Security in Multi-domain Event-based Systems
Event-based systems give the potential for active information sharing. The event-based paradigm, if used for event transport, provides loose coupling between components, many-to-many communication, and mutual anonymity of event producers and event consumers. This communication style has been adopted enthusiastically for convenience of programming; particularly for financial processing, healthcare applications, and sensor-based systems. But some data is sensitive, and its visibility must be controlled carefully for personal and legal reasons. Our research projects have explored this space for some time, investigating application domains in which the event-based paradigm is appropriate yet where security is an issue. We discuss security issues for multi-domain, event based systems, considering the requirements of applications and the risk associated with failure. We provide an overview of the state-of-the-art in secure event-based systems: research already carried out, work in progress, and issues still to be addressed. This is of relevance to emerging large-scale systems required by government and public bodies for domains such as healthcare, police, transport, and environmental monitoring.
