Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service

Qiong ZUO; Meiyi XIE; Guanqiu QI; Hong ZHU

doi:10.1007/s11704-016-5081-x

PDF(1092 KB)

Front. Comput. Sci. ›› 2017, Vol. 11 ›› Issue (3) : 465-484. DOI: 10.1007/s11704-016-5081-x

RESEARCH ARTICLE

Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service

Qiong ZUO¹^,² ,
Meiyi XIE¹ ,
Guanqiu QI² ,
Hong ZHU¹

Author information +

History +

Abstract

Software-as-a-Service (SaaS) introduces multitenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create subtenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing relations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To address this problem, this paper provides a formal definition of a new tenant-based access control model based on administrative role-based access control (ARBAC) forMTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the autonomy of tenants, including their isolation and sharing relationships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is applied to design a geographic e-Science platform.

Keywords

Software-as-a-Service (SaaS) / multi-tenancy architecture (MTA) / sub-tenancy architecture (STA) / rolebased access control (RBAC) model / tenant-based access control model

Cite this article

EndNote

Ris (Procite)

Bibtex

Download citation ▾

Qiong ZUO, Meiyi XIE, Guanqiu QI, Hong ZHU. Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service. Front. Comput. Sci., 2017, 11(3): 465‒484 https://doi.org/10.1007/s11704-016-5081-x

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	TsaiW T, ZhongP.Multi-tenancy and sub-tenancy architecture in Software-as-a-Service (SaaS). In: Proceedings of the 8th IEEE International Symposium on Service Oriented System Engineering. 2014, 128–139 CrossRef Google scholar

[2]	SandhuR S, CoyneE J, FeinsteinH, Youman C. Role-based access control models. IEEE Computer, 1996, 29(2): 38–47 CrossRef Google scholar

[3]	SandhuR, Bhamidipati V, MunawerQ . The ARBAC97 model for rolebased administration of roles. ACM Transactions on Information and System Security, 1999, 2(1): 105–135 CrossRef Google scholar

[4]	YaishH, GoyalM. Multi-tenant database access control. In: Proceedings of International Conference on Computational Science and Engineering. 2013, 870–877 CrossRef Google scholar

[5]	ZhongH, WangW, YanG, Lei Y. A role-based hierarchical administrative model. In: Proceedings of International Conference on Computational Intelligence and Software Engineering. 2009, 1–4 CrossRef Google scholar

[6]	BienN H, ThuT D. Hierarchical multi-tenant pattern. In: Proceedings of International Conference on Computing, Management and Telecommunications. 2014, 157–164

[7]	LiD, LiuC, WeiQ, Liu Z, LiuB . RBAC-based access control for SaaS systems. In: Proceedings of the 2nd International Conference on Information Engineering and Computer Science. 2010, 1–4 CrossRef Google scholar

[8]	LiD, LiuC, LiuB. H-RBAC: a hierarchical access control model for SaaS systems. International Journal of Modern Education and Computer Science, 2011, 3(5): 47–53 CrossRef Google scholar

[9]	CaoJ, LiP, ZhuQ, Qian P. A tenant-based access control model TArbac. Computer Science and Application, 2013, 3: 173–179 CrossRef Google scholar

[10]	XiaL, JingJ. An administrative model for role-based access control using hierarchical namespace. Journal of Computer Research and Development, 2007, 44(12): 2020–2027 CrossRef Google scholar

[11]	TangB, SandhuR, LiQ. Multi-tenancy authorization models for collaborative cloud services. In: Proceedings of International Conference on Collaboration Technologies and Systems. 2013, 132–138 CrossRef Google scholar

[12]	TangB, LiQ, SandhuR. A multi-tenant RBAC model for collaborative cloud services. In: Proceedings of the 11th Annual International Conference on Privacy, Security and Trust. 2013, 229–238 CrossRef Google scholar

[13]	WangB, HuangH, LiuX, Xu J. Open identity management framework for SaaS ecosystem. In: Proceedings of IEEE International Conference on e-Business Engineering. 2009, 512–517

[14]	TsaiW T, HuangY, ShaoQ H. EasySaaS: a SaaS development framework. In: Proceedings of IEEE International Conference on Service- Oriented Computing and Applications. 2011, 1–4 CrossRef Google scholar

[15]	MasoodR, ShibliM A, GhaziY, Kanwal A, AliA . Cloud authorization: exploring techniques and approach towards effective access control framework. Frontiers of Computer Science, 2015, 9(2): 297–321 CrossRef Google scholar

[16]	KrebsR, MommC, KounevS. Architectural concerns in multi-tenant SaaS applications. In: Proceedings of the 2nd International Conference on Cloud Computing and Service Science. 2012, 426–431

[17]	MaenhautP J, MoensH, DecatM, Bogaerts J, LagaisseB , JoosenW, Ongenae V, De TruckF . Characterizing the performance of tenant data management in multi-tenant cloud authorization systems. In: Proceedings of IEEE/IFIP Network Operations and Management Symposium. 2014, 1–8 CrossRef Google scholar

[18]	WeissmanC D, Bobrowski S. The design of the Force.com multitenant Internet application development platform. In: Proceedings of ACM SIGMOD International Conference on Management of Data. 2009, 889–896 CrossRef Google scholar

[19]	WeiS, YenI L, ThuraisinghamB , BertinodE. Security-aware service composition with fine-grained information flow control. IEEE Transactions on Service Computing, 2013, 6(3): 330–343 CrossRef Google scholar

[20]	GongL, QianX L. The complexity and composability of security interoperation. In: Proceedings of IEEE Symposium on Research in Security and Privacy. 1994, 190–200

[21]	GongL, QianX L. Cumputational issues in secure interoperation. IEEE Transactions on Software Engineering, 1996, 22(1): 43–52 CrossRef Google scholar

[22]	ShafiqB, JoshiJ B D, BertinoE, Ghafoor A. Secure interoperation in a multi-domain environment employing RBAC policies. IEEE Transactions on Knowledge and Data Engineering, 2005, 17(11): 1557–1577 CrossRef Google scholar

[23]	LampsonB W. Protection. ACM Operating Systems Review, 1974, 8(1): 18–24 CrossRef Google scholar

RIGHTS & PERMISSIONS

2016 Higher Education Press and Springer-Verlag Berlin Heidelberg

AI Summary AI Mindmap

PDF(1092 KB)

Accesses

Citations

Detail

Sections

Recommended

Received	Accepted	Published
27 Feb 2015	01 Dec 2015	25 May 2017
Just Accepted Date	Online First Date	Issue Date
22 Mar 2016	18 Jul 2016	25 May 2017

About the journal

Aims & scope

Description

Editorial board

Abstracting / Indexing

Contact us

Browse

Just accepted

Online first

Latest issue

All volumes and issues

Collections

Featured articles

Most accessed

Most cited

Collections

Multimedia collections

Authors & reviewers

Online submisson

Call for papers

Guidelines for authors

Download templates