SecPlace: A Security-Aware Placement Model for Multi-tenant SaaS Environments

Software-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. In multi-tenant SaaS applications, the tenants (i.e., Companies) become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure (i.e., Databases). Consequently, two main questions raise. First, how to prohibit a tenant from accessing other´s data? Second, how to avoid the security threats from co-located competing tenants? In this paper, we address the second question. We present Sec Place, a resource allocation model designed to increase the level of security for tenants sharing the same infrastructure. Sec Place avoids hosting competing companies on the same database instance. We minimize the risk of co-resident tenants by preventing any two tenants of the same business type to be hosted on the same database server. Sec Place utilizes the usage of tenant subscription data, such as business type and tenant size and place the tenant accordingly. We conduct extensive experiments to validate our approach. The results show that our approach is practical, achieves its goal, and have a moderate complexity.