The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Privacy-preserving access control in cloud federations

Privacy-preserving access control in cloud federations
Privacy-preserving access control in cloud federations
A Cloud federation is a collaboration of organizations sharing data hosted on their private cloud infrastructures in order to exploit a common business opportunity. However, the adoption of cloud federations is hindered by member organizations’ concerns on sharing their data with potentially competing organizations. For cloud federations to be viable, federated organizations’ privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose the architecture of a novel identity and access management system part of FaaS, a cloud federation service developed by the H2020 SUNFISH project. Our system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes in clear. The architecture relies on two novel technologies, blockchain and Intel SGX hardware platform to guarantee integrity of the policy evaluation process.
Blockchain, Access control, Anonymous identities, Cloud federation
2159-6190
757-760
IEEE
Alansari, Shorouq
fbdba25c-812c-4f54-bc85-b7d96bb291dc
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Margheri, Andrea
4b87c32d-3eaf-445e-8ac0-8207daace2e1
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Alansari, Shorouq
fbdba25c-812c-4f54-bc85-b7d96bb291dc
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Margheri, Andrea
4b87c32d-3eaf-445e-8ac0-8207daace2e1
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7

Alansari, Shorouq, Paci, Federica, Margheri, Andrea and Sassone, Vladimiro (2017) Privacy-preserving access control in cloud federations. In 2017 IEEE 10th International Conference on Cloud Computing (CLOUD). IEEE. pp. 757-760 . (doi:10.1109/CLOUD.2017.108).

Record type: Conference or Workshop Item (Paper)

Abstract

A Cloud federation is a collaboration of organizations sharing data hosted on their private cloud infrastructures in order to exploit a common business opportunity. However, the adoption of cloud federations is hindered by member organizations’ concerns on sharing their data with potentially competing organizations. For cloud federations to be viable, federated organizations’ privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose the architecture of a novel identity and access management system part of FaaS, a cloud federation service developed by the H2020 SUNFISH project. Our system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes in clear. The architecture relies on two novel technologies, blockchain and Intel SGX hardware platform to guarantee integrity of the policy evaluation process.

Text
IEEE Cloud 17 - Accepted Manuscript
Available under License Creative Commons Attribution.
Download (210kB)

More information

Accepted/In Press date: 27 April 2017
e-pub ahead of print date: June 2017
Published date: 11 September 2017
Venue - Dates: IEEE International Conference on Cloud Computing 2017, , Honolulu, United States, 2017-06-25 - 2017-06-30
Keywords: Blockchain, Access control, Anonymous identities, Cloud federation
Organisations: Electronics & Computer Science, Electronic & Software Systems
Learn more about Cyber Physical Systems research Learn more about Electronics & Computer Science research

Identifiers

Local EPrints ID: 408112
URI: http://eprints.soton.ac.uk/id/eprint/408112
DOI: doi:10.1109/CLOUD.2017.108
ISSN: 2159-6190
PURE UUID: 6ce06c87-a23a-4b33-b975-0b1627aa60d3
ORCID for Shorouq Alansari: ORCID iD orcid.org/0000-0003-0461-7019
ORCID for Federica Paci: ORCID iD orcid.org/0000-0003-3122-0236
ORCID for Andrea Margheri: ORCID iD orcid.org/0000-0002-5048-8070
ORCID for Vladimiro Sassone: ORCID iD orcid.org/0000-0002-6432-1482

Catalogue record

Date deposited: 12 May 2017 04:03
Last modified: 10 Sep 2024 01:40

Export record

Altmetrics

Contributors

Author: Shorouq Alansari ORCID iD
Author: Federica Paci ORCID iD
Author: Andrea Margheri ORCID iD
Author: Vladimiro Sassone ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×