基于安全标签的多域安全访问控制模型

SaaS服务模式将应用软件以服务的形式提供给客户。在单实例模式中,租户的数据统一存储在服务提供商的数据库系统中,他们共享数据库及模式。这种情况下,如何在保障租户数据安全的同时支持租户间的域间相互访问是一个值得思考的问题。结合安全标签,设计出一个支持多租户的多域安全访问控制模型,满足租户对于多域安全访问控制的需求。该模型结合了RBAC的易于管理以及安全标签强制访问的特性,使得系统角色在易于管理的基础上实现高级别的访问控制。     

SaaS交付平台多租户数据管理模型研究

随着SaaS(Software as a Service,即SaaS)应用交付平台租户数目及信息数据量呈几何曲线性增长,平台数据管理正处于由单数据节点往云中多数据节点转变的必然阶段,本文以软件即服务应用交付平台中多租户云数据管理为目标,对SaaS平台数据模型、云中放置策略、租户索引等进行了深入研究,提出一种SaaS平台多租户虚拟化方式及高效映射转换的数据分层模型,通过租户无关的应用数据模型为开发商屏蔽多租户云数据管理技术细节,通过租户逻辑模型支持租户按需定制数据模式以及各业务系统数据之间的共享关系,通过逻辑存储模型为平台运营商屏蔽了云中数据节点伸缩技术,解决了SaaS应用生命周期云数据管理技术瓶颈问题.     

面向服务的多租户访问控制模型研究

传统访问控制模型在多租户环境下无法满足租户之间的隔离访问以及对各租户的访问请求实行有效的统一管理的需求。为了在多租户环境下实现一套快速的、访问控制可配置的实施方案, 提出了一个面向服务的多租户访问控制模型。根据对多视图业务模型之间的关联进行分析, 识别出组织模型及其相关的资源模型。通过映射和转换将组织模型转换为面向服务的多租户访问控制模型, 并构建访问控制模块以配置和运行访问控制模型。最后以某交通物流信息平台为范例验证了该模型的可行性和有效性。验证结果表明, 模型能够在多租户环境下提供兼备快速配置与访问控制的实现支持。     

一种多租户授权管理访问控制模型

针对云服务中多租户应用面临越权访问和联合恶意攻击问题,综合聚类思想和基于密文策略的属性加密（CP-ABE）提出一种多租户授权管理访问控制模型（MTACM）。该模型根据多租户的业务特点将角色任务聚类为任务组,并采用匹配因子标记任务组,进而通过任务组授权管理角色属性,以实现角色的细粒度授权访问控制管理,减少系统计算量开销,降低系统的复杂度。在虚拟环境下实现了该模型算法,且通过逻辑推理证明了模型的安全性和系统访问的高效性。     

一种基于Kerberos和HDFS的数据存储平台访问控制策略

重点关注云存储在访问安全性和隐私安全性上的两个问题,设计面向多租户的安全数据存储机制和用户访问控制机制,并结合企业实际需求,向租户提供安全、按需、实时和可扩展的存储服务。基于Kerberos的多租户访问控制策略将提升云存储平台的安全性,简化HDFS权限管理的复杂度,提高云存储平台权限管理的交互性能。     

带属性策略的RBAC权限访问控制模型

传统基于角色的访问控制(RBAC)不能很好地解决多方访问控制下信任等级的细粒度区分.本文对多种角色访问控制模型及属性特征进行了研究,提出基于属性策略的RBAC模型,对模型进行了形式化定义.在基于属性策略的RBAC模型中,扩展了RBAC中角色的概念,对角色的属性进行了定义并提供基于属性策略的验证方式,进而给出了多方精确访问控制的实现,提高了访问控制的灵活性和对数据对象粒度控制的精确性.在云计算平台上,设计并实现了SaaS模式下的细粒度对象管理服务,实验验证了该模型对动态权限变化的适应能力及多方访问的权限控制能力.     

基于DIFC的租户自主授权SaaS层数据隔离与共享模型*

SaaS服务提供者对租户间提供数据共享服务时,容易造成租户数据的泄露,并且在租户未经许可的情况下,可以非法获取租户的隐私数据。针对上述SaaS服务的缺陷,本文引入了分布式信息流控制(DIFC)安全防护机制,提出了基于DIFC的租户自主授权SaaS层数据隔离与共享模型。该模型强制SaaS服务提供者执行标签比对机制,各租户可以自主划分用户信息级别,定制全球唯一标记。并通过第三方可信标签管理授权服务(AS),细粒度地限制租户间的数据共享操作,并必须经用户授权标签才能访问相应数据。最终本文证明了此模型可以满足租户数据隔离与共享的安全。     

产业链协同SaaS平台多租户权限管理技术

面向汽车及零部件产业链协同SaaS平台的多核网状企业群协同管理需求,在传统的RBAC模型的基础之上,提出一种以龙头企业为核心的多租户多级授权模型,运用菜单动态生成技术、URL地址解析算法实现了权限的解析,有效地控制了用户的访问权限.经验证,提出的模型和实现方法有效解决了产业链协同SaaS平台上多租户的用户权限管理问题.     

SaaS模式下基于用户行为的动态访问控制模型研究与实现

SaaS服务共享的特性决定了用户可信的访问行为对于云服务安全的重要性。而在传统的访问控制中,一旦用户被赋予了某种角色,便会一直拥有该角色所对应的权限,缺乏一定的动态性。针对以上两点,在传统访问控制模型以及用户行为信任值特点分析的基础上,文章提出了一种SaaS模式下基于用户行为的动态访问控制模型（cloud-RBAC）。模型中的租户更好地实现了访问控制中安全域的控制,而用户组和数据范围则更好地实现了粒度的控制,体现了云服务访问控制的灵活性。根据用户访问云服务过程中各行为证据值,模型利用模糊层次分析法,确定其行为信任等级,再根据权限敏感等级,最终确定用户可行使的权限,体现了云服务访问控制的动态性。结果分析表明,文章提出的访问控制模型能够对用户的非法访问行为做出快速的反应,同时又能够有效地控制合法的访问行为,从而保证了云服务的安全性和可靠性。     

SaaS模式多租户数据存贮模型的研究与实现

SaaS模式引入了多租户环境特征,在新的环境下,数据库层存贮设计面临租户数据隔离问题和租户数据弹性扩展问题.主要研究了多租户环境下的数据存储模式,提出了“共享数据库共享Schema存贮数据、独立Schema访问”的多租户数据存贮与访问模型,该模型将SaaS应用的数据存贮和数据访问的Schema进行分离,有效解决了“租户数据隔离性低”的问题;同时,提出了一种以XML为基础的多租户数据扩展模型,该扩展模型很好地解决了“租户数据弹性扩展”的问题.在此基础上,详细描述了这两个模型在SQL Server数据库的实现方案,实例结果证明了所述方法的灵活性和可行性.     

基于可变性模型的可复用与可定制SaaS软件开发方法

云计算环境下,软件通过互联网向租户提供服务,这种基于互联网的软件交付模式称为SaaS（软件即服务）.与传统软件交付模式相比,SaaS软件通常运行于软件供应商的服务器端,同时为多个租户提供服务.由于需要支持不同租户的个性化需求,SaaS软件应具备足够的灵活性,以应对快速变化的租户需求;而且针对某一个租户的变更,不应影响其他租户.通过扩展课题组前期开发的基于可变性管理的适应性服务组装方法及其支持平台,提出了一种云计算环境下可复用、可定制的SaaS软件开发方法,开发了相应的支持平台,包括支持SaaS模式的服务组装引擎和远程定制工具.该方法针对不同租户的共性需求,提供一个抽象服务组装模型,支持平台在运行阶段解释执行抽象服务组装模型,根据租户的个性化需求派生不同的流程实例,这些运行时流程实例多态共存、互不影响.采用一个特定领域的SaaS软件实例来验证该方法的可行性,评估了支持平台的性能.实验结果表明,该方法及其支持平台可以支持多实例多租户的交付模式.     

Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service

Software-as-a-Service (SaaS) introduces multi-tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create subtenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing relations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To address this problem, this paper provides a formal definition of a new tenant-based access control model based on administrative role-based access control (ARBAC) for MTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the autonomy of tenants, including their isolation and sharing relationships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is applied to design a geographic e-Science platform.     

Scalable SaaS Indexing Algorithms with Automated Redundancy and Recovery Management

Software-as-a-Service (SaaS) is a new software delivery model with Multi-Tenancy Architecture (MTA). An SaaS system is often mission critical as it often supports a large number of tenants, and each tenant supports a large number of users. This paper proposes a scalable index management algorithm based on B+ tree but with automated redundancy and recovery management as the tree maintains two copies of data. The redundancy and recovery management is done at the SaaS level as data are duplicated with tenant information rather than at the PaaS level where data are duplicated in chunks. Using this approach, an SaaS system can scale out or in based on the dynamic workload. This paper also uses tenant similarity measures to cluster tenants in a multi-level scalability architecture where similar tenants can be grouped together for effcient processing. The scalability mechanism also includes an automated migration strategies to enhance the SaaS performance. The proposed scheme with automated recovery and scalability has been simulated, the results show that the proposed algorithm can scale well with increasing workloads.     

Customer on-boarding strategies for cloud computing services with dynamic service-level agreements

A multi-tenant software as a service (SaaS) provider has to meet the needs of several tenants which adopt its services with diverse business requirements. The tenant needs vary widely with time, and the provider has to account for such fluctuations by suitable provisioning at its end. Handling this elasticity arising out of the tenant base is one of the key challenges for the SaaS provider. In this paper, we study the problem specifically in the SaaS context with the idea built around license provisioning in a tenant–provider perspective. For a given set of tenants with diverse license requirements, it is important to analyze whether there is any way to on-board them such that all constraints laid out as part of the service-level agreement can be honored. The total number of licenses available with the provider plays a crucial role in answering this question. We propose an intuitive model of elasticity that can capture anticipated license need variations at the tenant end. We propose an ILP-based approach for solving this schedulability problem for a collection of tenants. We also propose a simple-minded greedy heuristic to solve the on-boarding problem with elasticity constraints. Results show that our approach gives acceptable performance.     

一种带租户演化容忍度的SaaS服务演化一致性判定方法

随着云技术的不断发展与成熟,软件即服务(SaaS)模式成为未来软件应用发展的主要趋势。在多元开放的网络生态环境中,SaaS服务若要有效应对用户需求及外部变化,就须具备演化能力。演化一致性 是指服务在演化后能保有原基础及与其他服务正常交互的能力。目前对演化一致性的判定多偏向于定性分析,且往往忽略了租户的感受,没有既定的显式标准对一致性进行定量度量并判定。针对此问题,从SaaS多租户单实例的应用模式出发,分层次细粒度地建立服务实例描述模型,引入一致性度量值来表示定量计算的结果,充分考虑租户的演化要求,提出一种带租户演化容忍度的判定方法,细粒度地判定演化一致性。最后,结合SaaS应用案例,采用所提方法对演化一致性进行分析判定,实际应用的反馈情况验证了该方法的可行性和有效性。     

基于RBAC的SaaS系统的权限模型

在研究RBAC模型的基础上,通过引入访问控制分层管理的思想来改良和扩展RBAC模型,建立了SaaS(软件即服务)系统的一种权限管理模型。从系统访问许可证、系统功能操作控制、系统数据访问控制三个层次建立了结构模型,并对其做了形式化定义。最后指出了新模型的优点。     

支持SaaS的安全权限管理系统

SaaS作为一种通过互联网向公众特别是中小企业提供应用软件的模式,其突出特点就是可扩展性、多用户、高效性、可配置性。文章基于SaaS第四级成熟度＂可扩展的多实例可配置级＂要求,设计和实现了一个可以支持多租户、多服务的SaaS系统架构和一个统一的安全认证与权限管理系统。其中所采用的存储模型和安全管理模型可适应于大规模租户的需要,可在满足系统性能要求下的架构灵活性和可扩展性,并满足多租户的定制化需求。     

Efficient customization of multi-tenant Software-as-a-Service applications with service lines

Application-level multi-tenancy is an architectural approach for Software-as-a-Service (SaaS) applications which enables high operational cost efficiency by sharing one application instance among multiple customer organizations (the so-called tenants). However, the focus on increased resource sharing typically results in a one-size-fits-all approach. In principle, the shared application instance satisfies only the requirements common to all tenants, without supporting potentially different and varying requirements of these tenants. As a consequence, multi-tenant SaaS applications are inherently limited in terms of flexibility and variability.This paper presents an integrated service engineering method, called service line engineering, that supports co-existing tenant-specific configurations and that facilitates the development and management of customizable, multi-tenant SaaS applications, without compromising scalability. Specifically, the method spans the design, implementation, configuration, composition, operations and maintenance of a SaaS application that bundles all variations that are based on a common core.We validate this work by illustrating the benefits of our method in the development of a real-world SaaS offering for document processing. We explicitly show that the effort to configure and compose an application variant for each individual tenant is significantly reduced, though at the expense of a higher initial development effort.     

Semantic-aware multi-tenancy authorization system for cloud architectures

Cloud computing is an emerging paradigm to offer on-demand IT services to customers. The access control to resources located in the cloud is one of the critical aspects to enable business to shift into the cloud. Some recent works provide access control models suitable for the cloud; however there are important shortages that need to be addressed in this field. This work presents a step forward in the state-of-the-art of access control for cloud computing. We describe a high expressive authorization model that enables the management of advanced features such as role-based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO). The access control model takes advantage of the logic formalism provided by the Semantic Web technologies to describe both the underlying infrastructure and the authorization model, as well as the rules employed to protect the access to resources in the cloud. The access control model has been specially designed taking into account the multi-tenancy nature of this kind of environment. Moreover, a trust model that allows a fine-grained definition of what information is available for each particular tenant has been described. This enables the establishment of business alliances among cloud tenants resulting in federation and coalition agreements. The proposed model has been validated by means of a proof of concept implementation of the access control system for OpenStack with promising performance results.     

一种SaaS交付平台的多租户数据迁移策略

现有的云数据放置策略未引入SaaS特征,租户作为独立个体的特征被忽略,导致多租户数据的混合放置,常用的数据迁移策略面临着识别及迁移租户数据的挑战。提出一种面向SaaS应用的云中多租户数据动态同步迁移策略,解决了共享存储模式下无法识别SaaS应用租户,难以使用快照、日志等数据库技术进行租户数据迁移的问题。通过SaaS平台数据层面的同步迁移,保证云中各数据节点的负载均衡及良好的用户体验。