298Accesses
3Altmetric
Abstract
Software-as-a-Service (SaaS) introduces multi-tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create subtenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing relations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To address this problem, this paper provides a formal definition of a new tenant-based access control model based on administrative role-based access control (ARBAC) for MTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the autonomy of tenants, including their isolation and sharing relationships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is applied to design a geographic e-Science platform.
This is a preview of subscription content,log in via an institution to check access.
Access this article
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
Price includes VAT (Japan)
Instant access to the full article PDF.
Similar content being viewed by others
References
Tsai W T, Zhong P. Multi-tenancy and sub-tenancy architecture in Software-as-a-Service (SaaS). In: Proceedings of the 8th IEEE International Symposium on Service Oriented System Engineering. 2014, 128–139
Sandhu R S, Coyne E J, Feinstein H, Youman C. Role-based access control models. IEEE Computer, 1996, 29(2): 38–47
Sandhu R, Bhamidipati V, Munawer Q. The ARBAC97 model for rolebased administration of roles. ACM Transactions on Information and System Security, 1999, 2(1): 105–135
Yaish H, Goyal M. Multi-tenant database access control. In: Proceedings of International Conference on Computational Science and Engineering. 2013, 870–877
Zhong H, Wang W, Yan G, Lei Y. A role-based hierarchical administrative model. In: Proceedings of International Conference on Computational Intelligence and Software Engineering. 2009, 1–4
Bien N H, Thu T D. Hierarchical multi-tenant pattern. In: Proceedings of International Conference on Computing, Management and Telecommunications. 2014, 157–164
Li D, Liu C, Wei Q, Liu Z, Liu B. RBAC-based access control for SaaS systems. In: Proceedings of the 2nd International Conference on Information Engineering and Computer Science. 2010, 1–4
Li D, Liu C, Liu B. H-RBAC: a hierarchical access control model for SaaS systems. International Journal of Modern Education and Computer Science, 2011, 3(5): 47–53
Cao J, Li P, Zhu Q, Qian P. A tenant-based access control model TArbac. Computer Science and Application, 2013, 3: 173–179
Xia L, Jing J. An administrative model for role-based access control using hierarchical namespace. Journal of Computer Research and Development, 2007, 44(12): 2020–2027
Tang B, Sandhu R, Li Q. Multi-tenancy authorization models for collaborative cloud services. In: Proceedings of International Conference on Collaboration Technologies and Systems. 2013, 132–138
Tang B, Li Q, Sandhu R. A multi-tenant RBAC model for collaborative cloud services. In: Proceedings of the 11th Annual International Conference on Privacy, Security and Trust. 2013, 229–238
Wang B, Huang H, Liu X, Xu J. Open identity management framework for SaaS ecosystem. In: Proceedings of IEEE International Conference on e-Business Engineering. 2009, 512–517
Tsai W T, Huang Y, Shao Q H. Easy SaaS: a SaaS development framework. In: Proceedings of IEEE International Conference on Service-Oriented Computing and Applications. 2011, 1–4
Masood R, Shibli M A, Ghazi Y, Kanwal A, Ali A. Cloud authorization: exploring techniques and approach towards effective access control framework. Frontiers of Computer Science, 2015, 9(2): 297–321
Krebs R, Momm C, Kounev S. Architectural concerns in multi-tenant SaaS applications. In: Proceedings of the 2nd International Conference on Cloud Computing and Service Science. 2012, 426–431
Maenhaut P J, Moens H, Decat M, Bogaerts J, Lagaisse B, Joosen W, Ongenae V, De Truck F. Characterizing the performance of tenant data management in multi-tenant cloud authorization systems. In: Proceedings of IEEE/IFIP Network Operations and Management Symposium. 2014, 1–8
Weissman C D, Bobrowski S. The design of the Force.com multitenant Internet application development platform. In: Proceedings of ACM SIGMOD International Conference on Management of Data. 2009, 889–896
Wei S, Yen I L, Thuraisingham B, Bertinod E. Security-aware service composition with fine-grained information flow control. IEEE Transactions on Service Computing, 2013, 6(3): 330–343
Gong L, Qian X L. The complexity and composability of security interoperation. In: Proceedings of IEEE Symposium on Research in Security and Privacy. 1994, 190–200
Gong L, Qian X L. Cumputational issues in secure interoperation. IEEE Transactions on Software Engineering, 1996, 22(1): 43–52
Shafiq B, Joshi J B D, Bertino E, Ghafoor A. Secure interoperation in a multi-domain environment employing RBAC policies. IEEE Transactions on Knowledge and Data Engineering, 2005, 17(11): 1557–1577
Lampson B W. Protection. ACM Operating Systems Review, 1974, 8(1): 18–24
Acknowledgements
This paper was based on projects sponsored by the State Scholarship of the China Scholarship Council.
Author information
Authors and Affiliations
School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, 430074, China
Qiong Zuo, Meiyi Xie & Hong Zhu
School of Computing, Informatics, and Decision Systems Engineering, Arizona State University, Tempe, AZ, 85287, USA
Qiong Zuo & Guanqiu Qi
- Qiong Zuo
You can also search for this author inPubMed Google Scholar
- Meiyi Xie
You can also search for this author inPubMed Google Scholar
- Guanqiu Qi
You can also search for this author inPubMed Google Scholar
- Hong Zhu
You can also search for this author inPubMed Google Scholar
Corresponding author
Correspondence toMeiyi Xie.
Additional information
Qiong Zuo is a lecturer of the School of Computer Science and Technology, Huazhong University of Science and Technology, China and was a visiting scholar in Arizona State University, USA from 2014 to 2015. Her research interests are database system management, cloud computing and big data management.
Meiyi Xie is a lecturer of the School of Computer Science and Technology, Huazhong University of Science and Technology, China. Her research interests are in information security, including database security, intrusion tolerance, cryptography and privacy-preserving data publishing.
Guanqiu Qi received his PhD in Schools of Computing, Informatics, and Decision Systems Engineering, Arizona State University, USA in 2015. His research interests are service-oriented architecture, Software-as-a-Service, Testing-as-a-Service and big data testing.
Hong Zhu is a professor of School of Computer Science and Technology, Huazhong University of Science and Technology, China. Her research interests are in data security, including database security, cryptography and privacy-preserving data publishing.
Electronic supplementary material
Rights and permissions
About this article
Cite this article
Zuo, Q., Xie, M., Qi, G.et al. Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service.Front. Comput. Sci.11, 465–484 (2017). https://doi.org/10.1007/s11704-016-5081-x
Received:
Accepted:
Published:
Issue Date:
Share this article
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative