| With the development of Web applications and the rapid increasing scale of software, SaaS was born at the right time as a new software application mode in order to reduce the cost of development and maintenance of software and hardware."Single instance, multi-tenant" is a mode of SaaS. In such a mode, there is a risk that other tenant may illegally access the tenant data of the same instance, Access control technology means that controlling subjects to access the objects, which ensures authorized users can access resource effectively. So it is valuable to do research on access control technology for Web application development.In the thesis, the characters of XACML is described, the difference between XACML2.0and XACML3.0is firstly analyzed in detail. Moreover based on umu-xacml-editor-v1.3.2, an editor is suitable for XACML3.0standard, was developed. Secondly, by analyzing access control model in current multi-tenant environment, the data flow model of XACML was extended to fit for multi-tenant environment.During the process of access control, the safety of tenant policy is the core of tenant access application and should be guaranteed. The filter driver, which protect policy file at underlying operation system, was designed and implemented. At the same time, the modules of the policy monitor and the updating were also designed and implemented to manage the policy file. Finally, based on XACML data flow the extended ABAC model was applied to a concrete multi-system. Furthermore, the system was analyzed and tested. The results show the model is suitable and flexible to multi-tenant environment. |
PDF Full Text Request