SaaS平台访问控制研究

Saas平台软件交付模式将应用软件以服务的形式提供给客户,可缩减硬件采购、系统管理上的开销。由于租户数据统一存储于服务提供商处,如何在维持较高资源利用率的同时保障租户的数据安全是一个挑战性问题。针对租户角色复杂、各租户数据共存而又独立访问的要求,结合基于角色的访问控制模型,构建了支持多租户、多角色、方便租户权限管理的SaaS平台的访问控制模型。和传统基于角色的访问控制模型相比,该模型增加了租户的概念,以租户为基本单元实施平台的访问控制,提高了SaaS平台访问控制的安全性和可管理性。分析了用户访问SaaS平台的具体流程,给出了模型的形式语言描述,实现了SaaS餐饮管理平台访问控制的数据库的物理模型,为SaaS平台开发提供参考。     

Software-as-a-service （SaaS）： perspectives and challenges

Software-as-a-service （SaaS） has received significant attention recently as one of three principal components of cloud computing, and it often deals with applications that run on top of a platform-as-a-service （PaaS） that in turn runs on top of infrastructure-as-a-service （IaaS）. This paper provides an overview of SaaS including its architecture and major technical issues such as customization, multi-tenancy architecture, redun- dancy and recovery mechanisms, and scalability. Specifically, a SaaS system can have architecture relating to a database-oriented approach, middleware-oriented approach, service-oriented approach, or PaaS-oriented ap- proach. Various SaaS customization strategies can be used from light customization with manual coding to heavy customization where the SaaS system and its underlying PaaS systems are customized together. Multi-tenancy architecture is an important feature of a SaaS and various trade-offs including security isolation, performance, and engineering effort need to be considered. It is important for a SaaS system to have multi-level redundancy and recovery mechanisms, and the SaaS system needs to coordinate these with the underlying PaaS system. Finally, SaaS scalability mechanisms include a multi-level architecture with load balancers, automated data migration, and software design strategies.     

Efficient customization of multi-tenant Software-as-a-Service applications with service lines

Application-level multi-tenancy is an architectural approach for Software-as-a-Service (SaaS) applications which enables high operational cost efficiency by sharing one application instance among multiple customer organizations (the so-called tenants). However, the focus on increased resource sharing typically results in a one-size-fits-all approach. In principle, the shared application instance satisfies only the requirements common to all tenants, without supporting potentially different and varying requirements of these tenants. As a consequence, multi-tenant SaaS applications are inherently limited in terms of flexibility and variability.This paper presents an integrated service engineering method, called service line engineering, that supports co-existing tenant-specific configurations and that facilitates the development and management of customizable, multi-tenant SaaS applications, without compromising scalability. Specifically, the method spans the design, implementation, configuration, composition, operations and maintenance of a SaaS application that bundles all variations that are based on a common core.We validate this work by illustrating the benefits of our method in the development of a real-world SaaS offering for document processing. We explicitly show that the effort to configure and compose an application variant for each individual tenant is significantly reduced, though at the expense of a higher initial development effort.     

Data Partitioning and Redundancy Management for Robust Multi-Tenancy SaaS

Software-as-as-Service (SaaS) is a new approach for developing software, and it is characterized by its multi-tenancy architecture and its ability to provide flexible customization to individual tenant. However, the multi-tenancy architecture and customization requirements introduce many new issues in software, such as database design, database partition, scalability, recovery, and continuous testing. This paper proposes a hybrid test database design to support SaaS customization with two-layer database partitioning. The database is further extended with a new built-in redundancy with ontology so that the SaaS can recover from ontology, data or metadata failures. Furthermore, constraints in metadata can be used either as test cases or policies to support SaaS continuous testing and policy enforcement.     

面向SaaS应用的SMTDM可伸缩多租户数据管理框架

云计算是一种可以弹性并按需提供资源的技术.在多租户共享数据存储模式下,如何实现数据的动态伸缩存储是云数据管理的关键.针对SaaS应用如何随着租户数量及请求规模的变化而进行自适应伸缩的问题,在分析数据存储层的伸缩性需求的基础上,基于Walraven等人提出的多租户架构思想,扩展典型的云应用架构,设计了一个多租户数据管理框架,实现存储资源的弹性.基于该框架,开发了一个面向网络管理领域的SaaS原型系统,验证了其有效性和可用性.     

基于可变性模型的可复用与可定制SaaS软件开发方法

云计算环境下,软件通过互联网向租户提供服务,这种基于互联网的软件交付模式称为SaaS（软件即服务）.与传统软件交付模式相比,SaaS软件通常运行于软件供应商的服务器端,同时为多个租户提供服务.由于需要支持不同租户的个性化需求,SaaS软件应具备足够的灵活性,以应对快速变化的租户需求;而且针对某一个租户的变更,不应影响其他租户.通过扩展课题组前期开发的基于可变性管理的适应性服务组装方法及其支持平台,提出了一种云计算环境下可复用、可定制的SaaS软件开发方法,开发了相应的支持平台,包括支持SaaS模式的服务组装引擎和远程定制工具.该方法针对不同租户的共性需求,提供一个抽象服务组装模型,支持平台在运行阶段解释执行抽象服务组装模型,根据租户的个性化需求派生不同的流程实例,这些运行时流程实例多态共存、互不影响.采用一个特定领域的SaaS软件实例来验证该方法的可行性,评估了支持平台的性能.实验结果表明,该方法及其支持平台可以支持多实例多租户的交付模式.     

Customer on-boarding strategies for cloud computing services with dynamic service-level agreements

A multi-tenant software as a service (SaaS) provider has to meet the needs of several tenants which adopt its services with diverse business requirements. The tenant needs vary widely with time, and the provider has to account for such fluctuations by suitable provisioning at its end. Handling this elasticity arising out of the tenant base is one of the key challenges for the SaaS provider. In this paper, we study the problem specifically in the SaaS context with the idea built around license provisioning in a tenant–provider perspective. For a given set of tenants with diverse license requirements, it is important to analyze whether there is any way to on-board them such that all constraints laid out as part of the service-level agreement can be honored. The total number of licenses available with the provider plays a crucial role in answering this question. We propose an intuitive model of elasticity that can capture anticipated license need variations at the tenant end. We propose an ILP-based approach for solving this schedulability problem for a collection of tenants. We also propose a simple-minded greedy heuristic to solve the on-boarding problem with elasticity constraints. Results show that our approach gives acceptable performance.     

支持SaaS的安全权限管理系统

SaaS作为一种通过互联网向公众特别是中小企业提供应用软件的模式,其突出特点就是可扩展性、多用户、高效性、可配置性。文章基于SaaS第四级成熟度＂可扩展的多实例可配置级＂要求,设计和实现了一个可以支持多租户、多服务的SaaS系统架构和一个统一的安全认证与权限管理系统。其中所采用的存储模型和安全管理模型可适应于大规模租户的需要,可在满足系统性能要求下的架构灵活性和可扩展性,并满足多租户的定制化需求。     

一种带租户演化容忍度的SaaS服务演化一致性判定方法

随着云技术的不断发展与成熟,软件即服务(SaaS)模式成为未来软件应用发展的主要趋势。在多元开放的网络生态环境中,SaaS服务若要有效应对用户需求及外部变化,就须具备演化能力。演化一致性 是指服务在演化后能保有原基础及与其他服务正常交互的能力。目前对演化一致性的判定多偏向于定性分析,且往往忽略了租户的感受,没有既定的显式标准对一致性进行定量度量并判定。针对此问题,从SaaS多租户单实例的应用模式出发,分层次细粒度地建立服务实例描述模型,引入一致性度量值来表示定量计算的结果,充分考虑租户的演化要求,提出一种带租户演化容忍度的判定方法,细粒度地判定演化一致性。最后,结合SaaS应用案例,采用所提方法对演化一致性进行分析判定,实际应用的反馈情况验证了该方法的可行性和有效性。     

SDSN@RT: A middleware environment for single-instance multitenant cloud applications

With the single-instance multitenancy (SIMT) model for composite Software-as-a-Service (SaaS) applications, a single composite application instance can host multiple tenants, yielding the benefits of better service and resource utilization and reduced operational cost for the SaaS provider. An SIMT application needs to share services and their aggregation (the application) among its tenants while supporting variations in the functional and performance requirements of the tenants. The SaaS provider requires a middleware environment that can deploy, enact, and manage a designed SIMT application, to achieve the varied requirements of the different tenants in a controlled manner. This paper presents the SDSN@RT (software-defined service networks at runtime) middleware environment that can meet the aforementioned requirements. SDSN@RT represents an SIMT composite cloud application as a multitenant service network, where the same service network simultaneously hosts a set of virtual service networks, one for each tenant. A service network connects a set of services and coordinates the interactions between them. A virtual service network realizes the requirements for a specific tenant and can be deployed, configured, and logically isolated in the service network at runtime. SDSN@RT also supports the monitoring and runtime changes of the deployed multitenant service networks. We show the feasibility of SDSN@RT with a prototype implementation and demonstrate its capabilities to host SIMT applications and support their changes with a case study. The performance study of the prototype implementation shows that the runtime capabilities of our middleware incur little overhead.     

Multi-tenant Verification-as-a-Service (VaaS) in a cloud

Formal methods and verification technique are often used to develop mission-critical systems. Cloud computing offers new computation models for applications and the new model can be used for formal verification. But formal verification tools and techniques may need to be updated to exploit the cloud architectures. Multi-Tenant Architecture (MTA) is a design architecture used in SaaS (Software-as-a-Service) where a tenant can customize its applications by integrating either services already stored in the SaaS database or newly supplied services. This paper proposes a new concept VaaS (Verification-as-a-Service), similar to SaaS, by leveraging the computing power offered by a cloud environment with automated provisioning, scalability, and service composition. A VaaS hosts verification software in a cloud environment, and these services can be called on demand, and can be composed to verify a software model. This paper presents a VaaS architecture with components, and ways that a VaaS can be used to verify models. Bigragh is selected as the modeling language for illustration as it can model mobile applications. A Bigraph models can be verified by first converting it to a state model, and the state model can be verified by model-checking tools. The VaaS services combination model and execution model are also presented. The algorithm of distributing VaaS services to a cloud is given and its efficiency is evaluated. A case study is used to demonstrate the feasibility of a VaaS.     

面向SaaS应用基于键值对模式的多租户索引研究

面向SaaS应用的多租户数据库为满足租户的数据隔离和按需定制的需求,需要提供支持隔离和易于定制的数据存储机制及索引机制.基于键值对存储方式,提出元数据驱动的映射表索引模型,该模型根据租户定制需求,为租户业务数据形成各自的索引元数据,通过元数据驱动实现了索引数据的隔离及定制效果;给出索引的维护策略,根据租户数据访问请求进行索引切片,以逐渐细化的索引切片作为数据访问的基本单位,快速返回租户结果集.实验结果表明,该方案在数据访问分布均衡的情况下,使索引维护及数据访问具有较好的总体性能.     

PERSIST: Policy-Based Data Management Middleware for Multi-Tenant SaaS Leveraging Federated Cloud Storage

NoSQL data stores are often combined to address different requirements within the same application. The implication of this trend is particularly important and relevant in the context of multi-tenant SaaS applications where tenants commonly have different storage- and privacy-related requirements and thus they desire to customize the storage setup according to their specific needs. Consequently, application developers are increasingly combining storage resources: on-premise and public cloud resources in a hybrid cloud setup, different external public cloud storage resources and providers in a federated cloud storage setup, etc. The consequences of these trends are twofold: (i) application developers and SaaS providers have to deal with heterogeneous technologies, different APIs, and implement complex storage logic (to address different requirements of tenants), all within the application layer; and (ii) storage architectures have become less rigid, and techniques are required to flexibly change the storage configuration of running applications, up to the level of individual service requests. To address these challenges, we present PERSIST, a middleware architecture that (i) externalizes the complexity of a federated cloud storage architecture and the complex storage logic from the SaaS application to storage policies, allows tenants to enforce different storage- and privacy-related requirements at a fine-grained level; and (ii) supports the dynamic (re)configurability of the underlying federated cloud storage architecture. Application-specific policies can be customized by individual tenants at run time, and PERSIST offers support for run-time cross-provider polyglot persistence and the confidentiality of sensitive data through encryption. We have validated PERSIST in a working prototype implementation. Our extensive evaluation efforts show (i) the accomplished reduction in the required development effort to support complex storage policies, (ii) the reduction in cost/effort to change the data storage architecture itself, and finally (iii) the acceptability of the performance overhead (around 6% for insert, and 2% for read, update and delete transactions).     

IaaS环境下多租户安全资源分配算法和安全服务调度框架

针对基础设施即服务（IaaS）环境下多租户使用安全服务时由于安全资源有限和安全资源分配不均导致的效率低下问题,提出了一个租户安全资源调度框架。首先以最小最大公平算法为基础,结合Fair Scheduler的调度思想为租户设定了最小共享量和资源需求量属性;然后通过安全服务资源分配算法在保证租户最小共享量满足的前提下,尽可能公平地满足租户的资源需求;最后结合租户内任务调度和租户间资源抢占算法,实现了租户安全服务调度框架。实验结果表明,在随机资源分配条件下,安全服务资源分配算法与传统资源分配算法相比在资源利用率和作业效率上均有明显提高,安全服务调度框架可以有效解决多租户安全资源的分配和强占问题。     

面向多租约SaaS应用的负载均衡机制研究与实现

随着云计算的普及,SaaS作为一种新的软件交付模式得到了越来越广泛地关注.为了支持高速业务发展带来的大量用户的访问请求,多租约SaaS应用需要负载均衡机制以支持可扩展性.本文从对多租约SanS应用用户需求的分析入手,提出了一种面向租约功能类型的服务器负载模型和面向租约用户非功能需求的执行请求按需分配算法,设计了一个面向多租约SanS 应用的负载均衡系统.实验表明本文提出的面向多租约SaaS应用的负载均衡机制能在满足不同租约用户需求的同时提高系统整体执行效率.     

不确定数据流最大频繁项集挖掘算法研究

对于大型数据,频繁项集挖掘显得庞大而冗余,挖掘最大频繁项集可以减少挖出的频繁项集的个数。可是对于不确定性数据流,传统判断项集是否频繁的方法已不能准确表达项集的频繁性,而且目前还没有在不确定数据流上挖掘最大频繁项集的相关研究。因此,针对上述不足,提出了一种基于衰减模型的不确定性数据流最大频繁项集挖掘算法TUFSMax。该算法采用标记树结点的方法,使得算法不需要超集检测就可挖掘出所有的最大频繁项集,节约了超集检测时间。实验证明了提出的算法在时间和空间上具有高效性。     

Tenant-based access control model for multi-tenancy and sub-tenancy architecture in Software-as-a-Service

Software-as-a-Service (SaaS) introduces multi-tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create subtenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing relations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To address this problem, this paper provides a formal definition of a new tenant-based access control model based on administrative role-based access control (ARBAC) for MTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the autonomy of tenants, including their isolation and sharing relationships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is applied to design a geographic e-Science platform.     

Scalable model‐based configuration management of security services in complex enterprise networks

Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large‐scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high‐level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy‐based management and policy hierarchies, combining model‐based management (MBM) with system modularization. MBM employs an object‐oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system—and the model—into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model‐Based‐Service‐Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright © 2010 John Wiley & Sons, Ltd.     

Adaptable,model-driven security engineering for SaaS cloud-based applications

Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple “tenants” of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants—i.e. multi-tenancy—increases tenants’ concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants’ needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants’ security requirements. We use abstract models to capture service provider and multiple tenants’ security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.     

组播聚合中高效的可扩展组-树匹配算法

当网络中同时存在大量的的组播组的时候,IP组播的可扩展性问题变得非常突出.对组播聚合中的组播组-树的匹配算法进行了研究,提出了一种高效的可扩展的组播组-树匹配算法(SGTM算法).在确定组播组的匹配树过程中,通过将组播树按照其开销进行排序以及扩展处理,降低了在查找过程中所检查的组播树的数量,提高了聚合组播算法的执行速度.并引入了对组播聚合性能进行度量的参数,结果表明SGTM算法与传统的组播聚合算法相比在同等性能的情况下执行速度更快.