PaPrica-PS: Fine-Grained, Dynamic Access Control Policy Enforcement for Pub/Sub Systems

Wed, 26 Nov 2025 00:00:00 +0000

High-volume publish/subscribe (pub/sub) systems include collections of hardware and software components such as IoT sensors and the protocols that connect them. Many of these have heretofore lacked robust security and privacy controls by default despite there being significant security, safety, and privacy implications driving the need to control access to the data they generate and manage.

Examples of such pub/sub-based systems are those which power critical systems from smart buildings and factories to full city-wide device networks. In this project, we are developing a fine-grained access control model and enforcement mechanism to address this gap. Our proposed FGAC model builds upon Attribute-Based Access Control (ABAC) defining access rules based on the MQTT protocol message “topics”, attributes of the subscribers and publishers to those topics, as well as ephemeral and per-message context information.

Our framework is platform-agnostic and we implement the prototype for our experiments based on an off-the-shelf open source MQTT pub/sub system without altering the base code of that server itself.

Sieve

Sat, 01 Jun 2024 00:00:00 +0000

SIEVE is a versatile middleware that enhances access control in DBMS, enabling efficient query processing even with a large number of access control policies. We’re currently integrating caching to further improve query performance. Additionally, we’ve developed a workload generator that simulates various scenarios to test policy models and ensure access control compliance, reflecting real-world conditions.

Policies | DIPr Lab at PSU

PaPrica-PS: Fine-Grained, Dynamic Access Control Policy Enforcement for Pub/Sub Systems

Sieve