The University of Southampton
University of Southampton Institutional Repository

A distributed access control system for cloud federations

A distributed access control system for cloud federations
A distributed access control system for cloud federations
Cloud federations are a new collaboration paradigm where organizations share data across their private cloud infrastructures. However, the adoption of cloud federations is hindered by federated organizations’ concerns on potential risks of data leakage and data misuse. For cloud federations to be viable, federated organizations’ privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose a novel identity and access management system for cloud federations. The system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes to the federated organization owning data. The system also guarantees the integrity of the policy evaluation process by using blockchain technology and Intel SGX trusted hardware. It uses blockchain to ensure that users identity attributes and access control policies cannot be modified by a malicious user, while Intel SGX protects the integrity and confidentiality of the policy enforcement process. We present the access control protocol, the system architecture and discuss future extensions.
blockchain , access control , cloud federation, anonymous identities
Alansari, Shorouq
fbdba25c-812c-4f54-bc85-b7d96bb291dc
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Alansari, Shorouq
fbdba25c-812c-4f54-bc85-b7d96bb291dc
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7

Alansari, Shorouq, Paci, Federica and Sassone, Vladimiro (2017) A distributed access control system for cloud federations At IEEE International Conference on Distributed Computing, Atlanta, United States. 05 - 08 Jun 2017. 6 pp.

Record type: Conference or Workshop Item (Paper)

Abstract

Cloud federations are a new collaboration paradigm where organizations share data across their private cloud infrastructures. However, the adoption of cloud federations is hindered by federated organizations’ concerns on potential risks of data leakage and data misuse. For cloud federations to be viable, federated organizations’ privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose a novel identity and access management system for cloud federations. The system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes to the federated organization owning data. The system also guarantees the integrity of the policy evaluation process by using blockchain technology and Intel SGX trusted hardware. It uses blockchain to ensure that users identity attributes and access control policies cannot be modified by a malicious user, while Intel SGX protects the integrity and confidentiality of the policy enforcement process. We present the access control protocol, the system architecture and discuss future extensions.

Text ICDCS_2017_Short - Accepted Manuscript
Download (263kB)

More information

Accepted/In Press date: 17 March 2017
Venue - Dates: IEEE International Conference on Distributed Computing, Atlanta, United States, 2017-06-05 - 2017-06-08
Keywords: blockchain , access control , cloud federation, anonymous identities
Organisations: Agents, Interactions & Complexity, Electronic & Software Systems

Identifiers

Local EPrints ID: 407345
URI: http://eprints.soton.ac.uk/id/eprint/407345
PURE UUID: e270269f-87d5-4701-8d54-8964a4aeb1cf
ORCID for Shorouq Alansari: ORCID iD orcid.org/0000-0003-0461-7019

Catalogue record

Date deposited: 04 Apr 2017 01:03
Last modified: 13 Sep 2017 16:31

Export record

Contributors

Author: Shorouq Alansari ORCID iD
Author: Federica Paci
Author: Vladimiro Sassone

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×