Usage Control in Cloud Federations

Cloud Federation is a promising approach to enhance cross-cloud application execution. Nevertheless, such approach emphasizes open challenges in Cloud Computing, such as revoking long-lasting authorization on resources as soon as conditions granting the access right are no longer valid. To tackle this kind of issues, we built a prototype of Cloud Federation that leverages the concept of Usage Control (UCON), by continuously monitoring and reassessing the users right on resources. We exploited an extension of the XACML standard and measured the overhead caused by different security policies and distributions of requests. Results suggest that the UCON model can be effectively applied in Cloud Federations and its performance is sustainable when applied to the relevant actions of the lifecycle of applications.