How can queues be made private/secure in RabbitMQ in a multitenancy system?

I have read the Get Started guide provided by RabbitMQ and have even contributed the sixth example to stormed-amqp, so I have an inkling of knowledge about AMQP.

However, the guide is not comprehensive and avoids things like authentication and authorization.

We're designing a multitenancy system that will use RabbitMQ in an RPC-type of situation. What is perhaps different about this implementation of RPC is that the remote procedures will actually be other tenant programs on the system.

Basically, I want to isolate the data buses, which includes the following assertions:

1. Our server will not deliver data to the wrong tenant program (this is handled easily and is relevant but not questioned).
2. Tenant programs are not be able to read data from queues that aren't theirs.
3. Tenant programs are not be able to write to queues that aren't theirs.

This question is strictly about RabbitMQ security. I know that RabbitMQ supports SSL, which provides end-to-end encryption, and I know RabbitMQ supports username/password authentication. I don't know if these things apply to privatizing queue usage (aka ACL), i.e. the connection may be encrypted, and the user may be verified, but the user can read to / write from all the queues.

Can anybody enlighten me on this more advanced topic? I'm confident that RabbitMQ can support this sort of system but not exactly positive. I know there are things in RabbitMQ that I just don't know about, e.g. what are vhosts and will they help in this situation? I just don't see the solution in my current knowledge limited to routing keys, queue names and exchanges.