middleware systems research group middleware 20071 a policy management framework for content-based...

Middleware 2007 1

MIDDLEWARE SYSTEMSRESEARCH GROUP

A Policy Management Framework for Content-based Publish/Subscribe

Middleware

Hans-Arno Jacobsen

Department of Electrical and Computer Engineering &Department of Computer Science

University of Toronto

Joint work with Alex Wun.

http://www.padres.msrg.utoronto.ca

2LogisticsLogistics RetailerRetailer

ManufacturerManufacturer Supplier/Supplier/DistributorDistributor

RFID Tracking

Sensor NetworkManagement

Business ActivityMonitoring

SLA Monitoring

Content-based Publish/Subscribe(CPS)

3

23/4/203

The PADRES Project

Server Farm

Computers

ComputersDatabase

Laptops

Computers

Workstation

Laptops

DatabaseServer

ServerSwitch

Server

Switch

Computing, Storage, and Networking Resources

Content-based Routing (Publish/Subscribe)

Content-based RouterClients (publisher/subscriber)

PADRES ESB

Business Process Execution

Deploy Control UpdateVisualize

Monitor ...

6

43

7start halt

Business Process Management and Business Activity Monitoring

Redirectresume

addremove

Event Management Framework

Application Events

Business Events

Complex Events

Network and System Events

Acknowledgements Acknowledgements

4

B

B

B

S

S

P

B

P

B

input queue

output queue dest2

output queue dest3

dest1

dest2

dest3

P

S

= publisher

= subscriber

subscription dest

Matching Engine

Routing Table

+

temperature > 37 dest2

temperature > 40 dest3

Publications

temperature = 38temperature = 42temperature = 36

A Pub/Sub Message Broker

Middleware 2007

5

RESEARCH GROUPMIDDLEWARE SYSTEMS

Content-based Publish/Subscribe

Many additional application-specific features often needed Security Message transformation System debugging & message tracing

Application integration Different requirements from diverse applications

must co-exist on same running infrastructure

Middleware 2007

6


Content-based Policy Framework

Policy Framework Flexible: separates application requirements

from infrastructure mechanisms Dynamic: change behavior of running system

Content-based Policy Framework Leverage content-based matching to achieve

expressive, low overhead policies More coupled with CPS systems More efficient than generic policy layer

Middleware 2007

7


Contributions and Presentation Agenda

Novel policy model for CPS systems Focus on post-matching policy model

Implementation of policy framework for CPS systems Focus on policy mechanisms Not interested in developing policy language or syntax

Interesting new features enabled by our policy framework Qualitative validation of approach using application

scenarios Performance overhead experimental results

Quantitative validation of approach

Middleware 2007

8


Post-matching Policy Model

In terms of Event-Condition-Action rules:

When content-based match occurs

If additional policy condition(s) satisfied then

Perform

Action1

….

ActionN

Middleware 2007

9


Post-matching Policy Model

nn TFTFTF ,,,,,, 2211

Given a message M, matching algorithm computes:

Filter(Subscription,

Advertisement)

AssociatedPolicy Statement

Policies T1 … Tn are applied to M

M is a publication, contains subscriptions and advertisements

M is a subscription, contains advertisements

10

)]50(),100[(1 yxA1AT

)]100(),75[(2 yxA2AT

)]75(),25[(1 yxS

)]75(),100[(2 yxS

1ST

)]30,(),90,[(1 yxP

)]30,(),30,[(2 yxP

Message AssociatedPolicy

Policies Appliedon Injection

1AT 2AT

1ST

2AT

1AT 2AT

1ST1AT

Middleware 2007

11


Policy CompositionPublication space:[(a1,x1), … ,(aN,xN)]

RequireAuthentication

AppendDebugging Info.

TrimAttributes

S1 = [(a1 > T1)] : AuthenticateSender()

S2 = [(a1 < T1), (a2 > T2)] : AppendDebug(…)

S3 = [(a1 < T3), (a2 > T4)] : TrimAttributes()

Middleware 2007

12


API with Policy Support

publish/subscribe/advertise(Message, PolicyStatement) setPolicy(MessageID, PolicyStatement)

PolicyStatement {On(MessageType) {

… @broker: [Overlay location type]

If <conditions …> Then <actions …> Elseif <conditions …> Then <actions …> …

}…

}

Middleware 2007 13


Policy Framework Validation Scenarios

Enabling policies for

SecurityCPS Semantics

Middleware 2007

14


Content-based Firewall

On(Publication) { @broker: Routing

If {} Then {BlockMessage()}}

Subscription-associated policy:(applied to publications)

• Acts like negation subscription

Firewall

15

Content-based Firewall

IndividualSubscriptions

MergedSubscription

External Firewall Broker Internal Firewall Broker

Middleware 2007

16


Authentication

On(Publication) { @broker: Ingress,Routing,Egress

If {AuthenticateReceiver(group1)} Then {} Elseif {} Then {BlockMessage()}}

Shared group secret Kg. Brokers either exchange via public/private key mechanisms or are bootstrapped with Kg.

BG1 B

B

BG1

P

Advertisement-associated policy:

• Uncontrolled advertisement and subscription propagation• Controlled publication injection, routing, and delivery

Middleware 2007

17


Authentication

On(Subscription) { @broker: Ingress,Routing

If {AuthenticateReceiver(group1) && AuthenticateSender(group1)} Then {} Elseif {} Then {BlockMessage()}}

Shared group secret Kg. Brokers either exchange via public/private key mechanisms or are bootstrapped with Kg.

BG1 B

B

BG1

SAdvertisement-associated policy:

• Controlled subscription injection and routing

S

Middleware 2007

18


Notification Semantics

On(Publication) { @broker: Egress

If {} Then {TrimAttributes(…), ToXML()}}

S S

P1= [(a,1)(b,2)(c,3)]

P1’= [(a,1)]

P2’= [(b,4),(c,3)]

P2= [(a,9)(b,4)(c,3)]

P1’= [(a,1),(b,2)]

P2’= <pub> <a>1</a> <b>4</b> </pub>

Subscription-associated policy:

• Subscribers have fine-grained control over format of delivered publications

Middleware 2007

19


Meta-Events

On(Subscription) { @broker: Ingress

If {AuthenticateSender(group1)} Then {} Elseif {} Then {Publish(“[class,UnauthorizedSubscribe], [message,$message], [brokerID,$brokerID]”)}}

Advertisement-associated policy:

• Self-generated event by system in response to unauthorized subscription injection

B1

S

S

S =[(class = UnauthorizedSubscribe),(brokerID = B1)]

Middleware 2007

20


Healthcare Example

“Doctors with appropriate specialties may only enter prescriptions for their own patients in their designated ward when they are on shift. If they try to write prescriptions in violation, a notification to be sent to the chief physician”

Features used Check doctor qualifications (authentication) Check registration and shift status (authorization) Report violations (meta-events)

Middleware 2007

21


Healthcare Example

S

Hospital Ward Access Point P

ChiefPhysician

HealthcareBroker

Network

[(class = Violation), (type = prescription)]

[(class = Prescription), (doctor = *),(patient = *), (drug = *),(ward = x)]

Advertise

Policy

Subscribe

On(Publication) { @broker: Ingress If {CanPrescribe($doctor) && Registered($doctor,$patient) && OnShift($doctor,$ward)} Then {} Elseif {} Then {Publish(“[class,Violation], [type,prescription], [doctor,$doctor],…”)}}

Middleware 2007

22


Performance Overhead Setup

Publication policy attached to

subscriptions:

On(Publication) { @broker: Egress If {} Then {Augment($Delay)}}

Subscription policy attached to

advertisements:

On(Advertisement) { @broker: Ingress,Routing If {} Then {BlockMessage()}}On(Subscription) { @broker: Ingress,Routing If {} Then {Flood()}}

Each run: 1000 Subscriptions (avg. 4 predicates – Poisson distribution) 1000 Publications (all attributes) ~20 Advertisements From 0% to 100% of Subscriptions/Advertisements associated with policies

23

Performance Overhead

PublicationPolicy

SubscriptionPolicy


Conclusions

Applications have diverse feature requirements on messaging middleware Security Message transformations System debugging

Policies can leverage content-based publish/subscribe matching algorithms (Post-matching policies) Flexible and expressive Enables interesting features Low overhead

http://www.padres.msrg.utoronto.caThank You - Questions?

Middleware 2007 25


*** Extra Slides ***

Middleware 2007

26


Healthcare Example II

“Only members of the finance department with titles of Director or VP can access patient billing history of more than 1 year ago”

Features used Historic data access (supported by PADRES) Role-Based Access Control (authentication) Data privacy (notification trimming)

Alternative: content encryption

Middleware 2007

27


Healthcare Example II

S

Patient Database

Client

P

Patient InfoAccessPoint

HealthcareBroker

Network

[(class = Historic), (patient = x),(date after y)]

[(class = Historic), (patient = *),(billing_info = *), (medical_info = *),(date = *)]

Advertise

Policy

Subscribe

On(Publication) { @broker: Egress @attach: always If {AuthenticateReceiver(Director) || AuthenticateReceive(VP)} Then {} Elseif {DateBefore($now-1year)} Then {Trim(billing_info)}}

P

Middleware 2007

28


Security Zones and Privacy

Authentication: Control message propagation

Message Transformation: Restrict attribute visbility

Meta-Events: Monitor unauthorized subscriptions

Middleware 2007

29


Authentication

Middleware 2007

30


Notification Semantic

Middleware 2007

31


Policy Composition

Publications of the form: [(class,C),(a1,x1),…,(aN,xN)]

If class = c1 & a1 < Tlow

AppendPrevHop()

If class = c1 & a1 > Thigh

RemoveAttrs(x2...xN)

If class = c2

…

S1 = [(class=c1),(a1<Tlow)] : AppendPrevHop()

S2 = [(class=c1),(a1>Thigh)] : RemoveAttrs(…)

S3 = [(class=c2)] : …

Policies Subscriptions : Policy Statements

Middleware 2007

32


Content-based Match Event

Filters(Subscriptions,

Advertisements)

Message(Publication)

X OXO

AssociatedPolicies

Middleware 2007

33


Generic Policy Frameworks

Focus on framework mechanisms and not policy language

If-Then If conditions evaluate on message content and

duplicates work of CPS system Post-matching policy model for content-based

policies

Middleware 2007

34


Policy Framework Architecture

AdvertisementSubscription

Store

PolicyStore

PolicyEvaluation

Policy Manager

Matching Engine

PreviousBroker

orClient

Next Broker(s)orClient(s)

PolicyStatement

PolicyRule

Filter/Message

Middleware 2007

35


Policy Statement Data Structure

Policy Statement

Policy Rule(on publications @ egress)

A

B

C

D

E

F

G

H

If {A & B}Then {C}

Elseif {D}Then {E,F}

Elseif {}Then {G,H}

Policy Rule(on publications @ ingress)

Policy Rule(on subscriptions @ ingress)

middleware systems research group middleware 20071 a policy management framework for content-based...

Documents