Enhancing security in ETSI open source MANO with usage control capability

In this paper, we present and discuss the extension to the Open Source MANO software framework with advanced authorization capabilities able to enhance the security support in terms of preservation of virtual resources and slices integrity in a dynamic context of users, services and resources. The proposed extension consists of a Usage Control system integrated with different OSM subsystems (i.e., lifecycle management, service front-end, and monitoring components) able to enhance the traditional authorization operations with on-going usage control on established slices and virtual resources by continuously reconsidering the granting of resources in light of mutable attribute of users, resources and environment (e.g., presence of viruses, setup of weak passwords). We provide a description of the ongoing integration with the Open Source MANO software. We also discuss the main issues we addressed in the software integration process and how the Open Source MANO could further evolve to fully encompass a security support with Usage Control.