SignedQuery: Protecting Users Data in Multi-tenant SaaS Environments

Software-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. Several research studies reported that security and privacy are cited as the biggest concerns in adopting cloud computing. In multi-tenant SaaS applications, the tenants become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure. Consequently, several questions raise, such as, how to ensure that tenant's data are only available to authenticated users? How to prohibit a tenant from accessing other's data? To address these concerns, we present SignedQuery, a mechanism designed to facilitate the process of securing data stored on the cloud. SignedQuery ensures data confidentiality by preventing any tenant from accidentally or maliciously accessing other tenants' data without breaking the functionality of the application. SignedQuery utilizes the usage of a signature to sign the tenant's request, so the server can recognize the requesting tenant and ensure that the data to be accessed is belonging to this tenant. SignedQuery intercepts the HTTP request objects at the tenant's internal network, create the signature and attach it to the request headers, then send the request to the SaaS provider where the signature is validated. We have successfully tested SignedQuery against OrangeHRM. The results showed that our approach is feasible, and incur a negligible overhead.