SecPlace: A Security-Aware Placement Model for Multi-tenant SaaS Environments

Software-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. In multi-tenant SaaS applications, the tenants (i.e., Companies) become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure (i.e., Databases). Consequently, two main questions raise. First, how to prohibit a tenant from accessing other's data? Second, how to avoid the security threats from co-located competing tenants? In this paper, we address the second question. We present Sec Place, a resource allocation model designed to increase the level of security for tenants sharing the same infrastructure. Sec Place avoids hosting competing companies on the same database instance. We minimize the risk of co-resident tenants by preventing any two tenants of the same business type to be hosted on the same database server. Sec Place utilizes the usage of tenant subscription data, such as business type and tenant size and place the tenant accordingly. We conduct extensive experiments to validate our approach. The results show that our approach is practical, achieves its goal, and have a moderate complexity.

[1]  Christoph Meinel,et al.  Implementation of Cloud-RAID: A Secure and Reliable Storage above the Clouds , 2013, GPC.

[2]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[3]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[4]  Yuliang Shi,et al.  Data Privacy Preserving Mechanism Based on Tenant Customization for SaaS , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[5]  Alexander Zeier,et al.  Predicting in-memory database performance for automating cluster management tasks , 2011, 2011 IEEE 27th International Conference on Data Engineering.

[6]  Brent Waters,et al.  Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[7]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[8]  John Grundy,et al.  TOSSMA: A Tenant-Oriented SaaS Security Management Architecture , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[9]  Eli Upfal,et al.  Performance prediction for concurrent database workloads , 2011, SIGMOD '11.

[10]  Ben Y. Zhao,et al.  Silverline: toward data confidentiality in storage-intensive cloud applications , 2011, SoCC.

[11]  Jignesh M. Patel,et al.  Towards Multi-Tenant Performance SLOs , 2012, IEEE Transactions on Knowledge and Data Engineering.

[12]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[13]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[14]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[15]  Christoph Meinel,et al.  A Security and High-Availability Layer for Cloud Storage , 2010, WISE Workshops.

[16]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[17]  Amit Sahai,et al.  Computing on Encrypted Data , 2008, ICISS.

[18]  Carlo Curino,et al.  Workload-aware database monitoring and consolidation , 2011, SIGMOD '11.

[19]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[20]  Elaine Shi,et al.  Evaluating predicates over encrypted data , 2008 .

[21]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[22]  Sawan Kumar,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[23]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[24]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.