Please wait a minute...
Shopping Cart Email List Chinese
Advanced Search Fig/Tab
Frontiers of Computer Science

ISSN 2095-2228

ISSN 2095-2236(Online)

CN 10-1014/TP

Postal Subscription Code 80-970

2018 Impact Factor: 1.129

Featured Articles  |  Most Downloaded  |  Most Reading
Online Submission Subscribe to Our RSS Content Feed
Front. Comput. Sci.    2017, Vol. 11 Issue (3) : 465-484    https://doi.org/10.1007/s11704-016-5081-x
RESEARCH ARTICLE
Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service
Qiong ZUO1,2(), Meiyi XIE1(), Guanqiu QI2(), Hong ZHU1()
1. School of Computer Science and Technology, Huazhong University of Science and Technology,Wuhan 430074, China
2. School of Computing, Informatics, and Decision Systems Engineering, Arizona State University, Tempe AZ 85287, USA
 Download: PDF(1092 KB)  
 Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks
Abstract

Software-as-a-Service (SaaS) introduces multitenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create subtenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing relations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To address this problem, this paper provides a formal definition of a new tenant-based access control model based on administrative role-based access control (ARBAC) forMTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the autonomy of tenants, including their isolation and sharing relationships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is applied to design a geographic e-Science platform.
Keywords Software-as-a-Service (SaaS)      multi-tenancy architecture (MTA)      sub-tenancy architecture (STA)      rolebased access control (RBAC) model      tenant-based access control model     
Corresponding Author(s): Meiyi XIE   
Just Accepted Date: 22 March 2016   Online First Date: 18 July 2016    Issue Date: 25 May 2017
 Cite this article:   
Qiong ZUO,Meiyi XIE,Guanqiu QI, et al. Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service[J]. Front. Comput. Sci., 2017, 11(3): 465-484.
 URL:  
https://academic.hep.com.cn/fcs/EN/10.1007/s11704-016-5081-x
https://academic.hep.com.cn/fcs/EN/Y2017/V11/I3/465
1 TsaiW T, ZhongP.Multi-tenancy and sub-tenancy architecture in Software-as-a-Service (SaaS). In: Proceedings of the 8th IEEE International Symposium on Service Oriented System Engineering. 2014, 128–139
https://doi.org/10.1109/sose.2014.20
2 SandhuR S, CoyneE J, FeinsteinH, Youman C. Role-based access control models. IEEE Computer, 1996, 29(2): 38–47
https://doi.org/10.1109/2.485845
3 SandhuR, Bhamidipati V, MunawerQ . The ARBAC97 model for rolebased administration of roles. ACM Transactions on Information and System Security, 1999, 2(1): 105–135
https://doi.org/10.1145/300830.300839
4 YaishH, GoyalM. Multi-tenant database access control. In: Proceedings of International Conference on Computational Science and Engineering. 2013, 870–877
https://doi.org/10.1109/cse.2013.131
5 ZhongH, WangW, YanG, Lei Y. A role-based hierarchical administrative model. In: Proceedings of International Conference on Computational Intelligence and Software Engineering. 2009, 1–4
https://doi.org/10.1109/cise.2009.5363096
6 BienN H, ThuT D. Hierarchical multi-tenant pattern. In: Proceedings of International Conference on Computing, Management and Telecommunications. 2014, 157–164
7 LiD, LiuC, WeiQ, Liu Z, LiuB . RBAC-based access control for SaaS systems. In: Proceedings of the 2nd International Conference on Information Engineering and Computer Science. 2010, 1–4
https://doi.org/10.1109/iciecs.2010.5678213
8 LiD, LiuC, LiuB. H-RBAC: a hierarchical access control model for SaaS systems. International Journal of Modern Education and Computer Science, 2011, 3(5): 47–53
https://doi.org/10.5815/ijmecs.2011.05.07
9 CaoJ, LiP, ZhuQ, Qian P. A tenant-based access control model TArbac. Computer Science and Application, 2013, 3: 173–179
https://doi.org/10.12677/CSA.2013.33030
10 XiaL, JingJ. An administrative model for role-based access control using hierarchical namespace. Journal of Computer Research and Development, 2007, 44(12): 2020–2027
https://doi.org/10.1360/crad20071205
11 TangB, SandhuR, LiQ. Multi-tenancy authorization models for collaborative cloud services. In: Proceedings of International Conference on Collaboration Technologies and Systems. 2013, 132–138
https://doi.org/10.1109/cts.2013.6567218
12 TangB, LiQ, SandhuR. A multi-tenant RBAC model for collaborative cloud services. In: Proceedings of the 11th Annual International Conference on Privacy, Security and Trust. 2013, 229–238
https://doi.org/10.1109/pst.2013.6596058
13 WangB, HuangH, LiuX, Xu J. Open identity management framework for SaaS ecosystem. In: Proceedings of IEEE International Conference on e-Business Engineering. 2009, 512–517
14 TsaiW T, HuangY, ShaoQ H. EasySaaS: a SaaS development framework. In: Proceedings of IEEE International Conference on Service- Oriented Computing and Applications. 2011, 1–4
https://doi.org/10.1109/soca.2011.6166262
15 MasoodR, ShibliM A, GhaziY, Kanwal A, AliA . Cloud authorization: exploring techniques and approach towards effective access control framework. Frontiers of Computer Science, 2015, 9(2): 297–321
https://doi.org/10.1007/s11704-014-3160-4
16 KrebsR, MommC, KounevS. Architectural concerns in multi-tenant SaaS applications. In: Proceedings of the 2nd International Conference on Cloud Computing and Service Science. 2012, 426–431
17 MaenhautP J, MoensH, DecatM, Bogaerts J, LagaisseB , JoosenW, Ongenae V, De TruckF . Characterizing the performance of tenant data management in multi-tenant cloud authorization systems. In: Proceedings of IEEE/IFIP Network Operations and Management Symposium. 2014, 1–8
https://doi.org/10.1109/noms.2014.6838232
18 WeissmanC D, Bobrowski S. The design of the Force.com multitenant Internet application development platform. In: Proceedings of ACM SIGMOD International Conference on Management of Data. 2009, 889–896
https://doi.org/10.1145/1559845.1559942
19 WeiS, YenI L, ThuraisinghamB , BertinodE. Security-aware service composition with fine-grained information flow control. IEEE Transactions on Service Computing, 2013, 6(3): 330–343
https://doi.org/10.1109/TSC.2012.3
20 GongL, QianX L. The complexity and composability of security interoperation. In: Proceedings of IEEE Symposium on Research in Security and Privacy. 1994, 190–200
21 GongL, QianX L. Cumputational issues in secure interoperation. IEEE Transactions on Software Engineering, 1996, 22(1): 43–52
https://doi.org/10.1109/32.481533
22 ShafiqB, JoshiJ B D, BertinoE, Ghafoor A. Secure interoperation in a multi-domain environment employing RBAC policies. IEEE Transactions on Knowledge and Data Engineering, 2005, 17(11): 1557–1577
https://doi.org/10.1109/TKDE.2005.185
23 LampsonB W. Protection. ACM Operating Systems Review, 1974, 8(1): 18–24
https://doi.org/10.1145/775265.775268
[1] FCS-0465-15081-QZ_suppl_1 Download
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed