Technical Field
This disclosure relates generally to securing information in a cloud computing or other shared deployment environment wherein disparate parties share Information Technology (IT) resources.
Background of the Related Art
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. Cloud computing can significantly reduce IT costs and complexities while improving workload optimization and service delivery. Cloud compute resources are typically housed in large server farms that run networked applications, typically using a virtualized architecture wherein applications run inside virtual servers, or so-called “virtual machines” (VMs), that are mapped onto physical servers in a data center facility. The virtual machines typically run on top of a hypervisor, which is a control program that allocates physical resources to the virtual machines. The different components may run on different subdomains in different physical cages in different data centers in different parts of the world, all running on different hardware with different proxy/gateway/session management capabilities and different back-end technologies.
Multiple entities (or “tenants”) share the infrastructure. With this approach, a tenant's application instance is hosted and made available “as-a-service” from Internet-based resources that are accessible, e.g., through a conventional Web browser over HTTP. A cloud compute environment, such as IBM SmartCloud® for Social Business (formerly known as LotusLive®), presents to the user as a single unified experience; in operation, the end user logs-in once against a centralized authentication component, and then transparently signs-on (e.g., via SAML (Security Assertion Markup Language)-based authentication and authorization techniques) into different components of the service.
Multi-tenant, collaborative SaaS (Software-As-A-Service) systems such as IBM SmartCloud® for Social Business often provide a number of different interfaces for customers. These might include: proprietary protocol-based installed end-user applications, browser-based end-user applications, mobile device servers (e.g., IBM Lotus Traveler Server) within the SaaS environment, mobile device servers outside the SaaS environment and typically used for individual customers, commercial third party products used by customers to access the SaaS system and hosted by customers, and customer applications accessing the SaaS system. This large variety of “accessors” to the cloud infrastructure complicates the service provider's ability to track usage within its shared infrastructure. Indeed, even within the “known” applications provider by the SaaS provider, there may be many sub-modes of usage. For example, routine end-user access patterns might differ substantially from actions taken by those applications to synchronize or replicate data to enable off-line usage of the application. Also, bugs occurring (e.g., especially in server-based accessors) may result in unintentional denial-of-service attacks on cloud resources, thereby inhibiting or undermining legitimate utilization of cloud resources.
Another important consideration in such a shared multi-tenant environment is the consideration that some accessor patterns may be allowed only if an explicit commercial arrangement has been made with the cloud service provider (to use the applicable cloud resources). In the collaborative software market, there are thousands of third party add-on products that can be used with an application hosted in the cloud as-a-service. In some case companies moving to the SaaS model may require and be able to contract for the continuing use of those products; in many cases, those products may be providing a service for hundreds of thousands of downstream end-users, thereby requiring substantial resources from the SaaS vendor.
Although accessors in SaaS environments typically are known and registered entities (i.e., entities that have contracted for the service and whose identities are known to the service), quasi-anonymous access (e.g., self-service trials) may also allow usage by intentional abusers.
A denial-of-service attack in a shared tenant infrastructure such as described can have serious consequences. It may prevent legitimate users and usage of the service from continuing with acceptable response time and transaction throughput rates. Such attacks can lead to rejection of service for legitimate users and thereby create business-impacting support situations.
There remains a need in the art to provide denial-of-service attack prevention or mitigation in a shared, multi-tenant SaaS environment.