Usage Control on Cloud systems

•Design of a framework regulating Cloud resource usage based on Usage Control model.•Continuous enforcement of policies and revocation of running accesses.•Integration of the proposed framework within OpenNebula.•A working implementation of the proposed framework has been developed.•A set of experiments has been performed to evaluate the performance of our framework.

Cloud Computing is becoming increasingly popular because of its peculiarities, such as the availability on demand of (a large amount of) resources, even for a long time. For this reason, Cloud Computing represents a good solution for those companies that want to outsource part of their software processes. However, Cloud Computing introduces new security and management challenges with respect to traditional systems exposed on the Internet. This paper presents an advanced authorization service based on the Usage Control model to regulate the usage of Cloud resources, focussing on IaaS services.Our framework addresses the issue of long lasting usage of resources, because it allows to define Usage Control policies which are continuously enforced while the access is in progress. In particular, our framework is able to interrupt the usage of such resources when the corresponding policy is not satisfied any more. In this paper, we present the architecture of the proposed framework describing the integration of a Usage Control based authorization service within one of the most popular software for running Cloud services: OpenNebula. Moreover, we describe the implementation of a prototype of the whole framework, along with some performance figures.