Trusted Publish/Subscribe Trees for Securing Ad Hoc Publish/Subscribe Systems

Trusted Publish/Subscribe

Stephen Naicken

Foundations of Software Systems
University of Sussex
stephenn@sussex.ac.uk

15th February 2012

(University of Sussex) Trusted Publish/Subscribe 15/02/12 1 / 58

Outline
1 Why Apply Trust to Publish/Subscribe Systems?
Publish/Subscribe Security Issues
Securing Networks Using Trust and Reputation
2 Trusted Publish/Subscribe Trees
Communication Overheads of PSTs
A Trust Metric for Publish/Subscribe Trees
PST Trust Maximisation Problem with Overhead Budget
3 Algorithms
Exhaustive Search
Tabu Search
4 Results
5 Conclusions and Future Work


Publish/Subscribe Overview
What is Publish/Subscribe?

Publish/Subscribe is an event-based messaging paradigm.
Publishers publish notifications.
Subscribers issue subscriptions describing notifications of interest.
Notifications are delivered only to interested subscribers.
Event Notification Service (ENS) is responsible for the routing of
notifications from publishers to interested subscribers.
ENS may be centralised or it may be a network of brokers.


Publish/Subscribe Data Model

Topic-Based Publish/Subscribe
Publisher publishes each of its events to a topic or subject.
Subscribers subscribe to a topic to receive all events published to it.
Content-Based Publish/Subscribe
Publisher issues an advertisement - an intent to publish events.
Any events published must be covered by the advertisement.
Subscription is a function over the event contents.
Greater expressiveness.
Increased message state and processing complexity at brokers.


Publish/Subscribe in Ad Hoc Networks

In ad hoc networks, the presence of an ENS can not be assumed.
There may not be any entities responsible for the network.
If this is the case, publishers and subscribers will need to assume
the responsibility of brokers where necessary.
Publish/Subscribe in these environments may become more
widespread due to smartphones (e.g. Android 4.0 ad hoc
networking support).
MANETs, Sensor networks, VANETs


Publish/Subscribe Tree

P
Modiﬁcation of Huang &
Garcia-Molina [HGM03]
deﬁnition.
S2 R1 S7
For each advertisement, the
PST is rooted at the publisher
and spans all interested
subscribers.
S1 S3 S6

Steiner tree - the PST contains
a subset of non-publisher &
non-subscriber nodes
R2

(brokers) to facilitate
connectivity.
There can be many possible
S4 S5 S5
PSTs for a given
advertisement.


Publish/Subscribe Tree

PST abstraction can be used to model both publish/subscribe
using an ENS or in an ad hoc network.
In ENS-based publish/subscribe:
the internal vertices of the tree are broker nodes;
the publisher is the root;
all terminals are subscribers.


Publish/Subscribe Security

A plethora of research on publish/subscribe data models and
infrastructure.
Topic-based to Content-based Publish/Subscribe
Centralised to decentralised ENS.
Optimisation of routing and matching algorithms.
But very little on security.
Role-Based Access Control (RBAC).
Computing on encrypted data.
Why?
ENS under the control of single or multiple cooperating entities.
External contracts between publishers, subscribers and ENS.
Implicit trust assumed, but if we break this...


Publish/Subscribe Attacks

Denial of Service:
Flooding (Events and Subscriptions);
Fake unsubscribe & unadvertise (API weakness);
Selective & random message dropping.
Publish/Subscribe Spam [Tar06]
Blackhole advertisement - allows malicious publisher to acquire all
subscriptions, if subscriptions are propagated to the publisher.
Blackhole subscription - subscribe to all events to allow inference of
the subscriptions of others.


Impact of Attacks

Wun et al. [WCJ07] provide a taxonomy of DoS attacks and
results from DoS experiments.
Subscription ﬂooding attack - injecting malicious subscriptions at a
high rate into the infrastructure (ENS).
Reduction in free memory at the broker, increased processing
time of approximately two orders of magnitude, & exponential
growth in the response time.


RBAC and CPS

RBAC
Assign subjects to roles and permissions to roles.
Allows limitations on access to events given the subscriber’s role.
Limitations on events a publisher can publish.
Brokers can perform content-based routing only on attributes that
they are permitted to access.
CPS
Subscriptions and events are encrypted using a shared key.
Matching and routing functions are performed on the encrypted
data by brokers.
Raiciu and Rosenblum [RR06] have deﬁned a number of
techniques to implement CPS.
RBAC and CPS address many of the security issues, so what’s
the problem?


The Problems with RBAC and CPS

RBAC requires a trusted organisation to assign roles to entities.
This is not feasible in ad hoc environments.
Absence of a monitoring component to detect misbehaviour.
Both RBAC and CPS are difﬁcult to adapt to stochastic behaviour.
CPS requires issuing a new encryption key.
RBAC requires issuing new policies.
What happens if the shared key is leaked?


Trust Management

We know that trust and reputation management can be used to
secure network communications.
Mitigate against malicious and selﬁsh nodes.
EigenTrust in P2P, CONFIDANT in MANET routing.
Can we use trust to mitigate attacks in publish/subscribe?


Trust Management

Is it possible to deﬁne a trust metric for PSTs?
Determine the trustworthiness of a network not a node.
Can we construct the most trusted PST for a given
advertisement...
And at the same time ensure efﬁcient communications?
We leave monitoring behaviour for future work.


PST Overhead Metric

Deﬁned by Huang and Garcia-Molina [HGM03].
At any node in the tree
it costs to receive an event (r ).
it costs to forward an event on each outgoing edge, as required by
the subscriptions of any descendants (f ).
The overhead of a PST is the sum of the overheads at each node.
The overhead at a node is given by the sum of:
the cost to forward events of interest;
the cost to receive and forward events not of interest.


PST Overhead Metric

Definition (Inherent Subscription)
The inherent subscription si of a subscriber i is given by its
subscription function sfi .

Definition (Effective Subscription)
The effective subscription Si of a subscriber i is given by the
disjunction of its inherent subscription si and its proxied subscription
si , Si = si ∨ si .

Definition (Proxied Subscription)
The proxied subscription si of a subscriber i is given by
si = j=1,...,n Sj for each child 1, . . . , n of i.


PST Overhead Metric

Deﬁnition (Publish/Subscribe Tree Overhead)
Let E be a set of events, r be some cost associated with receiving an
event, f be a cost associated with forwarding an event, si be the
inherent subscription of node i and si be the proxied subscription of i.

For a PST TAp for an advertisement Ap , its overhead is deﬁned as:

OTAp (E) = i∈VAp OTAp (E) where
i
OTAp (E) = (r + f ) · ΦE(¬si ∧ si ) + f · ΦE(si ∧ si ).
i


The Problem - Tussles

Given two nodes, A and B, A can choose to trust B by using global
and/or local information. The decision rests solely with A.
This is not the case for PSTs.
Node A and B are nodes in PSTs T1 and T2 .
Node A considers PST T1 to be more trustworthy than T2 .
Node B considers PST T2 to be more trustworthy than T1 .
How do we decide upon the PST, which maximises trust for all
PST’s nodes?


Semiring Trust Model

Deﬁnition
(S, ⊕) is commutative semigroup with neutral element 0:

a⊕b =b⊕a
(a ⊕ b) ⊕ c = a ⊕ (b ⊕ c)
a⊕0=a

(S, ⊗) is a semigroup with a neutral element 1 and an absorbing
element 0:

(a ⊗ b) ⊗ c = a ⊗ (b ⊗ c)
a⊗1=1⊗a=a
a⊗0=0⊗a=0


Instantiation

The model provides a means to determine the trustworthiness of
a path [TB06].

Definition
The trusted path semiring is a semiring, (S, ⊕, ⊗) where S = [0, 1] and
⊕ and ⊗ are defined as:

for all s1 , s2 ∈ S, s1 ⊕ s2 = max(s1 , s2 )
for all s1 , s2 ∈ S, s1 ⊗ s2 = s1 s2

No assumption is made upon the definition of the semiring
operators. Alternatives are acceptable.


Example

Path 1 (P1 ): (a, b), (b, c), (c, d).
Path 2 (P2 ): (a, e), (e, f), (f, d).
Let τ be a trust function, τ : V × V → [0, 1].
τ (a, b) = 0.7, τ (a, b) = 0.7.
τ (a, b) = 0.5, τ (a, b) = 1.
τ (a, b) ⊗ τ (a, c) = 0.49.
τ (a, e) ⊗ τ (a, f ) = 0.5.
P1 ⊕ P2 = P2 .


Individual PST Trust Functions

We have a means to determine the trust of a path and given two
paths we can determine which is more trustworthy.
How can we use this to determine the trust of a PST.
To do this, we need to identify the communication paths in a PST.


Trust Relationships in PSTs

There are many communication paths in a PST that should ideally
be trusted.
The publisher must have trust in all the paths to all the
subscribers.
The subscribers must trust the path to the publisher.
Any internal subscribers must trust the paths to descendant
subscribers and the publisher.
To maximise the trust of a PST, we select the PST that maximises
the trust of these paths.


Terminal Subscriber Node

P

Subscriber trusts the publisher
S2 R1 S7
sufﬁciently to receive its
events, so it is not included in
the metric.
S1 S3 S6

It must trust the nodes on the
path to the publisher, which
route events to it.
R2

Example Path:
S5 , R2 , S6 , R1 , P.

S4 S5 S5


Terminal Subscriber Node

Deﬁnition (Terminal Subscriber Trust Function)

1
τs (T ) =
τs (Λη 1 ) ⊗ τs (Λη 2 ) ⊗ · · · ⊗ τs (Λη |σs,p |−2 ) ⊗ τs (Λη |σs,p |−1 )
s,v s,v s,v s,v

τs is the trust function of subscriber s.
Λη |σs,n | is the vector of trust information on n held by s.
s,v

1 if s is adjacent to p, otherwise it is given by the product of the
trust in the intermediate vertices.


Publisher Trust Function

More complicated for the publisher, as there is path to each
subscriber.
Although the edges may be shared between paths, each is
considered individually.
Reasoning is that there is "contact" to provide events to each and
every subscriber.
The publisher’s trust in the tree is given by the aggregation of the
trust of all paths to all subscribers.



Deﬁnition (Publisher Trust Function)

1
τp (σp,s ) =
τp (Λη 1 ) ⊗ τp (Λη 2 ) ⊗ · · · ⊗ τp (Λη |σ|−2 ) ⊗ τp (Λη |σ|−1 )
p,v p,v p,v p,v

Similar to the terminal subscribe trust function.
τp (σp,s ), the trust of the path from publisher p to subscriber s.
1 if p is adjacent to s, otherwise it is given by the product of the
trust in the intermediate vertices.



Deﬁnition (Publisher Trust Function)
The trust of T for p is a function of the trust of the paths to each
subscriber and is given by

τp (T ) = α(τp (σp,s1 ), τp (σp,s2 ), . . . , τp (σp,s|S| )).

where α is the aggregation function and τp (σp,s1 ) is the trust p has in
the path from p to subscriber s1 .



How to achieve the aggregation?
The number of subscribers for a given advertisement is constant
across all PSTs.
All subscribers to be treated fairly.
This means we can use the leximin aggregation.
Similar to maximin, but breaks ties using the next least well off
value until tie is broken.
Motivation: The publisher’s trust in a PST is dominated by the
least trusted path.


Leximin Aggregation Function

Deﬁnition (Ordered Weighted Average)
An ordered weighted average operator F of dimension n is a mapping
F : Rn → R that has an associated vector of weights
W = [w1 , w2 , . . . , wn ] such that n wi = 1 and each wi ∈ [0, 1] and
i=1
where F (y1 , y2 , . . . , yn ) = n wj · zj where zj is the j-largest yi .
j=1


Leximin Aggregation Function

Deﬁnition (Yager’s Analytical Function [Yag97])
The analytical leximin aggregation operator, Fleximin , is an ordered
weighted average where the weight vector
W = [w1 , . . . , wn−2 , wn−1 , wn ] is deﬁned as follows:

∆n−1
w1 = ,
(1 + ∆)n−1
∆n−j
wj = for all 2 ≤ j ≤ n.
(1 + ∆)n+1−j

If |a − b| < ∆ then a = b. If a > b then |a − b| > ∆.


Internal Subscriber Trust Function

The internal subscriber trust function is a combination of the two
previous trust functions.
An internal subscriber must trust the path to the publisher (similar
to a terminal subscriber).
In addition, it also distributes events to descendants that have a
matching subscription.
So it must also trust the paths to all descendants who are
subscribers (similar to a publisher).


Internal Subscriber Trust Function

Deﬁnition
For each internal subscribe node s in a PST T , the trust of s in T is
given by τs (T ) = β(τs (σs,p ), τs (σs,s1 ), . . . , τs (σs,sd−1 )) where
β : Rd −→ R is some aggregation function of trust values, and
d = |Vs ∩ S| + 1 where Vs is set of nodes in the subtree rooted at s.

For a internal subscriber, the value d is variable across feasible
PSTs.
Therefore, the weights of the Yager’s leximin function will be
different across PSTs
So we use maximin here.


And The Router Trust Function?

PST is a Steiner tree - it need not span the network.
The opinions of routers are ignored.
Incentive compatibility can not be guaranteed.
Routers have good reason to lie. A router in a PST contributes
resources but has no interest in the content being shared.
Declare the paths and consequently the tree to be of low trust.
PST is less likely to be most trusted, so reduced possibility of
being in this PST.


PST Trust Metric
Social Choice and Welfare

We now have a mechanism for each node to assess a tree and
come up with a number that represents its belief of how
trustworthy that tree is.
How do we order the trees given these trust values from the
participants?
We assume that the trust values provide an ordering of how badly
off a member would be, if that tree was chosen.
Rawls’ principles of justice, that social and economic inequalities
satisfy the condition that they are to be to the greatest beneﬁt of
the least advantaged members of society
Leximin Deﬁne a lexical ordering on the participants, and in any
pair of alternatives, pick the one that improves the lot of the worse
off


PST Trust Metric

Deﬁnition
Let t = (Vt , Et ) be a PST where Vt = S ∪ R ∪ {p}. For each
i ∈ S ∪ {p}, there is a real-value τi (T ) representing i’s trust value of t.
The social trust value of t is given by Fleximin (τi1 (T ), τi2 (T ), . . . ,
τi|S∪{p}| (T )).


Interpersonal Incomparability of Trust

Leximin requires interpersonal comparability.
This means trust values of different entities must share the same
trust continuum.
Same origin and same unit of trust.
This isn’t possible for mental states such as trust.
Often assumed to be the case in existing trust models, so we do
too..


The Maximum Trust PST with Overhead Budget

Deﬁnition
Given an overhead budget B > 0, an event distribution E, an
undirected connectivity graph Gc = (Vc , Ec ), a publisher p that holds
an advertisement Ap , a set of subscribers S = {s | sfs (Ap ) = true}
where sfs is the subscription function of s, a set of routers R = Vc C
where C = {p} ∪ S

ﬁnd a PST T that is rooted at p, spans S and maximises the trust
value τ (T ) = Fleximin (τc1 (T ), . . . , τc|C| (T )) where τci (T ) is the trust
evaluation of i th node in C, subject to OT (E) ≤ B.

The PST Trust Maximisation Problem with Overhead Budget is
NP-complete.


Exhaustive Search Algorithm

Find all PSTs in the connectivity graph rooted at p and spanning
the subscribers S.
For each PST:
Find the trust value.
Find the overhead value.
Select the PST that has the highest trust value with the deﬁned
budget B.
How to ﬁnd all PSTs?


Spanning Tree Enumeration

A PST is a Steiner tree of the connectivity graph.
The set of feasible PSTs for an advertisement is a subset of the
set of all Steiner trees in the connectivity graph.
The set of all spanning trees for all subgraphs of the connectivity
graph is the set of all Steiner trees.
Modify a spanning tree enumeration algorithm to enumerate all
PSTs that span a graph.



Char’s spanning tree algorithm [Cha68] enumerates all spanning
trees.
Uses DFS to ﬁnd initial tree and label vertices.
Representation of the tree is stored in an array.
Index is node label, array[index] gives index of an adjacent node.
Lexicographically alter the adjacent edges, "cycling" through
subgraphs.
Each subgraph found is tested to ensure that it is a spanning tree.



The tree test can be modiﬁed to also test if the subgraph is a PST.
A router can not be a terminal node - illogical.
Test if each router in the tree is has two adjacent edges.


Tabu Search Algorithm

Given that the problem is in NP-Complete, the exhaustive search
will only be suitable for small problem instances.
Instead we choose to use the Tabu search metaheuristic.
Similar to local search, but we store list of last n chosen moves
(tabu list).
To escape local maxima, we do not select moves from the tabu
list.



First we need to deﬁne a move structure.
Given a PST, a move is the addition or removal of a router from
the PST.
When a router is added to a PST, edges adjacent to nodes in the
PST are added too.
When a router is removed from the PST, edges from the
connectivity graph between pairs of nodes in the PST are added
to re-connect the graph.
How do we choose the router to add or remove?



We use a surrogate objective function - essentially "guesstimate".
We know the node that had the least trust in prior PST.
So we evaluate the trustworthiness of the paths from this node to
the publisher in the graph induced by the application of the move
to the PST.
The move that yields the greatest improvement in trust for this
node is chosen.



This leaves us with a second problem, the application of the move
gives a graph not a PST.
We use the modiﬁed Char algorithm to ﬁnd the PSTs in the graph.
The tree that maximises the objective function is chosen.
So what is the objective function?



Tabu search is designed for combinatorial problems of the
following form:

Deﬁnition
Given a set of feasible solutions F and a function F : F → R, ﬁnd the
optimal solution x ∈ F for a minimisation problem such that
F (x) ≤ F (y ) for all y ∈ F, or F (x) ≥ F (y ) for a maximisation problem.

But we have an overhead budget to consider.
If a solution is overbudget, we penalise the objective value of the
solution, i.e. its trust value.



We investigated two approaches to tabu search for problems with
constraints.
The ﬁrst a static penalty function. Penalise all overbudget
solutions by reducing their trustworthiness by 50%.
The second is Near-Feasibility Threshold approach devised by
Kulturel-Konak et al. [KKNCS04]
However, as the results were often poor in comparison to the
naive static approach, we shall dismiss it.
The authors claim that the technique is sometimes not suitable
where there are few constraints. We have one.



Diversiﬁcation potentially allows the Tabu search to explore
unvisited regions of the search space and escape cycles.
Every 50 iterations of the Tabu search, the search diversify
choosing a new solution from which the search continues.
We investigated modiﬁed versions of the Takahashi-Matsuyama
[TM80] and Shortest Path Tree algorithms to create PSTs.
However, as both are subscription and trust unaware algorithms,
little difference can be expected.


Evaluation Environment

Experiments were performed using Amazon EC2 infrastructure,
with a 6.5 EC2 Compute Units (2x Intel(R) Xeon(R) CPU X5550
@ 2.67GHz), 17.1 GB RAM instance (m2.xlarge) running on a
64-bit Linux OS.
The connectivity graph is constructed by power law graph
generator [EW02].
The trust graph is generated using Klemm-Eguiluz [KE02] model
so that it has both high clustering and power law properties.
The Tabu search executed for 1500 iterations.


Problem Data Set

A number of problem sets were considered, the results of two of
these will be presented.
A problem set is identified using the following format
<Problem Data set><Subset Number>-<Problem Number> :
"<Problem Data set>" is the data set identifier (A and B),
"<Subset Number>" indicates the value of |R| for each problem
"<Problem Number>" is the problem identifier where
1 =⇒ B = 2000, 2 =⇒ B = 3000, 3 =⇒ B = 4000, 4 =⇒ B =
5000, 5 =⇒ B = 231 − 1.


Problem Data Set

Problem Set A.
Publisher: 1, Subscribers: 5, Routers: 1, 2, ..., 9.
Problem Set B.
Publisher: 1, Subscribers: 5, Routers: 20, 30, 40, ... 90.


Exhaustive Search Results
1e+05
q

8e+04

6e+04
Time (s)

4e+04

2e+04

q

q q q q q q q q
0e+00

A0 A1 A2 A3 A4 A5 A6 A7 A8 A9
Problem Subset

Figure: Average Execution Times of Exhaustive Search Results for Problem
Set A


Exhaustive Search Results

Pr. Min. (s) Max. (s) Avg. (s)
A0 0.0153 0.0871 0.0339
A1 0.0239 0.1522 0.058
A2 0.1238 0.3774 0.1852
A3 0.8051 1.2791 0.9304
A4 1.7682 2.4166 1.9041
A5 19.5833 20.212 19.7224
A6 285.8669 287.4492 286.3381
A7 945.8277 949.9657 947.4963
A8 6149.868 6164.197 6158.712
A9 97672.93 97672.93 -

Table: Execution Times of Exhaustive Search Results for Problem Set A


Tabu Search
Problem Set A

PST Rel. Error
Pr τT OT ητ ηO Sec
A1-4 0.0181 2398 - - 3.01
A2-4 0.0931 1850 - - 8.37
A3-4 0.0224 2917 - - 11.03
A4-4 0.1855 2224 - - 7.20
A5-4 0.0812 3580 - 0.1202 8.24
A6-4 0.0360 3846 5×10−7 0.1287 138.96
A7-4 0.0692 3570 - - 78.38
A8-4 0.0031 3657 1×10−6 0.0928 9.77
A9-4 0.2184 1885 - - 20.49

Table: Solutions for Problem Set A using the Tabu Search algorithm


Tabu Search
Pr τT OT Sec Pr τT OT Sec
B20-1 0.1210 2948 42.00 B30-1 0.1329 2234 57.19
B20-2 0.1210 2948 41.97 B30-2 0.1329 2234 61.82
B20-3 0.1210 3254 36.33 B30-3 0.1329 2234 72.58
B20-4 0.1210 3254 33.76 B30-4 0.1329 2234 88.44
B20-5 0.1210 3254 33.73 B30-5 0.1329 2234 84.46
B40-1 0.0245 2564 56.52 B50-1 0.0124 2224 18.96
B40-2 0.0245 2564 60.04 B50-2 0.0124 2224 18.87
B40-3 0.0245 2564 50.73 B50-3 0.0124 2224 18.70
B40-4 0.0245 2564 50.77 B50-4 0.0124 2224 19.70
B40-5 0.0245 2564 50.81 B50-5 0.0124 2224 19.96
B60-1 0.0661 1630 9.86 B70-1 0.0381 2838 30.00
B60-2 0.0661 1630 9.98 B70-2 0.0381 2838 29.99
B60-3 0.0661 1630 9.82 B70-3 0.0381 2838 46.44
B60-4 0.0661 1630 9.89 B70-4 0.0381 2838 46.77
B60-5 0.0661 1630 9.91 B70-5 0.0381 2838 45.85
B80-1 0.1320 1962 17.84 B90-1 0.0354 1282 11.56
B80-2 0.1320 1962 13.54 B90-2 0.0354 1282 11.59
B80-3 0.1320 1962 13.56 B90-3 0.0354 1282 11.59
B80-4 0.1320 1962 13.55 B90-4 0.0354 1282 11.57
B80-5 0.1320 1962 13.57 B90-5 0.0354 1282 11.57


Conclusions

It is possible to deﬁne a trust metrics for a network structure, the
PST, not just nodes.
Trust is interpersonal incomparable. Metrics should consider this.
Tabu search efﬁciently solves the Maximum Trust PST with
Overhead Budget Problem.


Future Work

Is it possible to deﬁne a distributed algorithm to solve the
problem?
Tussle between trust relationships in a PST.
Nodes may be unwilling to share trust data.
Possible using local information only?
How do we implement monitoring of publish/subscribe services?
Space decoupling conﬂicts with long-lived identity requirements.
Are these techniques applicable to an Information-Centric
Publish/Subscribe Internet?


J. Char.
Generation of trees, two-trees, and storage of master forests.
IEEE Transactions on Circuit Theory, 15(3):228–238, 1968.
David Eppstein and Joseph Yannkae Wang.
A steady state model for graph power laws.
ACM Computing Research Repository, April 2002.
Yongqiang Huang and Hector Garcia-Molina.
Publish/subscribe tree construction in wireless ad-hoc networks.
In Mobile Data Management, volume 2574 of Lecture Notes in
Computer Science, pages 122–140. Springer Berlin/Heidelberg,
2003.
Konstantin Klemm and V.M. Eguiluz.
Growing scale-free networks with small-world behavior.
Physical Review E, 65(5):57102, May 2002.
Sadan Kulturel-Konak, Bryan A. Norman, David W. Coit, and
Alice E. Smith.
Exploiting tabu search memory in constrained problems.

INFORMS Journal on Computing, 16(3):241–254, 2004.
Costin Raiciu and D.S. Rosenblum.
Enabling conﬁdentiality in content-based publish/subscribe
infrastructures.
In Proceedings of the Second IEEE/CreatNet International
Conference on Security and Privacy in Communication Networks,
Securecomm ’06, pages 1–11. IEEE, August 2006.
S. Tarkoma.
Preventing spam in publish/subscribe.
In 26th IEEE International Conference on Distributed Computing
Systems Workshops, ICDCSW 2006, pages 21–21. IEEE, 2006.
G. Theodorakopoulos and J.S. Baras.
On trust models and trust evaluation metrics for ad hoc networks.
IEEE Journal on Selected Areas in Communications,
24(2):318–328, February 2006.
H. Takahashi and A. Matsuyama.
An approximate solution for the Steiner problem in graphs.

Mathematica Japonica, 24(6):573–577, 1980.
Alex Wun, Alex Cheung, and Hans-Arno Jacobsen.
A taxonomy for denial of service attacks in content-based
publish/subscribe systems.
In Proceedings of the 2007 Inaugural International Conference on
Distributed event-based systems, DEBS ’07, pages 116–127, New
York, NY, USA, 2007. ACM.
R.R. Yager.
On the analytic representation of the Leximin ordering and its
application to ﬂexible constraint propagation.
European Journal of Operational Research, 102(1):176–192,
October 1997.


Trusted Publish/Subscribe Trees for Securing Ad Hoc Publish/Subscribe Systems

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (6)

Similar to Trusted Publish/Subscribe Trees for Securing Ad Hoc Publish/Subscribe Systems

Similar to Trusted Publish/Subscribe Trees for Securing Ad Hoc Publish/Subscribe Systems (20)

Recently uploaded

Recently uploaded (20)

Trusted Publish/Subscribe Trees for Securing Ad Hoc Publish/Subscribe Systems