A authentication and access authorization mechanism on the PaaS platform

EasyChair Preprint no. 1380

8 pagesDate: August 9, 2019


 With the development of cloud computing and Docker technology, the continuous delivery technology has matured. The PaaS platform system provides agile development and good scalability for multi-tenancy. At the same time, the security of the system becomes a key factor for the sustainable development of the system. PaaS can customize different identity authentication and access control for different tenant that uses different services. By comparing the research of identity authentication in the traditional environment, this paper analyzes the limitations and shortcomings of its use under the PaaS platform to multi-tenant and focuses on the characteristics of multi-tenant sharing service on PaaS platform. Firstly, the identity authentication is realized through the ticket authentication method. Then, based on the cloud computing environment and the resource dynamics under multi-tenancy, the timeliness of cloud resources and other factors, from the perspective of user service session access control, based on RABC and UCON model ,the user, authority, resources and control are proposed. The access control method described by the metadata is used to ensure the security of the user's access to the cloud resources in the PaaS environment. The paper elaborates on the security and usability of the key generation, distribution, update, and metadata access control processes. Practice shows that the PaaS environment based on the proposed unified authentication and metadata access control can effectively protect the dynamic access control and security isolation of different services for different tenants. At the same time, according to the built cloud resource access control model, cloud resource access control systems with permission separation, user attribute and cloud resource attribute constraints, lease time constraints, usage rate control can be flexibly constructed. 

Keyphrases: Authentication, Authorization, Metadata-Driven, PaaS

