Leximin Deļ¬ne a lexical ordering on the participants, and in any
pair of alternatives, pick the one that improves the lot of the worse
off
(University of Sussex) Trusted Publish/Subscribe 15/02/12 35 / 58
38. PST Trust Metric
Deļ¬nition
Let t = (Vt , Et ) be a PST where Vt = S āŖ R āŖ {p}. For each
i ā S āŖ {p}, there is a real-value Ļi (T ) representing iās trust value of t.
The social trust value of t is given by Fleximin (Ļi1 (T ), Ļi2 (T ), . . . ,
Ļi|SāŖ{p}| (T )).
(University of Sussex) Trusted Publish/Subscribe 15/02/12 36 / 58
39. Interpersonal Incomparability of Trust
Leximin requires interpersonal comparability.
This means trust values of different entities must share the same
trust continuum.
Same origin and same unit of trust.
This isnāt possible for mental states such as trust.
Often assumed to be the case in existing trust models, so we do
too..
(University of Sussex) Trusted Publish/Subscribe 15/02/12 37 / 58
40. The Maximum Trust PST with Overhead Budget
Deļ¬nition
Given an overhead budget B > 0, an event distribution E, an
undirected connectivity graph Gc = (Vc , Ec ), a publisher p that holds
an advertisement Ap , a set of subscribers S = {s | sfs (Ap ) = true}
where sfs is the subscription function of s, a set of routers R = Vc C
where C = {p} āŖ S
ļ¬nd a PST T that is rooted at p, spans S and maximises the trust
value Ļ (T ) = Fleximin (Ļc1 (T ), . . . , Ļc|C| (T )) where Ļci (T ) is the trust
evaluation of i th node in C, subject to OT (E) ā¤ B.
The PST Trust Maximisation Problem with Overhead Budget is
NP-complete.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 38 / 58
41. Exhaustive Search Algorithm
Find all PSTs in the connectivity graph rooted at p and spanning
the subscribers S.
For each PST:
Find the trust value.
Find the overhead value.
Select the PST that has the highest trust value with the deļ¬ned
budget B.
How to ļ¬nd all PSTs?
(University of Sussex) Trusted Publish/Subscribe 15/02/12 39 / 58
42. Spanning Tree Enumeration
A PST is a Steiner tree of the connectivity graph.
The set of feasible PSTs for an advertisement is a subset of the
set of all Steiner trees in the connectivity graph.
The set of all spanning trees for all subgraphs of the connectivity
graph is the set of all Steiner trees.
Modify a spanning tree enumeration algorithm to enumerate all
PSTs that span a graph.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 40 / 58
43. Spanning Tree Enumeration
Charās spanning tree algorithm [Cha68] enumerates all spanning
trees.
Uses DFS to ļ¬nd initial tree and label vertices.
Representation of the tree is stored in an array.
Index is node label, array[index] gives index of an adjacent node.
Lexicographically alter the adjacent edges, "cycling" through
subgraphs.
Each subgraph found is tested to ensure that it is a spanning tree.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 41 / 58
44. Spanning Tree Enumeration
The tree test can be modiļ¬ed to also test if the subgraph is a PST.
A router can not be a terminal node - illogical.
Test if each router in the tree is has two adjacent edges.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 42 / 58
45. Tabu Search Algorithm
Given that the problem is in NP-Complete, the exhaustive search
will only be suitable for small problem instances.
Instead we choose to use the Tabu search metaheuristic.
Similar to local search, but we store list of last n chosen moves
(tabu list).
To escape local maxima, we do not select moves from the tabu
list.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 43 / 58
46. Tabu Search Algorithm
First we need to deļ¬ne a move structure.
Given a PST, a move is the addition or removal of a router from
the PST.
When a router is added to a PST, edges adjacent to nodes in the
PST are added too.
When a router is removed from the PST, edges from the
connectivity graph between pairs of nodes in the PST are added
to re-connect the graph.
How do we choose the router to add or remove?
(University of Sussex) Trusted Publish/Subscribe 15/02/12 44 / 58
47. Tabu Search Algorithm
We use a surrogate objective function - essentially "guesstimate".
We know the node that had the least trust in prior PST.
So we evaluate the trustworthiness of the paths from this node to
the publisher in the graph induced by the application of the move
to the PST.
The move that yields the greatest improvement in trust for this
node is chosen.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 45 / 58
48. Tabu Search Algorithm
This leaves us with a second problem, the application of the move
gives a graph not a PST.
We use the modiļ¬ed Char algorithm to ļ¬nd the PSTs in the graph.
The tree that maximises the objective function is chosen.
So what is the objective function?
(University of Sussex) Trusted Publish/Subscribe 15/02/12 46 / 58
49. Tabu Search Algorithm
Tabu search is designed for combinatorial problems of the
following form:
Deļ¬nition
Given a set of feasible solutions F and a function F : F ā R, ļ¬nd the
optimal solution x ā F for a minimisation problem such that
F (x) ā¤ F (y ) for all y ā F, or F (x) ā„ F (y ) for a maximisation problem.
But we have an overhead budget to consider.
If a solution is overbudget, we penalise the objective value of the
solution, i.e. its trust value.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 47 / 58
50. Tabu Search Algorithm
We investigated two approaches to tabu search for problems with
constraints.
The ļ¬rst a static penalty function. Penalise all overbudget
solutions by reducing their trustworthiness by 50%.
The second is Near-Feasibility Threshold approach devised by
Kulturel-Konak et al. [KKNCS04]
However, as the results were often poor in comparison to the
naive static approach, we shall dismiss it.
The authors claim that the technique is sometimes not suitable
where there are few constraints. We have one.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 48 / 58
51. Tabu Search Algorithm
Diversiļ¬cation potentially allows the Tabu search to explore
unvisited regions of the search space and escape cycles.
Every 50 iterations of the Tabu search, the search diversify
choosing a new solution from which the search continues.
We investigated modiļ¬ed versions of the Takahashi-Matsuyama
[TM80] and Shortest Path Tree algorithms to create PSTs.
However, as both are subscription and trust unaware algorithms,
little difference can be expected.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 49 / 58
52. Evaluation Environment
Experiments were performed using Amazon EC2 infrastructure,
with a 6.5 EC2 Compute Units (2x Intel(R) Xeon(R) CPU X5550
@ 2.67GHz), 17.1 GB RAM instance (m2.xlarge) running on a
64-bit Linux OS.
The connectivity graph is constructed by power law graph
generator [EW02].
The trust graph is generated using Klemm-Eguiluz [KE02] model
so that it has both high clustering and power law properties.
The Tabu search executed for 1500 iterations.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 50 / 58
53. Problem Data Set
A number of problem sets were considered, the results of two of
these will be presented.
A problem set is identiļ¬ed using the following format
<Problem Data set><Subset Number>-<Problem Number> :
"<Problem Data set>" is the data set identiļ¬er (A and B),
"<Subset Number>" indicates the value of |R| for each problem
"<Problem Number>" is the problem identiļ¬er where
1 =ā B = 2000, 2 =ā B = 3000, 3 =ā B = 4000, 4 =ā B =
5000, 5 =ā B = 231 ā 1.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 51 / 58
54. Problem Data Set
Problem Set A.
Publisher: 1, Subscribers: 5, Routers: 1, 2, ..., 9.
Problem Set B.
Publisher: 1, Subscribers: 5, Routers: 20, 30, 40, ... 90.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 52 / 58
55. Exhaustive Search Results
1e+05
q
8e+04
6e+04
Time (s)
4e+04
2e+04
q
q q q q q q q q
0e+00
A0 A1 A2 A3 A4 A5 A6 A7 A8 A9
Problem Subset
Figure: Average Execution Times of Exhaustive Search Results for Problem
Set A
(University of Sussex) Trusted Publish/Subscribe 15/02/12 53 / 58
56. Exhaustive Search Results
Pr. Min. (s) Max. (s) Avg. (s)
A0 0.0153 0.0871 0.0339
A1 0.0239 0.1522 0.058
A2 0.1238 0.3774 0.1852
A3 0.8051 1.2791 0.9304
A4 1.7682 2.4166 1.9041
A5 19.5833 20.212 19.7224
A6 285.8669 287.4492 286.3381
A7 945.8277 949.9657 947.4963
A8 6149.868 6164.197 6158.712
A9 97672.93 97672.93 -
Table: Execution Times of Exhaustive Search Results for Problem Set A
(University of Sussex) Trusted Publish/Subscribe 15/02/12 54 / 58
57. Tabu Search
Problem Set A
PST Rel. Error
Pr ĻT OT Ī·Ļ Ī·O Sec
A1-4 0.0181 2398 - - 3.01
A2-4 0.0931 1850 - - 8.37
A3-4 0.0224 2917 - - 11.03
A4-4 0.1855 2224 - - 7.20
A5-4 0.0812 3580 - 0.1202 8.24
A6-4 0.0360 3846 5Ć10ā7 0.1287 138.96
A7-4 0.0692 3570 - - 78.38
A8-4 0.0031 3657 1Ć10ā6 0.0928 9.77
A9-4 0.2184 1885 - - 20.49
Table: Solutions for Problem Set A using the Tabu Search algorithm
(University of Sussex) Trusted Publish/Subscribe 15/02/12 55 / 58
59. Conclusions
It is possible to deļ¬ne a trust metrics for a network structure, the
PST, not just nodes.
Trust is interpersonal incomparable. Metrics should consider this.
Tabu search efļ¬ciently solves the Maximum Trust PST with
Overhead Budget Problem.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 57 / 58
60. Future Work
Is it possible to deļ¬ne a distributed algorithm to solve the
problem?
Tussle between trust relationships in a PST.
Nodes may be unwilling to share trust data.
Possible using local information only?
How do we implement monitoring of publish/subscribe services?
Space decoupling conļ¬icts with long-lived identity requirements.
Are these techniques applicable to an Information-Centric
Publish/Subscribe Internet?
(University of Sussex) Trusted Publish/Subscribe 15/02/12 58 / 58
61. J. Char.
Generation of trees, two-trees, and storage of master forests.
IEEE Transactions on Circuit Theory, 15(3):228ā238, 1968.
David Eppstein and Joseph Yannkae Wang.
A steady state model for graph power laws.
ACM Computing Research Repository, April 2002.
Yongqiang Huang and Hector Garcia-Molina.
Publish/subscribe tree construction in wireless ad-hoc networks.
In Mobile Data Management, volume 2574 of Lecture Notes in
Computer Science, pages 122ā140. Springer Berlin/Heidelberg,
2003.
Konstantin Klemm and V.M. Eguiluz.
Growing scale-free networks with small-world behavior.
Physical Review E, 65(5):57102, May 2002.
Sadan Kulturel-Konak, Bryan A. Norman, David W. Coit, and
Alice E. Smith.
Exploiting tabu search memory in constrained problems.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 58 / 58
62. INFORMS Journal on Computing, 16(3):241ā254, 2004.
Costin Raiciu and D.S. Rosenblum.
Enabling conļ¬dentiality in content-based publish/subscribe
infrastructures.
In Proceedings of the Second IEEE/CreatNet International
Conference on Security and Privacy in Communication Networks,
Securecomm ā06, pages 1ā11. IEEE, August 2006.
S. Tarkoma.
Preventing spam in publish/subscribe.
In 26th IEEE International Conference on Distributed Computing
Systems Workshops, ICDCSW 2006, pages 21ā21. IEEE, 2006.
G. Theodorakopoulos and J.S. Baras.
On trust models and trust evaluation metrics for ad hoc networks.
IEEE Journal on Selected Areas in Communications,
24(2):318ā328, February 2006.
H. Takahashi and A. Matsuyama.
An approximate solution for the Steiner problem in graphs.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 58 / 58
63. Mathematica Japonica, 24(6):573ā577, 1980.
Alex Wun, Alex Cheung, and Hans-Arno Jacobsen.
A taxonomy for denial of service attacks in content-based
publish/subscribe systems.
In Proceedings of the 2007 Inaugural International Conference on
Distributed event-based systems, DEBS ā07, pages 116ā127, New
York, NY, USA, 2007. ACM.
R.R. Yager.
On the analytic representation of the Leximin ordering and its
application to ļ¬exible constraint propagation.
European Journal of Operational Research, 102(1):176ā192,
October 1997.
(University of Sussex) Trusted Publish/Subscribe 15/02/12 58 / 58