Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service 被引量：3

Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service

导出

摘要 Software-as-a-Service （SaaS） introduces multi- tenancy architecture （MTA）. Sub-tenancy architecture （STA）, is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create sub- tenants, and grant their resources （including private services and data） to their subtenants. The isolation and sharing re- lations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To ad- dress this problem, this paper provides a formal definition of a new tenant-based access control model based on administra- tive role-based access control （ARBAC） for MTA and STA in service-oriented SaaS （called TMS-ARBAC）. Autonomous areas （AA） and AA-tree are proposed to describe the auton- omy of tenants, including their isolation and sharing relation- ships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is ap- plied to design a geographic e-Science platform. Software-as-a-Service （SaaS） introduces multi- tenancy architecture （MTA）. Sub-tenancy architecture （STA）, is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create sub- tenants, and grant their resources （including private services and data） to their subtenants. The isolation and sharing re- lations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To ad- dress this problem, this paper provides a formal definition of a new tenant-based access control model based on administra- tive role-based access control （ARBAC） for MTA and STA in service-oriented SaaS （called TMS-ARBAC）. Autonomous areas （AA） and AA-tree are proposed to describe the auton- omy of tenants, including their isolation and sharing relation- ships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is ap- plied to design a geographic e-Science platform.

作者 Qiong zuo Meiyi XIE Guanqiu QI Hong ZHU

机构地区 School of Computer Science and Technology School of Computing

出处《Frontiers of Computer Science》 SCIE EI CSCD 2017年第3期465-484,共20页 中国计算机科学前沿（英文版）

关键词 Software-as-a-Service （SaaS） multi-tenancy architecture （MTA） sub-tenancy architecture （STA） rolebased access control （RBAC） model tenant-based access control model Software-as-a-Service （SaaS）, multi-tenancy architecture （MTA）, sub-tenancy architecture （STA）, rolebased access control （RBAC） model, tenant-based access control model

分类号 TP309 [自动化与计算机技术—计算机系统结构] F721.6 [经济管理—产业经济]

引文网络
相关文献

参考文献3

1Rahat MASOOD Muhammad Awais SHIBLI Yumna GHAZI Ayesha KANWAL Arshad ALI.Cloud authorization： exploring techniques and approach towards effective access control framework[J].Frontiers of Computer Science,2015,9(2):297-321. 被引量：3
2夏鲁宁,荆继武.一种基于层次命名空间的RBAC管理模型[J].计算机研究与发展,2007,44(12):2020-2027. 被引量：12
3曹进,李培峰,朱巧明,钱培德.基于租户的访问控制模型T-ARBAC[J].计算机科学与应用,2013,3(3):173-179. 被引量：1

二级参考文献61

1龙勤,刘鹏,潘爱民.基于角色的扩展可管理访问控制模型研究与实现[J].计算机研究与发展,2005,42(5):868-876. 被引量：26
2B Lampson. Protection [J]. In: Proc the 5th Annual Princeton Conf on Information Sciences and Systems. Princeton, New Jersey: Princeton University Press, 1974. 437-443.
3R S Sandhu. Lattice-based access control models [J]. IEEE Computer, 1993, 26(11): 9-19.
4D Ferraiolo, R Kuhn. Role based access controls [C]. The 15th NIST-NCSC National Computer Security Conference, Baltimore, MaryLand, 1992.
5R S Sandhu, E J Coyne, H L Feinstein, et al. Role-based access control models [J]. IEEE Computer, 1996, 29(2) : 38 -47.
6R S Sandhu, V Bhamidipati, Q Munawer. The ARBAC97 model for role-based administration of roles [J]. ACM Trans on Information and System Security, 1999, 2(1) : 105-135.
7R S Sandhu, V Bhamidipati. Role-based administration of user-role assignment: The URA97 model and its Oracle implementation [J]. Journal of Computer Security, 1999, 7 (4) : 317-323.
8R S Sandhu, V Bhamidipati. An Oracle implementation of the PRA97 model for permission-role assignment [C]. In: Proc of the 3rd ACM Workshop on Role-Based Access Control (RBAC' 98). New York: ACM Press, 1998. 13-21.
9S Oh, R Sandhu. A model for role administration using organization structure [C]. In: Sandhu R, Bertino E, eds. Proc of the 6th ACM Symp on Access Control Models and Technologies (SACMAT 2002) . New York: ACM Press, 2002. 155-162.
10Oswego Suny, et al. WISR 1993 design-for-reuse working group report [OL]. http://gee.cs. oswego. edu/dl/WISR93WG/ WISR93WG/WISR93WG. html, 1993-11-03/2006-03-20.

共引文献13

1吴海燕,陈忠.基于角色的权限控制模型的组扩展模型与实现[J].硅谷,2009,2(19):57-58. 被引量：2
2王颖.工作流系统中基于任务的RBAC控制模型研究[J].电子工程师,2008,34(11):38-41.
3任志宇,陈性元,张斌,王俊.一种新型的角色层次化关系模型[J].信息工程大学学报,2010,11(1):88-92. 被引量：4
4杨秋伟,刘玲,李肯立,唐卓.一种支持隐私保护的角色访问控制模型[J].计算机科学,2010,37(6):46-50. 被引量：2
5王婷,陈性元,张斌,张红旗.授权与访问控制中的资源管理技术研究综述[J].小型微型计算机系统,2011,32(4):619-625. 被引量：4
6杨柳,唐卓,李仁发,张宗礼.云计算环境中基于用户访问需求的角色查找算法[J].通信学报,2011,32(7):169-175. 被引量：16
7黄炜,张伟.一种基于角色划分的ERP通用信息检索策略研究[J].计算机应用与软件,2013,30(3):136-138.
8张红旗,刘江,代向东,王义功.一种多级跨域访问控制管理模型[J].信息网络安全,2014(2):1-6. 被引量：4
9万旭川,李凯丰,杜佳.多租户模式在大型分布式企业应用的关键问题研究[J].电子技术与软件工程,2014(16):117-118.
10李斌勇,韩敏,孙林夫,田冉.云服务平台多层网络协同控制模型[J].计算机集成制造系统,2015,21(5):1382-1388. 被引量：15

同被引文献5

1初晓博,秦宇.一种基于可信计算的分布式使用控制系统[J].计算机学报,2010,33(1):93-102. 被引量：21
2周玉芳,余云智,翟永翠.LVC仿真技术综述[J].指挥控制与仿真,2010,32(4):1-7. 被引量：37
3冯朝胜,秦志光,袁丁,卿昱.云计算环境下访问控制关键技术[J].电子学报,2015,43(2):312-319. 被引量：53
4葛承垄,朱元昌,邸彦强,胡志伟,孟宪国.装备平行仿真理论框架研究[J].指挥与控制学报,2017,3(1):48-56. 被引量：13
5李玉萍,毛少杰,居真奇,周芳,严国强.装备体系分析仿真平台研究[J].系统仿真学报,2019,31(11):2374-2381. 被引量：6

引证文献3

1杜楠,谭亚新.模拟与仿真即服务软件架构研究进展[J].兵器装备工程学报,2021,42(9):7-14. 被引量：2
2Zhengtao Liu,Yi Ying,Yaqin Peng,Jinyue Xia.A Temporal Multi-Tenant RBAC Model for Collaborative Cloud Services[J].Computers, Materials & Continua,2020(5):861-871.
3Zhengtao Liu,Yun Yang,Wen Gu,Jinyue Xia.A Multi-Tenant Usage Access Model for Cloud Computing[J].Computers, Materials & Continua,2020(8):1233-1245. 被引量：1

二级引证文献3

1王衡,郭肖芳.软件模拟与仿真在碳减排策略制定与评估中的应用研究[J].皮革制作与环保科技,2024,5(3):187-189.
2刘思源,李胜忠,鲍家乐,赵峰.CAE软件云化应用研究——典型船舶CFD软件初探[J].新型工业化理论与实践,2024,1(4):226-241.
3丁洪翔,赵卓峰.一种适于跨租户数据共享的多租户数据存储模式[J].南京大学学报（自然科学版）,2024,60(3):491-501. 被引量：1

1李伟琴,杨亚平.基于角色的访问控制系统[J].电子工程师,2000,26(2):16-21. 被引量：28
2夏地.AS／400独特的INTERNET应用服务[J].世界电脑与通信（数据传播）,1996(10):33-33.
3邹流乡,王朝斌.访问控制模型与技术研究[J].计算机光盘软件与应用,2014,17(14):307-307.
4葛舸.互联网协同服务发展新趋势[J].互联网经济,2016(7):20-25. 被引量：1
5杜银川,王文健.面试服装租赁店[J].江苏科技信息（科技创业）,2011(4):36-37. 被引量：1
6酒店软件行业“SaaS”应用趋势[J].饭店现代化,2008,0(3):49-49.
7吴勋森.Internet的应用和技术发展(一)[J].四川通信技术,1997(2):1-8.
8刘志斌.3aaS助力HR外包（派遣）服务机构[J].人力资源管理,2010(1):92-92.
9郑章财,徐锋,叶镒娟,戚伟.校园卡系统建设中的安全问题研究[J].华中师范大学学报（自然科学版）,2017,51(S1):217-220.
10冯南.靠出租设备，HTC的VR业务就有救了？[J].计算机应用文摘,2017,0(11):18-19.

Frontiers of Computer Science

2017年第3期

浏览历史

内容加载中请稍等...