Software-as-a-Service (SaaS) introduces multi- tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their app...Software-as-a-Service (SaaS) introduces multi- tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create sub- tenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing re- lations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To ad- dress this problem, this paper provides a formal definition of a new tenant-based access control model based on administra- tive role-based access control (ARBAC) for MTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the auton- omy of tenants, including their isolation and sharing relation- ships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is ap- plied to design a geographic e-Science platform.展开更多
Data security and user privacy have become crucial elements in multi-tenant data centers.Various traffic types in the multi-tenant data center in the cloud environment have their characteristics and requirements.In th...Data security and user privacy have become crucial elements in multi-tenant data centers.Various traffic types in the multi-tenant data center in the cloud environment have their characteristics and requirements.In the data center network(DCN),short and long flows are sensitive to low latency and high throughput,respectively.The traditional security processing approaches,however,neglect these characteristics and requirements.This paper proposes a fine-grained security enhancement mechanism(SEM)to solve the problem of heterogeneous traffic and reduce the traffic completion time(FCT)of short flows while ensuring the security of multi-tenant traffic transmission.Specifically,for short flows in DCN,the lightweight GIFT encryption method is utilized.For Intra-DCN long flows and Inter-DCN traffic,the asymmetric elliptic curve encryption algorithm(ECC)is utilized.The NS-3 simulation results demonstrate that SEM dramatically reduces the FCT of short flows by 70%compared to several conventional encryption techniques,effectively enhancing the security and anti-attack of traffic transmission between DCNs in cloud computing environments.Additionally,SEM performs better than other encryption methods under high load and in largescale cloud environments.展开更多
Multi-tenant collaboration brings the challenge to access control in cloud computing environment.Based on the multi-tenant role-based access control(MT-RBAC)model,a Temporal MT-RBAC(TMT-RBAC)model for collaborative cl...Multi-tenant collaboration brings the challenge to access control in cloud computing environment.Based on the multi-tenant role-based access control(MT-RBAC)model,a Temporal MT-RBAC(TMT-RBAC)model for collaborative cloud services is proposed.It adds the time constraint between trusted tenants,including usable role time constraint based on both calendar and interval time.Analysis shows that the new model strengthens the presentation ability of MT-RBAC model,achieves the finer-grained access control,reduces the management costs and enhances the security of multi-tenant collaboration in cloud computing environment.展开更多
Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated tha...Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service.To realize access control in a multi-tenant cloud computing environment,this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants.The model consists of three sub-models,which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios.With an established trust relation in MT-UCON(Multi-tenant Usage Access Control),the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor.In addition,the security of the model is analyzed by an information flow method.The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.展开更多
SaaS (Software as a Service)the application mode occurs exactly along with the broadening and convenience of network platform, its core is the application of Multi-Tenant. The Multi-Tenant under SaaS not only makes Ap...SaaS (Software as a Service)the application mode occurs exactly along with the broadening and convenience of network platform, its core is the application of Multi-Tenant. The Multi-Tenant under SaaS not only makes Application Software more efficient and convenient, but also reduce the cost of software development, hardware purchase, training and upgrade maintenance, which can relieve the financial pressure of enterprises invisibly, so that enterprises can focus on the business development. Aiming at the personalized demand of Multi-Tenant's tenement, this thesis studies about personalized configuration of data, function, and operation interface, moreover, it shows the method of personalized configuration. It also indicates how to make the Multi-Tenant come true through personalized configuration, and realizes unified management of these applications.展开更多
This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.B...This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.展开更多
The emerging technology of multi-tenancy network slicing is considered as an es sential feature of 5G cellular networks.It provides network slices as a new type of public cloud services and therewith increases the ser...The emerging technology of multi-tenancy network slicing is considered as an es sential feature of 5G cellular networks.It provides network slices as a new type of public cloud services and therewith increases the service flexibility and enhances the network re source efficiency.Meanwhile,it raises new challenges of network resource management.A number of various methods have been proposed over the recent past years,in which machine learning and artificial intelligence techniques are widely deployed.In this article,we provide a survey to existing approaches of network slicing resource management,with a highlight on the roles played by machine learning in them.展开更多
文摘Software-as-a-Service (SaaS) introduces multi- tenancy architecture (MTA). Sub-tenancy architecture (STA), is an extension of MTA, allows tenants to offer services for subtenant developers to customize their applications in the SaaS infrastructure. In a STA system, tenants can create sub- tenants, and grant their resources (including private services and data) to their subtenants. The isolation and sharing re- lations between parent-child tenants, sibling tenants or two non-related tenants are more complicated than those between tenants in MTA. It is important to keep service components or data private, and at the same time, allow them to be shared, and support application customizations for tenants. To ad- dress this problem, this paper provides a formal definition of a new tenant-based access control model based on administra- tive role-based access control (ARBAC) for MTA and STA in service-oriented SaaS (called TMS-ARBAC). Autonomous areas (AA) and AA-tree are proposed to describe the auton- omy of tenants, including their isolation and sharing relation- ships. Authorization operations on AA and different resource sharing strategies are defined to create and deploy the access control scheme in STA models. TMS-ARBAC model is ap- plied to design a geographic e-Science platform.
基金This work is supported by the National Natural Science Foundation of China(62102046,62072056)the Natural Science Foundation of Hunan Province(2022JJ30618,2020JJ2029)the Scientific Research Fund of Hunan Provincial Education Department(22B0300).
文摘Data security and user privacy have become crucial elements in multi-tenant data centers.Various traffic types in the multi-tenant data center in the cloud environment have their characteristics and requirements.In the data center network(DCN),short and long flows are sensitive to low latency and high throughput,respectively.The traditional security processing approaches,however,neglect these characteristics and requirements.This paper proposes a fine-grained security enhancement mechanism(SEM)to solve the problem of heterogeneous traffic and reduce the traffic completion time(FCT)of short flows while ensuring the security of multi-tenant traffic transmission.Specifically,for short flows in DCN,the lightweight GIFT encryption method is utilized.For Intra-DCN long flows and Inter-DCN traffic,the asymmetric elliptic curve encryption algorithm(ECC)is utilized.The NS-3 simulation results demonstrate that SEM dramatically reduces the FCT of short flows by 70%compared to several conventional encryption techniques,effectively enhancing the security and anti-attack of traffic transmission between DCNs in cloud computing environments.Additionally,SEM performs better than other encryption methods under high load and in largescale cloud environments.
基金This work was sponsored by Qing Lan Project of JiangSu Province,The Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Nos.17KJB520033,17KJB520032)National Natural Science Foundation of China(No.61772280)。
文摘Multi-tenant collaboration brings the challenge to access control in cloud computing environment.Based on the multi-tenant role-based access control(MT-RBAC)model,a Temporal MT-RBAC(TMT-RBAC)model for collaborative cloud services is proposed.It adds the time constraint between trusted tenants,including usable role time constraint based on both calendar and interval time.Analysis shows that the new model strengthens the presentation ability of MT-RBAC model,achieves the finer-grained access control,reduces the management costs and enhances the security of multi-tenant collaboration in cloud computing environment.
文摘Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service.To realize access control in a multi-tenant cloud computing environment,this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants.The model consists of three sub-models,which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios.With an established trust relation in MT-UCON(Multi-tenant Usage Access Control),the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor.In addition,the security of the model is analyzed by an information flow method.The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.
文摘SaaS (Software as a Service)the application mode occurs exactly along with the broadening and convenience of network platform, its core is the application of Multi-Tenant. The Multi-Tenant under SaaS not only makes Application Software more efficient and convenient, but also reduce the cost of software development, hardware purchase, training and upgrade maintenance, which can relieve the financial pressure of enterprises invisibly, so that enterprises can focus on the business development. Aiming at the personalized demand of Multi-Tenant's tenement, this thesis studies about personalized configuration of data, function, and operation interface, moreover, it shows the method of personalized configuration. It also indicates how to make the Multi-Tenant come true through personalized configuration, and realizes unified management of these applications.
文摘This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.
文摘The emerging technology of multi-tenancy network slicing is considered as an es sential feature of 5G cellular networks.It provides network slices as a new type of public cloud services and therewith increases the service flexibility and enhances the network re source efficiency.Meanwhile,it raises new challenges of network resource management.A number of various methods have been proposed over the recent past years,in which machine learning and artificial intelligence techniques are widely deployed.In this article,we provide a survey to existing approaches of network slicing resource management,with a highlight on the roles played by machine learning in them.
