The University of Southampton
University of Southampton Institutional Repository

Privacy-preserving access control in cloud federations

Alansari, Shorouq, Paci, Federica, Margheri, Andrea and Sassone, Vladimiro (2017) Privacy-preserving access control in cloud federations At IEEE International Conference on Cloud Computing 2017, Honolulu, United States. 25 - 30 Jun 2017. 4 pp.

Record type: Conference or Workshop Item (Paper)


A Cloud federation is a collaboration of organizations sharing data hosted on their private cloud infrastructures in order to exploit a common business opportunity. However, the adoption of cloud federations is hindered by member organizations’ concerns on sharing their data with potentially competing organizations. For cloud federations to be viable, federated organizations’ privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose the architecture of a novel identity and access management system part of FaaS, a cloud federation service developed by the H2020 SUNFISH project. Our system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes in clear. The architecture relies on two novel technologies, blockchain and Intel SGX hardware platform to guarantee integrity of the policy evaluation process.

Text IEEE_Cloud_17 - Accepted Manuscript
Download (210kB)

More information

Accepted/In Press date: 27 April 2017
Venue - Dates: IEEE International Conference on Cloud Computing 2017, Honolulu, United States, 2017-06-25 - 2017-06-30
Keywords: Blockchain, Access control, Anonymous identities, Cloud federation
Organisations: Electronics & Computer Science, Electronic & Software Systems


Local EPrints ID: 408112
PURE UUID: 6ce06c87-a23a-4b33-b975-0b1627aa60d3
ORCID for Shorouq Alansari: ORCID iD

Catalogue record

Date deposited: 12 May 2017 04:03
Last modified: 13 Sep 2017 16:31

Export record


Author: Shorouq Alansari ORCID iD
Author: Federica Paci
Author: Andrea Margheri
Author: Vladimiro Sassone

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton:

ePrints Soton supports OAI 2.0 with a base URL of

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.