SignedQuery: Protecting users data in multi-tenant SaaS environments

Software-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. Several research studies reported that security and privacy are cited as the biggest concerns in adopting cloud computing. In multi-tenant SaaS applications, the tenants become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure. Consequently, several questions raise, such as, how to ensure that tenant's data are only available to authenticated users? How to prohibit a tenant from accessing other's data? To address these concerns, we present SignedQuery, a mechanism designed to facilitate the process of securing data stored on the cloud. SignedQuery ensures data confidentiality by preventing any tenant from accidentally or maliciously accessing other tenants' data without breaking the functionality of the application. SignedQuery utilizes the usage of a signature to sign the tenant's request, so the server can recognize the requesting tenant and ensure that the data to be accessed is belonging to this tenant. SignedQuery intercepts the HTTP request objects at the tenant's internal network, create the signature and attach it to the request headers, then send the request to the SaaS provider where the signature is validated. We have successfully tested SignedQuery against OrangeHRM. The results showed that our approach is feasible, and incur a negligible overhead.

[1]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[2]  Yuliang Shi,et al.  Data Privacy Preserving Mechanism Based on Tenant Customization for SaaS , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[3]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[4]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[5]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[6]  Amit Sahai,et al.  Computing on Encrypted Data , 2008, ICISS.

[7]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[8]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[9]  Sawan Kumar,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[10]  John Grundy,et al.  TOSSMA: A Tenant-Oriented SaaS Security Management Architecture , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[11]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[12]  Nikita Borisov,et al.  FlyByNight: mitigating the privacy risks of social networking , 2008, WPES '08.

[13]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[14]  Christian Callegari,et al.  Advances in Computing, Communications and Informatics (ICACCI) , 2015 .

[15]  Nalini Venkatasubramanian,et al.  CloudProtect: Managing Data Privacy in Cloud Applications , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[16]  Ben Y. Zhao,et al.  Silverline: toward data confidentiality in storage-intensive cloud applications , 2011, SoCC.