Security context management in multi-tenant environments

US 9,967,319 B2
Filed: 10/07/2014
Issued: 05/08/2018
Est. Priority Date: 10/07/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a tenant component of a multi-tenant computational environment, a request to access security context data by a tenant application of a tenant in the multi-tenant computational environment;

unsealing a first protection layer of the security context data based on a determination that the tenant component is part of a trusted service of the multi-tenant computational environment;

unsealing a second protection layer of the security context data based on a determination that the tenant application is authorized to access the security context data; and

executing the tenant application in a context defined by the security context data based on the determination that the tenant application is authorized to access the security context data, wherein the executing of the tenant application further comprises launching a provisioned service account for the tenant application to execute operations associated with the security context data, and wherein the provisioned service account has restricted privilege as compared to an account of a tenant.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples of the present disclosure describe security context enforcement in a multi-tenant environment. Security context data may be transmitted through an un-secure multi-tenant computational environment. The security context data is secured by protection layers that restrict untrusted resources from running tenant applications and restrict the ability of unauthorized tenants to access context information associated with a tenant. Data may be received and evaluated at a component of a multi-tenant environment. If the component is a trusted component and the security context data indicates that the tenant is authorized to execute an application using a specified context, the component may run a tenant application in a context associated with the security context data.

Citations

19 Claims

1. A computer-implemented method comprising:
- receiving, by a tenant component of a multi-tenant computational environment, a request to access security context data by a tenant application of a tenant in the multi-tenant computational environment;
  
  unsealing a first protection layer of the security context data based on a determination that the tenant component is part of a trusted service of the multi-tenant computational environment;
  
  unsealing a second protection layer of the security context data based on a determination that the tenant application is authorized to access the security context data; and
  
  executing the tenant application in a context defined by the security context data based on the determination that the tenant application is authorized to access the security context data, wherein the executing of the tenant application further comprises launching a provisioned service account for the tenant application to execute operations associated with the security context data, and wherein the provisioned service account has restricted privilege as compared to an account of a tenant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, further comprising implementing the trusted service to evaluate the security context data of the tenant application, and restricting the provisioned service account to have only privileges consistent with the context defined in the security context data.
  - 3. The method according to claim 1, further comprising storing the security context data to a trusted source of secrets of the trusted service, wherein the trusted source of secrets is un-accessible by the tenant application.
  - 4. The method according to claim 3, wherein the trusted source of secrets is a trusted platform module.
  - 5. The method according to claim 3, wherein the tenant component provides an indication to the trusted source of secrets that the tenant component is a trusted component of the trusted service.
  - 6. The method according to claim 1, further comprising:
    - creating a secure communication channel between the trusted service and the tenant application, wherein the secure communication channel is launched using a service account of the tenant of the multi-tenant computation environment to enable the trusted component to pass the security context data to the tenant application at run time.
  - 7. The method according to claim 1, further comprising:
    - monitoring intrusion attempts to detect unauthorized access to the security context data.
  - 8. The method according to claim 1, wherein the unsealing of the second protection layer further comprises comparing a registration identification of the tenant application and a stored registration identification of the tenant application to determine whether the tenant application is authorized to-access the security context data.
  - 9. The method according to claim 1, wherein the unsealing of the second layer further comprises unsealing the security context data using a private key.
  - 10. The method according to claim 1, wherein the security context data is at least one of a token, a certificate, and credentials.

11. A system, comprising:
- at least one processor; and
  
  a memory operatively connected with the at least one processor, wherein the memory stores thereon computer-executable instructions, that when executed on the at least one processor, cause the at least one processor to;
  
  receive security context data at a trusted component of a multi-tenant computational environment;
  
  determine whether to unseal a first protection layer of the security context data for a tenant component of the multi-tenant computational environment to access the security context data, wherein the first protection layer prevents an ability to access the security context data by devices and services external to a trusted service of the multi-tenant computational environment;
  
  in response to determining to unseal the first protection layer, determine whether to unseal a second protection layer of the security context data to enable the tenant component to execute an application in a context associated with the security context data, wherein the second protection layer prevents un-authorized tenant components of the trusted service from executing the application in the context of the security context data; and
  
  in response to determining to unseal the second protection layer, launching a restricted service account for the tenant component to execute the application in the context of the security context data, wherein the restricted service account has restricted privilege as compared to an account of a tenant.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system according to claim 11, wherein the multi-tenant computational environment is a cloud-computing environment.
  - 13. The system according to claim 11, wherein the system accesses a trusted platform module to receive the security context data, and wherein the trusted platform module provides the security context data to the system through a secure communication channel launched after unsealing the first protection layer and the second protection layer.
  - 14. The system according to claim 11, wherein a determination as to whether to unseal the second protection layer further comprises implementing the trusted service to evaluate the security context data of the tenant component.
  - 15. The system according to claim 14, wherein the trusted service compares a registration identification of the tenant component that is provided with security context data and a registration identification of the tenant component that is stored by the trusted service in order to determine whether the tenant component is authorized to access the security context data.

16. A computer-readable storage medium having computer-executable instructions thereupon that, when executed by a computer, cause the computer to perform a set of operations comprising:
- receiving, by a tenant component of a multi-tenant computational environment, a request to access security context data by a tenant application of a tenant in the multi-tenant computational environment;
  
  unsealing a first protection layer of the security context data based on a determination that the tenant component is part of a trusted service of the multi-tenant computational environment;
  
  unsealing a second protection layer of the security context data based on a determination that the tenant application is authorized to access the security context data; and
  
  executing the tenant application in a context defined by the security context data based on the determination that the tenant application is authorized to access the security context data, wherein the executing of the tenant application further comprises launching a provisioned service account for the tenant application to execute operations associated with the security context data, and wherein the provisioned service account has restricted privilege as compared to an account of a tenant.
- View Dependent Claims (17, 18, 19)
- - 17. The computer-readable storage media of claim 16, wherein the set of operations further comprises:
    - implementing the trusted service to evaluate the security context data of the tenant application, and restricting the provisioned service account to have only privileges consistent with the context defined in the security context data.
  - 18. The computer-readable storage media of claim 16, wherein the set of operations further comprises:
    - creating a secure communication channel between the trusted service and the tenant application, wherein the secure communication channel is launched using a service account of the tenant of the multi-tenant computation environment to enable the trusted component to pass the security context data to the tenant application at run time.
  - 19. The computer-readable storage media of claim 16, wherein the unsealing of the second layer further comprises unsealing the security context data using a private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Savelieva, Alexandra, Usman, Mohammad, Eshner, Daniel, Ginige, Nuwan
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US14/508,193
Publication Number

US 20160099915A1
Time in Patent Office

1,309 Days
Field of Search

726 15, 726 23
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0478   applying multiple layers of...

H04L 67/10   in which an application is ...

Security context management in multi-tenant environments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Security context management in multi-tenant environments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links