摘要
SaaS服务模式将应用软件以服务的形式提供给客户。在单实例模式中,租户的数据统一存储在服务提供商的数据库系统中,他们共享数据库及模式。这种情况下,如何在保障租户数据安全的同时支持租户间的域间相互访问是一个值得思考的问题。结合安全标签,设计出一个支持多租户的多域安全访问控制模型,满足租户对于多域安全访问控制的需求。该模型结合了RBAC的易于管理以及安全标签强制访问的特性,使得系统角色在易于管理的基础上实现高级别的访问控制。
Software as a service (SaaS) model provides applications for the customers in the form of services. In single-instance mode, tenants' data are uniformly stored in the database systems of service providers, they share the database and schema together. In such case, how to protect tenants' data safety while supporting mutual access between the tenants' domains are the issues worth to think about. In this paper, in combination with security tag, we design a multi-domain secure access control model supporting multi-tenant. It meets the demand of tenants in multi-domain secure access control. The model embraces the characteristics of RBAC in its easy management and safety tag mandatory access, makes the system roles achieve high-level access control on the basis of easy management.
出处
《计算机应用与软件》
CSCD
2015年第1期297-302,共6页
Computer Applications and Software
关键词
多租户
多域访问控制
安全标签
Multi-tenant Muhi-domain access control Security tag
