SECURITY CONTEXT MANAGEMENT IN MULTI-TENANT ENVIRONMENTS
First Claim
1. A computer-readable storage device having stored thereon computer-executable instructions, that when executed on at least one processor, cause the at least one processor to perform a process comprising:
- generating security context data based on a security context provided by a tenant, to be transmitted through a multi-tenant computational environment;
wrapping the security context data with a protection layer that prevents an ability to access the security context data by devices external to a trusted service of the multi-tenant computational environment;
double-wrapping the security context data with a second protection layer that prevents un-authorized tenants of the trusted service from using the security context data; and
transmitting the double-wrapped security context data to the trusted service.
2 Assignments
0 Petitions
Accused Products
Abstract
Examples of the present disclosure describe security context enforcement in a multi-tenant environment. Security context data may be transmitted through an un-secure multi-tenant computational environment. The security context data is secured by protection layers that restrict untrusted resources from running tenant applications and restrict the ability of unauthorized tenants to access context information associated with a tenant. Data may be received and evaluated at a component of a multi-tenant environment. If the component is a trusted component and the security context data indicates that the tenant is authorized to execute an application using a specified context, the component may run a tenant application in a context associated with the security context data.
-
Citations
20 Claims
-
1. A computer-readable storage device having stored thereon computer-executable instructions, that when executed on at least one processor, cause the at least one processor to perform a process comprising:
-
generating security context data based on a security context provided by a tenant, to be transmitted through a multi-tenant computational environment; wrapping the security context data with a protection layer that prevents an ability to access the security context data by devices external to a trusted service of the multi-tenant computational environment; double-wrapping the security context data with a second protection layer that prevents un-authorized tenants of the trusted service from using the security context data; and transmitting the double-wrapped security context data to the trusted service. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method comprising:
-
receiving a request to access security context data by a tenant application of a multi-tenant computational environment; determining whether the tenant application is a component of a trusted service of the multi-tenant computational environment; in response to determining that the tenant application is the component of the trusted service, determining whether the tenant application is authorized to access the security context data; and in response to determining that the tenant application is authorized to access the security context data, executing the security context data in a context associated with the security context data. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system, comprising:
-
at least one processor; and a memory operatively connected with the at least one processor, wherein the memory stores thereon computer-executable instructions, that when executed on the at least one processor, cause the at least one processor to perform a process that comprises; receive security context data at a trusted component of a multi-tenant computational environment, determine whether to unseal a first protection layer of the security context data for a tenant component of the multi-tenant computational environment to access the security context data, wherein the first protection layer prevents an ability to access the security context data by devices and services external to a trusted service of the multi-tenant computational environment, and in response to determining to unseal the first protection layer, determine whether to unseal a second protection layer of the security context data to enable the tenant component to access the security context data, wherein the second protection layer prevents un-authorized tenant components of the trusted service from using the security context data, and in response to determining to unseal the second protection layer, launching a restricted service account for the tenant component to execute the security context data, wherein the restricted service account is restricted to privilege only for processing defined by the security context data. - View Dependent Claims (17, 18, 19, 20)
-
Specification