Abstract:In the paper, we analyze the features of access control of management-type SaaS. Based on the traditional RBAC, we put forward the access control model based on both tenant and role, in which the tenant is as the minimum unit of administrative domain. To be sure user identity with physical security, we put forward the hierarchical authentication and management of user in the management-type SaaS. In order to ensure the access control model of management-type SaaS in line with the reality, we abolish the inheri… Show more
SaaS service model not only greatly reduces the cost of enterprises, improves business efficiency, but also improves the management level of enterprises and accelerates the pace of innovation. However, it is an unavoidable problem that how to protect data for tenants when the data stored in the SP (service provider) data storage platform. And as the big amount of users in the platform, we also have to take management of user into consideration. This paper designed a new access control model T-ARBAC (Tenant-Administrative Role Based Access Control), combined with rolebased access control (RBAC) model, to support multi-tenant access control and facilitate the management of SaaS platform, meeting the requirements of diversity of tenant roles and independent access of coexisting data.
SaaS service model not only greatly reduces the cost of enterprises, improves business efficiency, but also improves the management level of enterprises and accelerates the pace of innovation. However, it is an unavoidable problem that how to protect data for tenants when the data stored in the SP (service provider) data storage platform. And as the big amount of users in the platform, we also have to take management of user into consideration. This paper designed a new access control model T-ARBAC (Tenant-Administrative Role Based Access Control), combined with rolebased access control (RBAC) model, to support multi-tenant access control and facilitate the management of SaaS platform, meeting the requirements of diversity of tenant roles and independent access of coexisting data.
“…Xu et al [9] propose a new hierarchical access control model for the SaaS model. Their model adds higher levels to the access control policy hierarchy to be able to capture new roles such as service providers' administrators (super and regional) and tenants' administrators.…”
Multi-tenancy helps service providers to save costs, improve resource utilization, and reduce service customization and maintenance time by sharing of resources and services. On the other hand, supporting multi-tenancy adds more complexity to the shared application's required capabilities. Security is a key requirement that must be addressed when engineering new SaaS applications or when re-engineering existing applications to support multi-tenancy. Traditional security (re)engineering approaches do not fit with the multitenancy application model where tenants and their security requirements emerge after the system was first developed. Enabling, runtime, adaptable and tenant-oriented application security customization on single service instance is a key challenging security goal in multi-tenant application engineering. In this paper we introduce TOSSMA, a Tenant-Oriented SaaS Security Management Architecture. TOSSMA allows service providers to enable their tenants in defining, customizing and enforcing their security requirements without having to go back to application developers for maintenance or security customizations. TOSSMA supports security management for both new and existing systems. Service providers are not required to write security integration code to use a specific security platform or mechanism. In this paper, we describe details of our approach and architecture, our prototype implementation of TOSSMA, give a usage example of securing a multi-tenant SaaS, and discuss our evaluation experiments of TOSSMA.
“…Literature [5] adopted a layered approach and proposed an access control method for SaaS platform on the basis of RBAC. Literature [6] also proposed an access control method for SaaS platform; this method disabled the role of inheritance and showed the user the accessing processes by UML diagram, but roles and tenants were in a multi-to-multi relationship and they might easily suffer from conflicts. A multi-tenant access control model was introduced in literature [7], but could not achieve role inheritance on the level of tenant.…”
Access control is an important technique which is used to protect system resources from damage by unauthorized users. With the advantage of web services, the access control module was released as web services interfaces. In order to control accessing to system resources and take advantage of web services,this paper proposes the web service-oriented access control (WSOAC) model. The development of access control is firstly introduced; after that the authors describe this model with two levels—platform and tenant and then present the execution process. At last, the paper summarizes the characteristics of the model and the next step.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.