PADRES Logo

PADRES

Middleware Systems Research Group, University of Toronto, Canada

Secure routing

In dynamic and flexible enterprises, the establishment of trust relationships between business partners is essential. Information must be shared amongst business entities in a way that still preserves data confidentiality and integrity. In our infrastructure, untrusted brokers can be deployed into domains where secure routing is needed. For example, untrusted brokers can be deployed within the demilitarized zone (DMZ) of your organization or within the domain of a partner organization where routing is needed, but data privacy must be preserved. The benefits of flexible, loosely-coupled business integration can be achieved without compromising security.

Secure Routing

The PADRES secure routing protocols are designed to:

  • Transparently enforce data confidentiality and integrity within trusted domains
  • Efficiently secure message routing within untrusted domains
  • Cleanly build on existing content-based publish/subscribe protocols

Denial of service

Denial of Service attacks remain disturbingly prominent in the Internet, costing businesses in terms of both revenue and reputation. A well-prepared business must not only protect itself against accidental failures, but intentional and malicious attacks from determined adversaries as well. When systems are designed without security principles in mind, supplementary "add-on" security solutions need to be deployed - inflating the costs of operation. In the PADRES system Denial of Service resilience is integrated into the broker and overlay architecture.

Denial of Service

This work is part of our ongoing research efforts to defend against DoS attacks in content-based publish/subscribe systems, and seeks to achieve the following benefits:

  • Efficient response in isolating and dealing with threats to system availability
  • Reliable operation continued in the face of malicious attacks
  • Seamless integration of Denial of Service resilience mechanisms with standard publish/subscribe paradigm