Design And Implementation Of SaaS Platform Access Control System

With the high-speed development of Internet,the enterprise informationization is becoming more and more quickly.While for small and medium enterprises,the development and maintenance cost in their own enterprise information application solutions is high.Since the management system has the similarity for the small and medium-sized enterprises in the same industry,through business abstraction,we can build a set of industry share of the business management system,which is a SaaS(Software as a Service Software as a Service)mode.SaaS will be released Software products in the form of services on the Internet.Enterprises use the Service in the form of rental Service,which is a new kind of Shared services business model.With the advent of SaaS,it is slowly changing the traditional Software services.Based on considerations of the cost of SaaS and convenience,many Software Service providers have seen the broad prospect of applying the SaaS model,and used SaaS,which makes the cloud services richer,and the Service scenario more and more diverse.More and more enterprises choose such a low cost and efficient way to build their own information management system,through the way of renting service,the enterprise can obtain the right of using the service,and each user can access the service by using the Internet.SaaS provides the service to enterprises,hosting service as well as hosting the enterprise data.However,data is stored in the cloud,which makes the data security problem a major concern for small and medium-size enterprise while choosing SaaS.How to solve this problem has become a problem for many SaaS platform operators.Through analyzing the current situation of SaaS platform as well as the shortcomings of traditional access control system in a cloud environment,this thesis proposes a dynamic and fine-grained access control model to deal with the dynamic changes of cloud environment and the requirement of complex business scenarios to access control.The main work is as follows.(1)This thesis presents the background and significance of the research on cloud platform access control system through the introduction of SaaS platform and the description of cloud security,analyses the problems in the traditional access control system under the SaaS platform and performs the demand analysis of the system.(2)This thesis proposes an overall solution of access control system for SaaS platform and introduces a unified identity authentication system,dynamic access control model and a fine-grained access control model based on business rules.The control of the users by the user login,authorization,authentication and access to service can protect the safety of the enterprise data,improve tenant customization capabilities and enhance the flexibility of the SaaS platform.(3)This thesis analyzes three key technologies.First of all,we use the entropy-weightmethod to calculate user-behavior trust evaluation value based on the value assigned to the users permissions,so as to implement the dynamic trusted authorization of service.Secondly,to implement dynamic authentication and ensure the security of the platform,the system dynamically adjusts the access control strategy by monitoring user behavior and perceiving the environment changes.Thirdly,we propose a fine-grained access control model based on business rules.Enterprises can customize business access rules to implement the fine-grained control of the data,so as to enhance the flexibility of SaaS platform and customizability of access rules.(4)We design and implement the SaaS platform access control system,which contains the SaaS platform multi-tenant access control system,unified identity authentication center,the rules engine,and so on.