The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

A distributed access control system for cloud federations

A distributed access control system for cloud federations
A distributed access control system for cloud federations
Cloud federations are a new collaboration paradigm where organizations share data across their private cloud infrastructures. However, the adoption of cloud federations is hindered by federated organizations’ concerns on potential risks of data leakage and data misuse. For cloud federations to be viable, federated organizations’ privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose a novel identity and access management system for cloud federations. The system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes to the federated organization owning data. The system also guarantees the integrity of the policy evaluation process by using blockchain technology and Intel SGX trusted hardware. It uses blockchain to ensure that users identity attributes and access control policies cannot be modified by a malicious user, while Intel SGX protects the integrity and confidentiality of the policy enforcement process. We present the access control protocol, the system architecture and discuss future extensions.
blockchain , access control , cloud federation, anonymous identities
IEEE
Alansari, Shorouq
fbdba25c-812c-4f54-bc85-b7d96bb291dc
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Alansari, Shorouq
fbdba25c-812c-4f54-bc85-b7d96bb291dc
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7

Alansari, Shorouq, Paci, Federica and Sassone, Vladimiro (2017) A distributed access control system for cloud federations. In ICDCS 2017: pROCEEDINGS, IEEE 37th International Conference on Distributed Computing Systems. IEEE. 6 pp . (doi:10.1109/ICDCS.2017.241).

Record type: Conference or Workshop Item (Paper)

Abstract

Cloud federations are a new collaboration paradigm where organizations share data across their private cloud infrastructures. However, the adoption of cloud federations is hindered by federated organizations’ concerns on potential risks of data leakage and data misuse. For cloud federations to be viable, federated organizations’ privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose a novel identity and access management system for cloud federations. The system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes to the federated organization owning data. The system also guarantees the integrity of the policy evaluation process by using blockchain technology and Intel SGX trusted hardware. It uses blockchain to ensure that users identity attributes and access control policies cannot be modified by a malicious user, while Intel SGX protects the integrity and confidentiality of the policy enforcement process. We present the access control protocol, the system architecture and discuss future extensions.

Text
ICDCS_2017_Short - Accepted Manuscript
Available under License University of Southampton Accepted Manuscript Licence.
Download (263kB)

More information

Accepted/In Press date: 17 March 2017
e-pub ahead of print date: 17 July 2017
Venue - Dates: IEEE 37th International Conference on Distributed Computing, , Atlanta, United States, 2017-06-05 - 2017-06-08
Keywords: blockchain , access control , cloud federation, anonymous identities
Organisations: Agents, Interactions & Complexity, Electronic & Software Systems
Learn more about Agents, Interactions & Complexity research Learn more about Cyber Physical Systems research

Identifiers

Local EPrints ID: 407345
URI: http://eprints.soton.ac.uk/id/eprint/407345
DOI: doi:10.1109/ICDCS.2017.241
PURE UUID: e270269f-87d5-4701-8d54-8964a4aeb1cf
ORCID for Shorouq Alansari: ORCID iD orcid.org/0000-0003-0461-7019
ORCID for Federica Paci: ORCID iD orcid.org/0000-0003-3122-0236
ORCID for Vladimiro Sassone: ORCID iD orcid.org/0000-0002-6432-1482

Catalogue record

Date deposited: 04 Apr 2017 01:03
Last modified: 10 Sep 2024 01:40

Export record

Altmetrics

Contributors

Author: Shorouq Alansari ORCID iD
Author: Federica Paci ORCID iD
Author: Vladimiro Sassone ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×