Research And Implementation Of Multi-tenant Isolation And Data Security Based On PaaS Platform

With the continuous development of cloud computing technology,PaaS(Platform as a Service)is a model of cloud computing that provides multi-tenant-oriented services,and provides application development test environments and development tools in the form of interfaces.Tenants,concealing the operating system and hardware information,provide great help for developers' development and operation and maintenance.However,PaaS platforms face huge security threats while bringing convenience to people,mainly including information leakage,illegally authorized access,and cross-tenant unauthorized access.In response to these risks,the current security mechanism of the PaaS platform also has problems and deficiencies in tenant isolation that affect normal business performance,traditional access control models have single authorization methods,difficult cross-domain authorization,and extensive control granularity.Therefore,this article focuses on Research on the multi-tenant index isolation and access control model construction of the PaaS platform.The main research work is as follows:(1)A multi-tenant isolation index mechanism is proposed.For the multi-tenant index mechanism,the problems of mutual interference of indexes,wasting of storage space,chaos of data storage in wide tables.This article manages tenant data and indexes,and constructs index mapping functions to map index data to specified locations of wide tables uniformly.It achieves the isolation of tenant data and ensures the orderliness of data storage.Compared with the traditional Piovt indexing mechanism,the query performance is significantly improved.(2)A multi-tenant access control model of PaaS is constructed,namely FMT-ARBAC model.Aiming at the complexity of multi-tenant heterogeneous system authentication,data security,and the decentralization and management complexity of multi-tenant security mechanisms on the PaaS platform,this paper constructs an access control model FMT-ARBAC.The model is based on the multi-tenant trust mechanism.It constructs a two-way trust value calculation system and dynamically divides the trust level to dynamically adjust user permissions.A permission level tree inter-domain mapping method is implemented to implement inter-tenant inter-operation.Introduce the FMT-ARBAC model,the trust mechanism of multi-domain mutual access,the access control process and algorithm,etc.,combining the advantages of the RBAC and ABAC models,and fully consider the characteristics of multi-tenancy,dynamics and cross-domain access of the PaaS platform.Open resources are dimensions,and establish access control lists of resource attributes,operation methods,and environmental attributes.Practice has proved that this access control model can effectively protect different services and securely isolate different tenants.(3)In order to verify the effectiveness of the proposed algorithm,a set of PaaS platform for integrated information security services is designed and implemented.The tenant isolation is realized from the two levels of bottom-level resource isolation and software isolation.The overall architecture and functional modularization of the platform are designed in detail.The implementation method of the PaaS platform API gateway and multi-tenant index data table is given.In addition,the FMT-ARBAC model is implemented using XCAML language.Finally,the multi-tenant isolation index mechanism and FMT-ARBAC access control model are compared to verify their functionality and performance.The multi-tenant index model realizes the isolation of the multi-tenant index,and the query time can be saved by at least 50%.The FMT-ARBAC access control model implements multi-tenant fine-grained access control,reducing the time of access control from O(N*M)to O(M+Y);The two-way trust system plays a role of security protection for tenants' cross-domain access control process,and has certain application reference value.