Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method to protect customer content in a cloud against access by application administrators

IP.com Disclosure Number: IPCOM000247181D
Publication Date: 2016-Aug-12
Document File: 2 page(s) / 21K

Publishing Venue

The IP.com Prior Art Database

Abstract

Hosted software solutions (SaaS - software as a service) are often used to manage customer data. Most of the times it is unavoidable that a third party that is hosting the data will have the technical ability to read all data that is hosted, but must not access the data for any other purpose than managing the cloud infrastructure. This article describes one way to implement this with a traditional hierarchical access control system

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Method to protect customer content in a cloud against access by application administrators

Hosted software solutions (SaaS - software as a service) are often used to manage customer data. Often this data is vital business data for the customer, and for obvious reasons, that customer wants to make sure that the data remains private. Most of the times it is unavoidable that a third party hosting the data will have read permission for the data that is hosted, but must not use the data for any other purpose than managing the cloud infrastructure (manage database, create backups, etc.).

Frequently, access permissions are granted based on a hierarchical access control system. If there is an administrator with global and general permission is located at the top of this hierarchy, there is no way to limit the permissions for this administrator without changing the access control system. So, if the hosted software provides an administrative GUI that is integrated into the overall GUI of the solution, then a new conflict is created. The administrators of the solution need to have super-user access in order to manage the solution, but at the same time should not be allowed to read any content that is owned by the customer.

To resolve this conflict, it must be ensured that administrators are not able to view (read access) any confidential customer data. System administrators in a software solution typically have permission to execute any available task, or at least assign the permission to do so. Even if the view access could be removed, because of their super-user status it would be possible for them to re-assign those permission back. To avoid presenting content to them that they have to host, but should not be able to see, another method needs to be designed.

The core idea of this approach is to not change the underlying access control system, but to install a rendering filter which blocks the rendering of a page, if the current user is the system administrator, and the page to be is not identified on a

whitelist. That is, system administrators are not able to view any...