In recent years, an increasing number of providers have been offering the ability to create computing environments in the cloud. For example, in 2006, Amazon Web Services™ (also known as AWS) launched a service that provides users with the ability to configure an entire environment tailored to an application executed over a cloud-computing platform. In general, such services allow for developing scalable applications in which computing resources are utilized to support efficient execution of the application.
Organizations and businesses that develop, provide, or otherwise maintain cloud-based applications have become accustomed to relying on these services and implementing various types of environments, from complex websites to applications and services provided via software-as-a-service (SaaS) delivery model. Such services and applications are collectively referred to as “cloud-based applications.” Cloud-based applications are typically accessed by users using a client device via a web browser.
Cloud-based applications are typically programmed to support multi-tenancy access or resource sharing. A multi-tenancy is an architecture in which a single instance of a software application (e.g., a cloud-application) serves multiple customers. A customer is a tenant. Tenants may customize some resources of the application, such as color of the user interface (UI) or business rules, but they cannot customize the application's code.
As such, some resources of a cloud-based application are shared. One resource that is frequently shared is a database. That is, internal database tables are shared across all or some of the tenants utilizing services provided by the application.
The multi-tenancy architecture as utilized by cloud-based applications is vulnerable, as cross-tenant information can be shared among tenants either accidentally or maliciously. That is, a client of one tenant may be granted access to information stored in the shared database that belongs to a different tenant. Thus, one of the common vulnerabilities associated with such an architecture is data leakage.
As greater reliance is made on cloud-based applications, the access to such applications from a web browser must be completely secured. For example, a banking application should be secured to prevent any data leakage between tenants.
Existing solutions for defense of resources of cloud-based applications are limited to protecting the infrastructure. For example, security solutions, such as intrusion detection, access controls, and network firewalls may block access to the shared-resource (e.g., database) from clients that do not belong to any tenant permissible to access the database. However, such solutions are incapable of blocking cross-tenant access, as all tenants are permitted access to the shared resource.
One solution for cross-tenant isolation when accessing a database is based on either a physical or logical separation of data stored in the database. The physical separation requires using different physical databases (hosted on different servers or virtual machines), each of which is allocated for a specific tenant. The logical separation requires maintaining data of different tenants in different tables within the database.
Both physical and logical separation solutions are not scalable and efficient, because as the number of tenants grows, more computing resources are required. Specifically, for some tenants, the amount of stored data is minimal, while the overhead of maintaining a separate table or database is too high. Thus, such solutions are not optimized to provide good performance, particularly for higher numbers of tenants. Further, the physical and logical separation solutions are also vulnerable as access controls are typically not strictly enforced by the tenant. For example, a user from a first tenant can access a table of a second tenant simply by designating table's name of a second tenant. This can be achieved by, for example, an SQL injection. Using this type of attack, a user (or hacker) can inject a code to override any identifier (e.g., table ID or tenant ID) utilized for the logical separation, and thus access data of any tenant in the database.
It would therefore be advantageous to provide a solution that would overcome the deficiencies noted above by preventing data leakage vulnerabilities in cloud-based applications supporting multi-tenancy.