BUILDING DATA SECURITY IN A NETWORKED COMPUTING ENVIRONMENT
First Claim
1. A computer-implemented method for building data security in a networked computing environment, comprising:
- partitioning a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers;
receiving a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer;
creating a trusted compartment for the customer responsive to an authentication of the cryptographic key;
receiving a data request from the customer and validating the data request using a sensitivity index;
processing the data request using a buffer pool frame and the private partition corresponding to the customer; and
creating an entry in a log corresponding to the customer pursuant to the processing.
2 Assignments
0 Petitions
Accused Products
Abstract
In general, embodiments of the present invention provide an approach for providing a multi-tenant/customer partition group separator and securer in a shared cloud infrastructure (e.g., as an extension to DB2®, Label-Based Access Control (LBAC), and/or an independent tool). Among other things, embodiments of the present invention provide cloud administrators with an easy to use customizable, configurable security constraint builder/tool with a built-in multi-tenant/customer enabled security model. Moreover, embodiments of the present invention enable cloud administrators to set up, configure, and manage tenants/customers and their private shards with their own security constraints. The output of this tool greatly eases the time to create an invisible (e.g., software) wall of separation for multiple tenants/customers in a shared cloud infrastructure.
75 Citations
22 Claims
-
1. A computer-implemented method for building data security in a networked computing environment, comprising:
-
partitioning a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers; receiving a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer; creating a trusted compartment for the customer responsive to an authentication of the cryptographic key; receiving a data request from the customer and validating the data request using a sensitivity index; processing the data request using a buffer pool frame and the private partition corresponding to the customer; and creating an entry in a log corresponding to the customer pursuant to the processing. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for building data security in a networked computing environment, comprising:
-
a memory medium comprising instructions; a bus coupled to the memory medium; and a processor coupled to the bus that when executing the instructions causes the system to; partition a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers; receive a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer; create a trusted compartment for the customer responsive to an authentication of the cryptographic key; receive a data request from the customer and validating the data request using a sensitivity index; process the data request using a buffer pool frame and the private partition corresponding to the customer; and create an entry in a log corresponding to the customer pursuant to the processing. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product for building data security in a networked computing environment, the computer program product comprising a computer readable storage media, and program instructions stored on the computer readable storage media, to:
-
partition a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers; receive a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer; create a trusted compartment for the customer responsive to an authentication of the cryptographic key; receive a data request from the customer and validating the data request using a sensitivity index; process the data request using a buffer pool frame and the private partition corresponding to the customer; and create an entry in a log corresponding to the customer pursuant to the processing. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method for deploying a system for building data security in a networked computing environment:
providing a computer infrastructure being operable to; partition a shared data source of the networked computing environment into a set of private partitions pertaining to a set of customers; receive a connection request for the shared data source from a customer of the set of customers, the connection request having a cryptographic key associated with the customer; create a trusted compartment for the customer responsive to an authentication of the cryptographic key; receive a data request from the customer and validating the data request using a sensitivity index; process the data request using a buffer pool frame and the private partition corresponding to the customer; and create an entry in a log corresponding to the customer pursuant to the processing.
Specification