middleware systems research group middleware 20071 a policy management framework for content-based...
TRANSCRIPT
Middleware 2007 1
MIDDLEWARE SYSTEMSRESEARCH GROUP
A Policy Management Framework for Content-based Publish/Subscribe
Middleware
Hans-Arno Jacobsen
Department of Electrical and Computer Engineering &Department of Computer Science
University of Toronto
Joint work with Alex Wun.
http://www.padres.msrg.utoronto.ca
2LogisticsLogistics RetailerRetailer
ManufacturerManufacturer Supplier/Supplier/DistributorDistributor
RFID Tracking
Sensor NetworkManagement
Business ActivityMonitoring
SLA Monitoring
Content-based Publish/Subscribe(CPS)
3
23/4/203
The PADRES Project
Server Farm
Computers
ComputersDatabase
Laptops
Computers
Workstation
Laptops
DatabaseServer
ServerSwitch
Server
Switch
Computing, Storage, and Networking Resources
Content-based Routing (Publish/Subscribe)
Content-based RouterClients (publisher/subscriber)
PADRES ESB
Business Process Execution
Deploy Control UpdateVisualize
Monitor ...
6
43
7start halt
Business Process Management and Business Activity Monitoring
Redirectresume
addremove
Event Management Framework
Application Events
Business Events
Complex Events
Network and System Events
Acknowledgements Acknowledgements
4
B
B
B
S
S
P
B
P
B
input queue
output queue dest2
output queue dest3
dest1
dest2
dest3
P
S
= publisher
= subscriber
subscription dest
Matching Engine
Routing Table
+
temperature > 37 dest2
temperature > 40 dest3
Publications
temperature = 38temperature = 42temperature = 36
A Pub/Sub Message Broker
Middleware 2007
5
RESEARCH GROUPMIDDLEWARE SYSTEMS
Content-based Publish/Subscribe
Many additional application-specific features often needed Security Message transformation System debugging & message tracing
Application integration Different requirements from diverse applications
must co-exist on same running infrastructure
Middleware 2007
6
RESEARCH GROUPMIDDLEWARE SYSTEMS
Content-based Policy Framework
Policy Framework Flexible: separates application requirements
from infrastructure mechanisms Dynamic: change behavior of running system
Content-based Policy Framework Leverage content-based matching to achieve
expressive, low overhead policies More coupled with CPS systems More efficient than generic policy layer
Middleware 2007
7
RESEARCH GROUPMIDDLEWARE SYSTEMS
Contributions and Presentation Agenda
Novel policy model for CPS systems Focus on post-matching policy model
Implementation of policy framework for CPS systems Focus on policy mechanisms Not interested in developing policy language or syntax
Interesting new features enabled by our policy framework Qualitative validation of approach using application
scenarios Performance overhead experimental results
Quantitative validation of approach
Middleware 2007
8
RESEARCH GROUPMIDDLEWARE SYSTEMS
Post-matching Policy Model
In terms of Event-Condition-Action rules:
When content-based match occurs
If additional policy condition(s) satisfied then
Perform
Action1
….
ActionN
Middleware 2007
9
RESEARCH GROUPMIDDLEWARE SYSTEMS
Post-matching Policy Model
nn TFTFTF ,,,,,, 2211
Given a message M, matching algorithm computes:
Filter(Subscription,
Advertisement)
AssociatedPolicy Statement
Policies T1 … Tn are applied to M
M is a publication, contains subscriptions and advertisements
M is a subscription, contains advertisements
10
)]50(),100[(1 yxA1AT
)]100(),75[(2 yxA2AT
)]75(),25[(1 yxS
)]75(),100[(2 yxS
1ST
)]30,(),90,[(1 yxP
)]30,(),30,[(2 yxP
Message AssociatedPolicy
Policies Appliedon Injection
1AT 2AT
1ST
2AT
1AT 2AT
1ST1AT
Middleware 2007
11
RESEARCH GROUPMIDDLEWARE SYSTEMS
Policy CompositionPublication space:[(a1,x1), … ,(aN,xN)]
RequireAuthentication
AppendDebugging Info.
TrimAttributes
S1 = [(a1 > T1)] : AuthenticateSender()
S2 = [(a1 < T1), (a2 > T2)] : AppendDebug(…)
S3 = [(a1 < T3), (a2 > T4)] : TrimAttributes()
Middleware 2007
12
RESEARCH GROUPMIDDLEWARE SYSTEMS
API with Policy Support
publish/subscribe/advertise(Message, PolicyStatement) setPolicy(MessageID, PolicyStatement)
PolicyStatement {On(MessageType) {
… @broker: [Overlay location type]
If <conditions …> Then <actions …> Elseif <conditions …> Then <actions …> …
}…
}
Middleware 2007 13
MIDDLEWARE SYSTEMSRESEARCH GROUP
Policy Framework Validation Scenarios
Enabling policies for
SecurityCPS Semantics
Middleware 2007
14
RESEARCH GROUPMIDDLEWARE SYSTEMS
Content-based Firewall
On(Publication) { @broker: Routing
If {} Then {BlockMessage()}}
Subscription-associated policy:(applied to publications)
• Acts like negation subscription
Firewall
15
Content-based Firewall
IndividualSubscriptions
MergedSubscription
External Firewall Broker Internal Firewall Broker
Middleware 2007
16
RESEARCH GROUPMIDDLEWARE SYSTEMS
Authentication
On(Publication) { @broker: Ingress,Routing,Egress
If {AuthenticateReceiver(group1)} Then {} Elseif {} Then {BlockMessage()}}
Shared group secret Kg. Brokers either exchange via public/private key mechanisms or are bootstrapped with Kg.
BG1 B
B
BG1
P
Advertisement-associated policy:
• Uncontrolled advertisement and subscription propagation• Controlled publication injection, routing, and delivery
Middleware 2007
17
RESEARCH GROUPMIDDLEWARE SYSTEMS
Authentication
On(Subscription) { @broker: Ingress,Routing
If {AuthenticateReceiver(group1) && AuthenticateSender(group1)} Then {} Elseif {} Then {BlockMessage()}}
Shared group secret Kg. Brokers either exchange via public/private key mechanisms or are bootstrapped with Kg.
BG1 B
B
BG1
SAdvertisement-associated policy:
• Controlled subscription injection and routing
S
Middleware 2007
18
RESEARCH GROUPMIDDLEWARE SYSTEMS
Notification Semantics
On(Publication) { @broker: Egress
If {} Then {TrimAttributes(…), ToXML()}}
S S
P1= [(a,1)(b,2)(c,3)]
P1’= [(a,1)]
P2’= [(b,4),(c,3)]
P2= [(a,9)(b,4)(c,3)]
P1’= [(a,1),(b,2)]
P2’= <pub> <a>1</a> <b>4</b> </pub>
Subscription-associated policy:
• Subscribers have fine-grained control over format of delivered publications
Middleware 2007
19
RESEARCH GROUPMIDDLEWARE SYSTEMS
Meta-Events
On(Subscription) { @broker: Ingress
If {AuthenticateSender(group1)} Then {} Elseif {} Then {Publish(“[class,UnauthorizedSubscribe], [message,$message], [brokerID,$brokerID]”)}}
Advertisement-associated policy:
• Self-generated event by system in response to unauthorized subscription injection
B1
S
S
S =[(class = UnauthorizedSubscribe),(brokerID = B1)]
Middleware 2007
20
RESEARCH GROUPMIDDLEWARE SYSTEMS
Healthcare Example
“Doctors with appropriate specialties may only enter prescriptions for their own patients in their designated ward when they are on shift. If they try to write prescriptions in violation, a notification to be sent to the chief physician”
Features used Check doctor qualifications (authentication) Check registration and shift status (authorization) Report violations (meta-events)
Middleware 2007
21
RESEARCH GROUPMIDDLEWARE SYSTEMS
Healthcare Example
S
Hospital Ward Access Point P
ChiefPhysician
HealthcareBroker
Network
[(class = Violation), (type = prescription)]
[(class = Prescription), (doctor = *),(patient = *), (drug = *),(ward = x)]
Advertise
Policy
Subscribe
On(Publication) { @broker: Ingress If {CanPrescribe($doctor) && Registered($doctor,$patient) && OnShift($doctor,$ward)} Then {} Elseif {} Then {Publish(“[class,Violation], [type,prescription], [doctor,$doctor],…”)}}
Middleware 2007
22
RESEARCH GROUPMIDDLEWARE SYSTEMS
Performance Overhead Setup
Publication policy attached to
subscriptions:
On(Publication) { @broker: Egress If {} Then {Augment($Delay)}}
Subscription policy attached to
advertisements:
On(Advertisement) { @broker: Ingress,Routing If {} Then {BlockMessage()}}On(Subscription) { @broker: Ingress,Routing If {} Then {Flood()}}
Each run: 1000 Subscriptions (avg. 4 predicates – Poisson distribution) 1000 Publications (all attributes) ~20 Advertisements From 0% to 100% of Subscriptions/Advertisements associated with policies
RESEARCH GROUPMIDDLEWARE SYSTEMS
Conclusions
Applications have diverse feature requirements on messaging middleware Security Message transformations System debugging
Policies can leverage content-based publish/subscribe matching algorithms (Post-matching policies) Flexible and expressive Enables interesting features Low overhead
http://www.padres.msrg.utoronto.caThank You - Questions?
Middleware 2007
26
RESEARCH GROUPMIDDLEWARE SYSTEMS
Healthcare Example II
“Only members of the finance department with titles of Director or VP can access patient billing history of more than 1 year ago”
Features used Historic data access (supported by PADRES) Role-Based Access Control (authentication) Data privacy (notification trimming)
Alternative: content encryption
Middleware 2007
27
RESEARCH GROUPMIDDLEWARE SYSTEMS
Healthcare Example II
S
Patient Database
Client
P
Patient InfoAccessPoint
HealthcareBroker
Network
[(class = Historic), (patient = x),(date after y)]
[(class = Historic), (patient = *),(billing_info = *), (medical_info = *),(date = *)]
Advertise
Policy
Subscribe
On(Publication) { @broker: Egress @attach: always If {AuthenticateReceiver(Director) || AuthenticateReceive(VP)} Then {} Elseif {DateBefore($now-1year)} Then {Trim(billing_info)}}
P
Middleware 2007
28
RESEARCH GROUPMIDDLEWARE SYSTEMS
Security Zones and Privacy
Authentication: Control message propagation
Message Transformation: Restrict attribute visbility
Meta-Events: Monitor unauthorized subscriptions
Middleware 2007
31
RESEARCH GROUPMIDDLEWARE SYSTEMS
Policy Composition
Publications of the form: [(class,C),(a1,x1),…,(aN,xN)]
If class = c1 & a1 < Tlow
AppendPrevHop()
If class = c1 & a1 > Thigh
RemoveAttrs(x2...xN)
If class = c2
…
S1 = [(class=c1),(a1<Tlow)] : AppendPrevHop()
S2 = [(class=c1),(a1>Thigh)] : RemoveAttrs(…)
S3 = [(class=c2)] : …
Policies Subscriptions : Policy Statements
Middleware 2007
32
RESEARCH GROUPMIDDLEWARE SYSTEMS
Content-based Match Event
Filters(Subscriptions,
Advertisements)
Message(Publication)
X OXO
AssociatedPolicies
Middleware 2007
33
RESEARCH GROUPMIDDLEWARE SYSTEMS
Generic Policy Frameworks
Focus on framework mechanisms and not policy language
If-Then If conditions evaluate on message content and
duplicates work of CPS system Post-matching policy model for content-based
policies
Middleware 2007
34
RESEARCH GROUPMIDDLEWARE SYSTEMS
Policy Framework Architecture
AdvertisementSubscription
Store
PolicyStore
PolicyEvaluation
Policy Manager
Matching Engine
PreviousBroker
orClient
Next Broker(s)orClient(s)
PolicyStatement
PolicyRule
Filter/Message