Abstract-This paper deals with the problem of continuous usage control of multiple copies of data objects in distributed systems. This work defines an architecture, a set of workflows, a set of policies and an implementation for the distributed enforcement. The policies, besides including access and usage rules, also specify the parties that will be involved in the decision process. Indeed, the enforcement requires collaboration of several entities because the access decision might be evaluated on one site, enforced on another, and the attributes needed for the policy evaluation might be stored in many distributed locations.
Cloud Federation is a promising approach to enhance cross-cloud application execution. Nevertheless, such approach emphasizes open challenges in Cloud Computing, such as revoking long-lasting authorization on resources as soon as conditions granting the access right are no longer valid. To tackle this kind of issues, we built a prototype of Cloud Federation that leverages the concept of Usage Control (UCON), by continuously monitoring and reassessing the users right on resources. We exploited an extension of the XACML standard and measured the overhead caused by different security policies and distributions of requests. Results suggest that the UCON model can be effectively applied in Cloud Federations and its performance is sustainable when applied to the relevant actions of the lifecycle of applications.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.