Messaging services, such as message queuing and publish/subscribe systems, are becoming more prevalent as consumers look for easier ways for members of groups to share information with one another. Messaging services allow users to send platform-independent messages, so senders and receivers are not required to share host architecture, operating system, or programming language. Messaging services also enable looser coupling of applications than the traditional client/server model of interaction and easily accommodate delays and transient failures. Finally, messaging services provide support for features such as transactions, priority, acknowledgements, and other practical requirements of industrial-strength applications.
Two common forms of messaging services are message queuing and publish/subscribe messaging services. Both message queuing and publish/subscribe messaging services include client applications that attempt to send or receive messages. In particular, the client attempts to send messages to a “message destination.” In queuing systems, the destination is called a “message queue.” The queuing system allows a buffer to store incoming information until a client is able to retrieve the information. In message queuing services, each client has a corresponding message queue and the messages of the message queue are delivered to the corresponding clients.
In publish/subscribe services, the message destination is sometimes referred to as a “topic.” A topic server stores published items for a variety of topics, and forwards the publications to subscribers when the publications are published. A message published to a topic is broadcast to all clients that have subscribed to that topic. There may be a single central server or a plurality of distributed servers that use point-to-point networking for publish/subscribe messaging services. Clients associated with a topic may be identified via a username and password, a digital signature, digital certificate, or other digital credential. Identification is required for both access to topics and the establishment of a connection.
In a typical publish/subscribe service, a client interested in publishing or subscribing to a particular topic submits a topic request to a directory service. If the request is granted, the directory service issues a topic to which the client can publish or subscribe via a service provider.
Unfortunately, some of the characteristics of messaging services offer attackers the same sort of opportunities as email and the Web: common protocols and software whose weaknesses can be discovered and exploited. In particular, the attacker can use a well-publicized interface to gain access to a desired destination. The destination, sometimes referred to as a target application, may be targeted by a number of different types of attacks.
As one example, Denial-of-Service (DoS) attacks pose a significant threat to messaging-based applications. A client may attack a service provider, either maliciously or inadvertently, by flooding the service provider with requests. For example, for publish/subscribe messaging services, one or more clients may send more publish requests to a service provider than the service provider may be able to handle. If the service provider is being attacked, it may fail to properly send or receive messages. This can be disastrous if the information in the messages is critical. A malicious client may also attack an application without attacking the service provider. In particular, the client may flood a particular topic with messages until an application is unable to cope with the flood. The inability of the application to cope with the flood may disable the topic, even though the service provider may still be able to handle the message traffic.