Cloud Computing is becoming increasingly popular because of its peculiarities, such as the availability on demandof (a large amount of) resources, even for a long time. For this reason, Cloud Computing represents a good solutionfor those companies that want to outsource part of their software processes. However, Cloud Computing introducesnew security and management challenges with respect to traditional systems exposed on the Internet. This paperpresents an advanced authorization service based on the Usage Control model to regulate the usage of Cloud resources,focussing on IaaS services.Our framework addresses the issue of long lasting usage of resources, because it allows to define Usage Controlpolicies which are continuously enforced while the access is in progress. In particular, our framework is able tointerrupt the usage of such resources when the corresponding policy is not satisfied any more. In this paper, wepresent the architecture of the proposed framework describing the integration of a Usage Control based authorizationservice within one of the most popular software for running Cloud services: OpenNebula. Moreover, we describe theimplementation of a prototype of the whole framework, along with some performance figures.
Usage Control on Cloud systems
D D'Arenzo;A Lazouski;F Martinelli;P Mori
2016
Abstract
Cloud Computing is becoming increasingly popular because of its peculiarities, such as the availability on demandof (a large amount of) resources, even for a long time. For this reason, Cloud Computing represents a good solutionfor those companies that want to outsource part of their software processes. However, Cloud Computing introducesnew security and management challenges with respect to traditional systems exposed on the Internet. This paperpresents an advanced authorization service based on the Usage Control model to regulate the usage of Cloud resources,focussing on IaaS services.Our framework addresses the issue of long lasting usage of resources, because it allows to define Usage Controlpolicies which are continuously enforced while the access is in progress. In particular, our framework is able tointerrupt the usage of such resources when the corresponding policy is not satisfied any more. In this paper, wepresent the architecture of the proposed framework describing the integration of a Usage Control based authorizationservice within one of the most popular software for running Cloud services: OpenNebula. Moreover, we describe theimplementation of a prototype of the whole framework, along with some performance figures.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
