Security and permission architecture in a multi-tenant computing system

A multi-tenant, computing environment technology, applied in computer security devices, computing, transmission systems, etc., to solve problems such as increased security problems

Active Publication Date: 2017-08-29
MICROSOFT TECH LICENSING LLC
View PDF8 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Security concerns may be exacerbated when the service provider provides multi-tenant services on a multi-country basis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security and permission architecture in a multi-tenant computing system
  • Security and permission architecture in a multi-tenant computing system
  • Security and permission architecture in a multi-tenant computing system

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0126] Example 1 is a machine in a multi-tenant computing system, including:

[0127] A collection of local policies that map commands to isolation levels in a multi-tenant computing system;

[0128] an authentication worker component that receives a workflow from a remote user identifying a request command to be executed on the machine using the remote management client system, accesses the local policy to identify a corresponding isolation level, and Execute commands in the execution environment of the isolation level; and

[0129] A processor activated by an authentication worker component and facilitating accessing said local policy and executing said commands.

example 2

[0130] Example 2 is a machine in any or all of the previous examples in a multi-tenant computing environment, where the authentication worker component includes:

[0131] An isolation level identifier component that, based on the requested command, accesses the set of local policies to identify a corresponding isolation level that maps to the requested command.

example 3

[0132] Example 3 is a machine in any or all of the previous examples in a multi-tenant computing environment, where the authentication worker component includes:

[0133] an execution environment generator that receives the identified isolation level and generates an execution environment with the identified isolation level on the machine.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

Description

Background technique [0001] Computer systems are currently in widespread use. Some such computer systems are deployed in multi-tenant environments, where a multi-tenant service provides services to multiple different tenants. Each tenant can correspond to a separate organization. [0002] The level of service provided by a multi-tenant system can vary widely. For example, they can range from Infrastructure as a Service (IaaS), where items of the infrastructure are managed by the service provider and all other items are managed by individual tenants, to Software as a Service (SaaS), where Even the applications used by the tenants are run and managed by the service provider. [0003] Such systems may present difficulties regarding security. Every organization served by a service provider expects the service provider to have sufficient access to the organization's data to enable the service provider to provide adequate services. However, the organization also wishes to provi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/30H04L29/06
CPCG06F21/305H04L63/102H04L63/105H04L41/28H04L41/18H04L41/5096H04L63/083H04L63/20
Inventor L·朱A·梅农何光辉王嘉惠N·希普N·沃伊库曾毅Y·K·黄R·达尼D·赫瑟林顿刘肇安G·阿克罗伊德
Owner MICROSOFT TECH LICENSING LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap