Learn More
Research into publish/subscribe messaging has so far done little to propose architectures for the support of access control, yet this will be an increasingly critical requirement as systems move to Internet-scale. This paper discusses the general requirements of publish/subscribe systems with access control. We then present our specific integration of OASIS(More)
—Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well understood Mandatory Access Control methodology. The earliest IFC models targeted security in a centralised environment, but decentralised forms of IFC have been designed and implemented, often within academic research(More)
Over the last decade a wide range of publish/subscribe (pub/sub) systems have come out of the research community. However, there is little consensus on a common pub/sub API, which would facilitate innovation, encourage application building, and simplify the evaluation of existing prototypes. Industry pub/sub standards tend to be overly complex,(More)
Many RBAC models have augmented the fundamental requirement of a role abstraction with features such as param-eterised roles and environment-aware policy. This paper examines the potential for unintentional leakage of information during RBAC policy enforcement, either through the exchange of parameters with external services when checking environmental(More)
Emerging trust and risk management systems provide a framework for principals to determine whether they will exchange resources, without requiring a complete definition of their credentials and intentions. Most distributed access control architectures have far more rigid policy rules, yet in many respects aim to solve a similar problem. This paper(More)
Two convincing paradigms have emerged for achieving scalability in widely distributed systems: <b><i>publish/subscribe communication</i></b> and <b><i>role-based</i></b>, policy-driven control of access to the system by applications. A strength of publish/subscribe is its many-to-many communication paradigm and loose coupling of components, so that(More)
—A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first(More)
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Abstract—To realise the broad vision of pervasive computing, underpinned by the " Internet of Things " (IoT), it is essential to break down application and technology-based silos and support broad(More)
Publish/subscribe systems provide an efficient, event-based, wide-area distributed communications infrastructure. Large scale publish/subscribe systems are likely to employ components of the event transport network owned by cooperating, but independent organisations. As the number of participants in the network increases, security becomes an increasing(More)