The University of Southampton
University of Southampton Institutional Repository

Privacy-preserving access control in cloud federations

Privacy-preserving access control in cloud federations
Privacy-preserving access control in cloud federations
A Cloud federation is a collaboration of organizations sharing data hosted on their private cloud infrastructures in order to exploit a common business opportunity. However, the adoption of cloud federations is hindered by member organizations’ concerns on sharing their data with potentially competing organizations. For cloud federations to be viable, federated organizations’ privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose the architecture of a novel identity and access management system part of FaaS, a cloud federation service developed by the H2020 SUNFISH project. Our system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes in clear. The architecture relies on two novel technologies, blockchain and Intel SGX hardware platform to guarantee integrity of the policy evaluation process.
Blockchain, Access control, Anonymous identities, Cloud federation
Alansari, Shorouq
fbdba25c-812c-4f54-bc85-b7d96bb291dc
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Margheri, Andrea
4b87c32d-3eaf-445e-8ac0-8207daace2e1
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Alansari, Shorouq
fbdba25c-812c-4f54-bc85-b7d96bb291dc
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Margheri, Andrea
4b87c32d-3eaf-445e-8ac0-8207daace2e1
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7

Alansari, Shorouq, Paci, Federica, Margheri, Andrea and Sassone, Vladimiro (2017) Privacy-preserving access control in cloud federations At IEEE International Conference on Cloud Computing 2017, Honolulu, United States. 25 - 30 Jun 2017. 4 pp.

Record type: Conference or Workshop Item (Paper)

Abstract

A Cloud federation is a collaboration of organizations sharing data hosted on their private cloud infrastructures in order to exploit a common business opportunity. However, the adoption of cloud federations is hindered by member organizations’ concerns on sharing their data with potentially competing organizations. For cloud federations to be viable, federated organizations’ privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose the architecture of a novel identity and access management system part of FaaS, a cloud federation service developed by the H2020 SUNFISH project. Our system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes in clear. The architecture relies on two novel technologies, blockchain and Intel SGX hardware platform to guarantee integrity of the policy evaluation process.

Text IEEE_Cloud_17 - Accepted Manuscript
Download (210kB)

More information

Accepted/In Press date: 27 April 2017
Venue - Dates: IEEE International Conference on Cloud Computing 2017, Honolulu, United States, 2017-06-25 - 2017-06-30
Keywords: Blockchain, Access control, Anonymous identities, Cloud federation
Organisations: Electronics & Computer Science, Electronic & Software Systems

Identifiers

Local EPrints ID: 408112
URI: http://eprints.soton.ac.uk/id/eprint/408112
PURE UUID: 6ce06c87-a23a-4b33-b975-0b1627aa60d3
ORCID for Shorouq Alansari: ORCID iD orcid.org/0000-0003-0461-7019
ORCID for Andrea Margheri: ORCID iD orcid.org/0000-0002-5048-8070

Catalogue record

Date deposited: 12 May 2017 04:03
Last modified: 13 Sep 2017 16:31

Export record

Contributors

Author: Shorouq Alansari ORCID iD
Author: Federica Paci
Author: Andrea Margheri ORCID iD
Author: Vladimiro Sassone

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×