Adaptable,model-driven security engineering for SaaS cloud-based applications

Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple “tenants” of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants—i.e. multi-tenancy—increases tenants’ concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants’ needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants’ security requirements. We use abstract models to capture service provider and multiple tenants’ security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.     

业务流程管理即服务中的多租户问题研究

分析软件即服务技术,针对业务流程管理即服务(BPMaaS)中的多租户问题,提出一种基于中间件的资源独占和共享方法。设计BPMaaS多租户应用程序接口,实现单个应用对多租户使用的支持,从而提高计算资源的利用率。通过JUnit对应用实例进行测试,结果验证了该方法的可行性。     

PERSIST: Policy-Based Data Management Middleware for Multi-Tenant SaaS Leveraging Federated Cloud Storage

NoSQL data stores are often combined to address different requirements within the same application. The implication of this trend is particularly important and relevant in the context of multi-tenant SaaS applications where tenants commonly have different storage- and privacy-related requirements and thus they desire to customize the storage setup according to their specific needs. Consequently, application developers are increasingly combining storage resources: on-premise and public cloud resources in a hybrid cloud setup, different external public cloud storage resources and providers in a federated cloud storage setup, etc. The consequences of these trends are twofold: (i) application developers and SaaS providers have to deal with heterogeneous technologies, different APIs, and implement complex storage logic (to address different requirements of tenants), all within the application layer; and (ii) storage architectures have become less rigid, and techniques are required to flexibly change the storage configuration of running applications, up to the level of individual service requests. To address these challenges, we present PERSIST, a middleware architecture that (i) externalizes the complexity of a federated cloud storage architecture and the complex storage logic from the SaaS application to storage policies, allows tenants to enforce different storage- and privacy-related requirements at a fine-grained level; and (ii) supports the dynamic (re)configurability of the underlying federated cloud storage architecture. Application-specific policies can be customized by individual tenants at run time, and PERSIST offers support for run-time cross-provider polyglot persistence and the confidentiality of sensitive data through encryption. We have validated PERSIST in a working prototype implementation. Our extensive evaluation efforts show (i) the accomplished reduction in the required development effort to support complex storage policies, (ii) the reduction in cost/effort to change the data storage architecture itself, and finally (iii) the acceptability of the performance overhead (around 6% for insert, and 2% for read, update and delete transactions).     

Customer on-boarding strategies for cloud computing services with dynamic service-level agreements

A multi-tenant software as a service (SaaS) provider has to meet the needs of several tenants which adopt its services with diverse business requirements. The tenant needs vary widely with time, and the provider has to account for such fluctuations by suitable provisioning at its end. Handling this elasticity arising out of the tenant base is one of the key challenges for the SaaS provider. In this paper, we study the problem specifically in the SaaS context with the idea built around license provisioning in a tenant–provider perspective. For a given set of tenants with diverse license requirements, it is important to analyze whether there is any way to on-board them such that all constraints laid out as part of the service-level agreement can be honored. The total number of licenses available with the provider plays a crucial role in answering this question. We propose an intuitive model of elasticity that can capture anticipated license need variations at the tenant end. We propose an ILP-based approach for solving this schedulability problem for a collection of tenants. We also propose a simple-minded greedy heuristic to solve the on-boarding problem with elasticity constraints. Results show that our approach gives acceptable performance.     

一种SaaS交付平台的多租户数据迁移策略

现有的云数据放置策略未引入SaaS特征,租户作为独立个体的特征被忽略,导致多租户数据的混合放置,常用的数据迁移策略面临着识别及迁移租户数据的挑战。提出一种面向SaaS应用的云中多租户数据动态同步迁移策略,解决了共享存储模式下无法识别SaaS应用租户,难以使用快照、日志等数据库技术进行租户数据迁移的问题。通过SaaS平台数据层面的同步迁移,保证云中各数据节点的负载均衡及良好的用户体验。     

面向SaaS应用的SMTDM可伸缩多租户数据管理框架

云计算是一种可以弹性并按需提供资源的技术.在多租户共享数据存储模式下,如何实现数据的动态伸缩存储是云数据管理的关键.针对SaaS应用如何随着租户数量及请求规模的变化而进行自适应伸缩的问题,在分析数据存储层的伸缩性需求的基础上,基于Walraven等人提出的多租户架构思想,扩展典型的云应用架构,设计了一个多租户数据管理框架,实现存储资源的弹性.基于该框架,开发了一个面向网络管理领域的SaaS原型系统,验证了其有效性和可用性.     

Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service

Software-as-a-Service (SaaS) introduces multi-tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create subtenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing relations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To address this problem, this paper provides a formal definition of a new tenant-based access control model based on administrative role-based access control (ARBAC) for MTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the autonomy of tenants, including their isolation and sharing relationships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is applied to design a geographic e-Science platform.     

SDSN@RT: A middleware environment for single-instance multitenant cloud applications

With the single-instance multitenancy (SIMT) model for composite Software-as-a-Service (SaaS) applications, a single composite application instance can host multiple tenants, yielding the benefits of better service and resource utilization and reduced operational cost for the SaaS provider. An SIMT application needs to share services and their aggregation (the application) among its tenants while supporting variations in the functional and performance requirements of the tenants. The SaaS provider requires a middleware environment that can deploy, enact, and manage a designed SIMT application, to achieve the varied requirements of the different tenants in a controlled manner. This paper presents the SDSN@RT (software-defined service networks at runtime) middleware environment that can meet the aforementioned requirements. SDSN@RT represents an SIMT composite cloud application as a multitenant service network, where the same service network simultaneously hosts a set of virtual service networks, one for each tenant. A service network connects a set of services and coordinates the interactions between them. A virtual service network realizes the requirements for a specific tenant and can be deployed, configured, and logically isolated in the service network at runtime. SDSN@RT also supports the monitoring and runtime changes of the deployed multitenant service networks. We show the feasibility of SDSN@RT with a prototype implementation and demonstrate its capabilities to host SIMT applications and support their changes with a case study. The performance study of the prototype implementation shows that the runtime capabilities of our middleware incur little overhead.     

SaaS模式下多租户层次定制模型研究

SaaS的典型特征是“单实例多租户”。为提高多个租户定制同-SaaS应用的效率,避免多个租户在对同-SaaS应用进行定制时对相同定制内容的重复定制,提出了层次定制模型。利用树形数据模型和交运算思想,最大限度地计算出多个租户共性的定制内容,将相同的定制内容只需一次定制供多个租户共享,层次定制模型在层次定制的基础上不仅满足了租户的个性化定制需求,而且提高了定制效率,降低了定制复杂度。仿真实验结果证实了该层次定制模型减少了租户的定制时间,节省了存储空间。     

支持SaaS的安全权限管理系统

SaaS作为一种通过互联网向公众特别是中小企业提供应用软件的模式,其突出特点就是可扩展性、多用户、高效性、可配置性。文章基于SaaS第四级成熟度＂可扩展的多实例可配置级＂要求,设计和实现了一个可以支持多租户、多服务的SaaS系统架构和一个统一的安全认证与权限管理系统。其中所采用的存储模型和安全管理模型可适应于大规模租户的需要,可在满足系统性能要求下的架构灵活性和可扩展性,并满足多租户的定制化需求。     

Dynamic provisioning in multi-tenant service clouds

Cloud-based systems promise an on-demand service provisioning system along with a ??pay-as-you-use?? policy. In the case of multi-tenant systems this would mean dynamic creation of a tenant by integrating existing cloud-based services on the fly. Presently, dynamic creation of a tenant is handled by building the required components from scratch. Although multi-tenant systems help providers save cost by allocating multiple tenants to the same instance of an application, they incur huge reconfiguration costs. Cost and time spent on these reconfiguration activities can be reduced by re-constructing tenants from existing tenant configurations supported by service providers. Multi-tenant cloud-based systems also lack the facility of allowing clients to specify their requirements. Giving clients the flexibility to specify requirements helps them avoid spending an excessive amount of time and effort looking through a list of services, many of which might not be relevant to them. Moreover, dynamic provisioning in the cloud requires an integrated solution across the technology stack (software, platform and infrastructure) combining functional, non-functional and resource allocation requirements. Existing research works in the area of web service matching, although numerous, still fall short, since they usually consider each requirement type in isolation and cannot provide an integrated solution. To that end, in this paper we investigate the features needed for dynamic service provisioning on the cloud. We propose a novel User Interface-Tenant Selector-Customizer (UTC) model and approach, which enables cloud-based services to be systematically modeled and provisioned as variants of existing service tenants in the cloud. Our approach considers functional, non-functional and resource allocation requirements, which are explicitly specified by the client via the user interface component of the model. To the best of our knowledge, ours is the first such integrated approach. We illustrate our ideas using a realistic running example, and also present a proof-of-concept prototype built using IBM??s Rational Software Architect modeling tool. We also present experimental results demonstrating the applicability of our matching algorithm. Our results show significant reduction in matching time with the help of an elimination process that reduces the search space needed for performing matching.     

Comparing PaaS offerings in light of SaaS development

Software vendors increasingly aim to apply the Software-as-a-Service (SaaS) delivery model instead of the traditional on-premise model. Platforms-as-a-Service (PaaS), such as Google App Engine and Windows Azure, deliver a computing platform and solution stack as a service, but they also aim to facilitate the development of cloud applications (SaaS). Such PaaS offerings should enable third parties to build and deliver multi-tenant SaaS applications while shielding the complexity of the underpinning middleware and infrastructure. This paper compares, on the basis of a practical case study, three different and representative PaaS platforms with respect to their support for SaaS application development. We have reengineered an on-premise enterprise application into a SaaS application and we have subsequently deployed it in three PaaS-based cloud environments. We have investigated the following qualities of the PaaS platforms from the perspective of SaaS development: portability of the application code base, available support for creating and managing multi-tenant-aware applications, and quality of the tool support.     

基于可变性模型的可复用与可定制SaaS软件开发方法

云计算环境下,软件通过互联网向租户提供服务,这种基于互联网的软件交付模式称为SaaS（软件即服务）.与传统软件交付模式相比,SaaS软件通常运行于软件供应商的服务器端,同时为多个租户提供服务.由于需要支持不同租户的个性化需求,SaaS软件应具备足够的灵活性,以应对快速变化的租户需求;而且针对某一个租户的变更,不应影响其他租户.通过扩展课题组前期开发的基于可变性管理的适应性服务组装方法及其支持平台,提出了一种云计算环境下可复用、可定制的SaaS软件开发方法,开发了相应的支持平台,包括支持SaaS模式的服务组装引擎和远程定制工具.该方法针对不同租户的共性需求,提供一个抽象服务组装模型,支持平台在运行阶段解释执行抽象服务组装模型,根据租户的个性化需求派生不同的流程实例,这些运行时流程实例多态共存、互不影响.采用一个特定领域的SaaS软件实例来验证该方法的可行性,评估了支持平台的性能.实验结果表明,该方法及其支持平台可以支持多实例多租户的交付模式.     

面向SaaS应用基于键值对模式的多租户索引研究

面向SaaS应用的多租户数据库为满足租户的数据隔离和按需定制的需求,需要提供支持隔离和易于定制的数据存储机制及索引机制.基于键值对存储方式,提出元数据驱动的映射表索引模型,该模型根据租户定制需求,为租户业务数据形成各自的索引元数据,通过元数据驱动实现了索引数据的隔离及定制效果;给出索引的维护策略,根据租户数据访问请求进行索引切片,以逐渐细化的索引切片作为数据访问的基本单位,快速返回租户结果集.实验结果表明,该方案在数据访问分布均衡的情况下,使索引维护及数据访问具有较好的总体性能.     

面向多租约SaaS应用的负载均衡机制研究与实现

随着云计算的普及,SaaS作为一种新的软件交付模式得到了越来越广泛地关注.为了支持高速业务发展带来的大量用户的访问请求,多租约SaaS应用需要负载均衡机制以支持可扩展性.本文从对多租约SanS应用用户需求的分析入手,提出了一种面向租约功能类型的服务器负载模型和面向租约用户非功能需求的执行请求按需分配算法,设计了一个面向多租约SanS 应用的负载均衡系统.实验表明本文提出的面向多租约SaaS应用的负载均衡机制能在满足不同租约用户需求的同时提高系统整体执行效率.     

SaaS模式下可插拔访问控制框架的设计

目前的应用系统对其资源的访问控制往往与业务逻辑交织在一起,使访问控制模块开发和复用、系统维护及扩展变得复杂.针对SaaS模式下多租赁的特点,应用接口抽取方法与关注点分离思想,提出一种可以同时对多个系统进行访问控制管理,且满足SaaS模式下多租赁体系结构的可插拔的访问控制框架,给出了接口抽取法的形式化定义、插拔配置的方法和步骤、访问控制判定实现过程,在基本上不改变原应用系统程序的基础上,实现了对应用系统与访问控制框架的柔性连接.最后,通过一个会议系统的实例说明该框架的有效性.     

SaaS平台访问控制研究

Saas平台软件交付模式将应用软件以服务的形式提供给客户,可缩减硬件采购、系统管理上的开销。由于租户数据统一存储于服务提供商处,如何在维持较高资源利用率的同时保障租户的数据安全是一个挑战性问题。针对租户角色复杂、各租户数据共存而又独立访问的要求,结合基于角色的访问控制模型,构建了支持多租户、多角色、方便租户权限管理的SaaS平台的访问控制模型。和传统基于角色的访问控制模型相比,该模型增加了租户的概念,以租户为基本单元实施平台的访问控制,提高了SaaS平台访问控制的安全性和可管理性。分析了用户访问SaaS平台的具体流程,给出了模型的形式语言描述,实现了SaaS餐饮管理平台访问控制的数据库的物理模型,为SaaS平台开发提供参考。     

一种带租户演化容忍度的SaaS服务演化一致性判定方法

随着云技术的不断发展与成熟,软件即服务(SaaS)模式成为未来软件应用发展的主要趋势。在多元开放的网络生态环境中,SaaS服务若要有效应对用户需求及外部变化,就须具备演化能力。演化一致性 是指服务在演化后能保有原基础及与其他服务正常交互的能力。目前对演化一致性的判定多偏向于定性分析,且往往忽略了租户的感受,没有既定的显式标准对一致性进行定量度量并判定。针对此问题,从SaaS多租户单实例的应用模式出发,分层次细粒度地建立服务实例描述模型,引入一致性度量值来表示定量计算的结果,充分考虑租户的演化要求,提出一种带租户演化容忍度的判定方法,细粒度地判定演化一致性。最后,结合SaaS应用案例,采用所提方法对演化一致性进行分析判定,实际应用的反馈情况验证了该方法的可行性和有效性。     

WSS平台对SaaS模式软件开发的支持

通过分析SaaS模式的多重租赁、UI设置、按需定制以及可扩展性等特点,结合WSS平台的技术,阐述了WSS平台对SaaS模式软件开发中展现其各种特点的支持,提出一种在一定范围内适用于SaaS模式软件的系统模型,并针对SaaS模式的各特点,在WSS平台中进行一些实验,最后通过一个简单的实例对其支持进行了一定的验证,最后得出结论:WSS平台可以减少SaaS模式系统中UI设置和按需定制功能开发的工作量,从而说明WSS平台在一定范围内对SaaS模式软件系统的开发进度有一定的推动作用.     

基于软件构件技术的多租户个性化框架

共享应用实例的应用级多租户模式是成熟度等级最高的软件即服务模式,能够提高资源利用率、降低应用升级维护成本,但是面临着不同租户的个性化需求支撑的技术难题。已有的研究和工业实践已经在多租户个性化方面进行了尝试,从实践项目中提炼出了基于构件软件开发（Component Based Software Development,CBSD）的多租户个性化方法框架,包括流程、扩展类型和技术支撑等,对多租户应用系统的业务逻辑、界面逻辑和数据实体三个部分的个性化扩展提出了解决方案。通过一个现实应用中的产品验证了框架的有效性。