Upload
hadieu
View
215
Download
0
Embed Size (px)
Citation preview
Key Management in EventGuard
Mihai BarzuFaculty of Computer Science
Information Security
Entities
● Specifying minimal requirements for network entities
– Publisher
– Subscriber
Provider
● Wrapping existing implementations of cryptographic primitives for simpler use and providing implementations for others
– AES
– SHA1
– HMAC-SHA1
– ElGamal
Guards
● Creating coherent specifications for the modular guards (Publish, Subscribe, Advertise, Unadvertise, Unsubscribe)
● JAXB-compliant beans as wrappers for requests and responses
Management
● Mediation had to be done between guard specifications and cryptographic primitives in order to provide an implementation
● Loose, generic specifications for manager functionalities
● Constructor dependency injection for most classes
● IGuards implementation with routing guard add-on
Web Service
● For accessibility over a large network, with undefined topology, functionality of the key management application had to be exposed through a web service
● Secure, lightweight communication had to be provided for network communication
● Minimal responsibility regarding implementation (the web service uses the implementation from the management module)
Design
Built-in security
The code
Accessing the service
Client-part code generation
Further reading
● Mudhakar Srivatsa, Ling Liu, and Arun Iyengar. 2011. EventGuard: A System Architecture for Securing Publish-Subscribe Networks. ACM Trans. Comput. Syst. 29, 4, Article 10 (December 2011), 40 pages. DOI=10.1145/2063509.2063510 http://doi.acm.org/10.1145/2063509.2063510