Building Safe PaaS Clouds: a Survey on Security in Multitenant Software Platforms

Luis Rodero-Merino 1 Luis M. Vaquero 2 Eddy Caron 1 Frédéric Desprez 1 Adrian Muresan 1
1 AVALON - Algorithms and Software Architectures for Distributed and HPC Platforms
Inria Grenoble - Rhône-Alpes, LIP - Laboratoire de l'Informatique du Parallélisme
2 HP Labs - Hewlett Packard Research Labs
Abstract : This paper surveys the risks brought by multitenancy in software platforms, along with the most prominent solutions proposed to address them. A multitenant platform hosts and executes software from several users (tenants). The platform must ensure that no malicious or faulty code from any tenant can interfere with the normal execution of other users' code or with the platform itself. This security requirement is specially relevant in Platform-as-a-Service (PaaS) clouds. PaaS clouds offer an execution environment based on some software platform. Unless PaaS systems are deemed as safe environments users will be reluctant to trust them to run any relevant application. This requires to take into account how multitenancy is handled by the software platform used as the basis of the PaaS offer. This survey focuses on two technologies that are or will be the platform-of-choice in many PaaS clouds: Java and .NET. We describe the security mechanisms they provide, study their limitations as multitenant platforms and analyze the research works that try to solve those limitations. We include in this analysis some standard container technologies (such as Enterprise Java Beans) that can be used to standardize the hosting environment of PaaS clouds. Also we include a brief discussion of Operating Systems (OSs) traditional security capacities and why OSs are unlikely to be chosen as the basis of PaaS offers. Finally, we describe some research initiatives that reinforce security by monitoring the execution of untrusted code, whose results can be of interest in multitenant systems.
Keywords : NET Security Cloud PaaS Multitenancy Container Java .NET
Document type :
Journal articles
Complete list of metadatas
https://hal.inria.fr/hal-00854655
Contributor : Frédéric Desprez <>
Submitted on : Tuesday, August 27, 2013 - 5:33:19 PM
Last modification on : Thursday, March 7, 2019 - 12:04:03 PM

Identifiers

Collections

INRIA | LIP | ENS-LYON | PRIMES_WP5 | PRIMES | UNIV-LYON1

Citation

Luis Rodero-Merino, Luis M. Vaquero, Eddy Caron, Frédéric Desprez, Adrian Muresan. Building Safe PaaS Clouds: a Survey on Security in Multitenant Software Platforms. Computers and Security, Elsevier, 2012, 31 (1), pp.96-108. ⟨10.1016/j.cose.2011.10.006⟩. ⟨hal-00854655⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Record views

419

Contact


archive-ouverte@inria.fr