A distributed access control system for cloud federations

Alansari, Shorouq, Paci, Federica and Sassone, Vladimiro (2017) A distributed access control system for cloud federations At IEEE International Conference on Distributed Computing, Atlanta, United States. 05 - 08 Jun 2017. 6 pp.


[img] PDF ICDCS_2017_Short - Accepted Manuscript
Available under License University of Southampton Accepted Manuscript Licence.

Download (263kB)


Cloud federations are a new collaboration paradigm where organizations share data across their private cloud infrastructures. However, the adoption of cloud federations is hindered by federated organizations’ concerns on potential risks of data leakage and data misuse. For cloud federations to be viable, federated organizations’ privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose a novel identity and access management system for cloud federations. The system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes to the federated organization owning data. The system also guarantees the integrity of the policy evaluation process by using blockchain technology and Intel SGX trusted hardware. It uses blockchain to ensure that users identity attributes and access control policies cannot be modified by a malicious user, while Intel SGX protects the integrity and confidentiality of the policy enforcement process. We present the access control protocol, the system architecture and discuss future extensions.

Item Type: Conference or Workshop Item (Paper)
Venue - Dates: IEEE International Conference on Distributed Computing, Atlanta, United States, 2017-06-05 - 2017-06-08
Keywords: blockchain , access control , cloud federation, anonymous identities
Organisations: Agents, Interactions & Complexity, Electronic & Software Systems
ePrint ID: 407345
Date :
Date Event
17 March 2017Accepted/In Press
Date Deposited: 04 Apr 2017 01:03
Last Modified: 09 Jun 2017 09:37
Further Information:Google Scholar
URI: http://eprints.soton.ac.uk/id/eprint/407345

Actions (login required)

View Item View Item