Research On Security Mechanism Of Open Platform Of SaaS Service Model

With the development of cloud computing,open services have become the development trend of Internet software.Service providers provide services to third-party applications in the form of opening APIs through open platforms.While providing services for third-party applications,service providers also promote their own business development and achieve mutual benefit.As an emerging software service model,the SaaS service model promotes the development of the SaaS service ecosystem through an open platform.Since the open platform needs to provide APIs to third-party applications,a great challenge is posed to the security and stability of the open platform.Firstly,for the third-party applications,calling API services through open platforms requires authentication and fine-grained access control;Secondly,the open platform provides API calls to different third-party applications.When the call concurrency of external applications exceeds the platform's own load capacity,all applications will be unable to access to open platform services properly;Finally,in order to facilitate callers and open platform maintenance personnel to view call records and operational status of open platform,it is necessary to provide corresponding monitoring services for third-party callers and open platform maintenance personnel.Based on the security challenges existing in the current open platforms,this thesis conducts in-depth research on the security mechanisms of open platforms from the aspects of access control,authorization authentication,service current limiting and fusing,and service monitoring.Aiming at the access control problem,a tenant-based access control model is proposed to ensure the caller's legal access to open resources.Moreover,the security problem of using the Oauth2.0 protocol client mode in the authentication process is improved.By using AES encryption and HMAC,abstract to transmit private information,the leakage of private information is efficiently avoided.The token bucket algorithm based on Redis and Lua script is designed to control the traffic of the open platform.The Hystrix-based fault protection mechanism is adopted to realize the fault tolerance and self-protection of the platform,so as to guarantee the stability of open platform.According to the actual needs during the open platform usage and maintenance process,the open platform API call record monitoring is designed,and Zabbix is used to monitor the running status of the open platform.Finally,the proposed security mechanism is practiced and analyzed on an open platform of SaaS service based on electronic signature.It is concluded that these mechanisms improve the security and stability of the open platform.