On security in publish/subscribe services: a survey

Publish/subscribe services have encountered considerable success in the building of modern large-scale mission-critical systems. Such systems are characterized by several non-functional requirements, among which security plays a pivotal role due to the emergence of numerous cyber attacks targeting most mission-critical systems. This requires that the adopted publish/subscribe services have to be equipped with the proper means to protect the exchanged data, to preserve their correct behavior and to face possible attack scenarios. Although significant efforts have been made in this field, many issues are still open. This paper includes an introduction to the principles of securing event notification, and an analysis of the relevant state-of-the-art by both surveying the academic literature over the period 1998-2014 on secure publish/subscribe services and overviewing the current standards for the marketed products. Next, it presents the main challenges that are still unresolved and are worthy of further attention in future research efforts.