Research And Implemention Of RBAC Model In SaaS System

Software as a Service(SaaS) concept has been widely accepted in the industry, and therefore everyone undoubtedly pays attention on the security of SaaS applications. Access control is an important component in the system security. Role-based access control model(RBAC) can be applied to the system which has more users and can manage different privilege levels, so it is widely recognized as an effective problem in solving competence management methods. This thesis focus on multi-tenant environments, multi-application system integration of access control systems along the idea in recent years of the development of cloud computing, analyze the new requirements under the new situation, put forward new ideas and methods to solve new problems.This thesis reviews the current access control mode in which the use of enterprise information management, mainly discretionary access control methods, mandatory access control methods and role-based access control method, while these methods of analysis and comparison, the role-based access control model is the most appropriate view of the model. Based on this review of the role-based access control in a few of the more important RBAC model to find out the pros and cons of various models.SaaS for centralized and distributed a combination of the way they operate, as well as enterprise information integration in the SaaS new features, new requirements, the thesis design of SaaS-based access control model. Traditional administrators are divided to the corresponding system administrators and operators corresponding tenants administrators, system administrators are responsible for the maintenance of the operating platform to develop competence and conduct audits to tenants, tenant administrators are responsible for managing the internal affairs of the tenants, ultra vires management in order to solve the problem of the operator. Proposed the concept of platform interoperability between different platforms is not visible, while the role of expanding the role of the child, and each child role corresponds to a unique role and a unique platform, users, permissions, and so are no longer assigned to the role, but the assignment to the child role. Thus, data isolation between the tenants can be assured. The advantages of this model are reflected in: Tenant data integrity cannot be affected by the operator, the guarantee of consistent role organizational relationship between different operating systems and different roles, and the prevention of naming conflicts between tenants.The main workload of this thesis is: propose an extended RBAC-based control model RBAC SaaS like NIST RBAC, and discusses the model from five aspects: License, platforms and sub-roles, management sub roles, inheritance relationship roles and subroles, separation of duties constraints characteristics of the model; built a prototype system based on RBAC SaaS access control model, describes the data structure of the prototype system, the main process and the main algorithm; Test the operational capacity of RBAC SaaS model instantiated as a prototype system, using the actual application scenarios test model and performance, the prototype system is applied in the real cloud platform.