A privacy preserving authorization system for the cloud

David Chadwick, Kaniz Fatema

Research output: Contribution to journalArticlepeer-review


In this paper we describe a policy based authorisation infrastructure that a cloud provider can run as an infrastructure service for its users. It will protect the privacy of usersʼ data by allowing the users to set their own privacy policies, and then enforcing them so that no unauthorised access is allowed to their data. The infrastructure ensures that the usersʼ privacy policies are stuck to their data, so that access will always be controlled by the policies even if the data is transferred between cloud providers or services. This infrastructure also ensures the enforcement of privacy policies which may be written in different policy languages by multiple authorities such as: legal, data subject, data issuer and data controller. A conflict resolution strategy is presented which resolves conflicts among the decisions returned by the different policy decision points (PDPs). The performance figures are presented which show that the system performs well and that each additional PDP only imposes a small overhead.
Original languageEnglish
Pages (from-to)1359–1373
JournalJournal of Computer and System Sciences
Issue number5
Publication statusPublished - Sep 2012


Dive into the research topics of 'A privacy preserving authorization system for the cloud'. Together they form a unique fingerprint.

Cite this