Cloud　computing　is　the　next　generation　of　platform　over　which　information　and　services　can　be　offered　to　the　user　in　a　more　convenient　and　transparent　way.　On　the　other　hand,　however,　commercial　interests　will　cause　information　proliferation,　resulting　in　over-supply　of　useless　information　to　the　user　and　waste　of　precious　systems　and　network　resources.　The　problem　of　controlling　such　information　proliferation　has　thus　received　a　great　deal　of　interests　in　recent　years.　In　this　paper,　we　propose　an　access　control　model　for　negative　authorization　to　provide　the　user　with　the　ability　and　flexibility　of　specifying　the　objects　to　which　access　is　not　desired　through　the　means　of　negative　authorization.　The　main　contributions　of　this　paper　include:　(1)　the　concept　of　negative　authorization　in　access　control;　(2)　negative　authorization　rules;　and　(3)　specification　of　negative　authorizations　by　the　user.　With　the　ability　of　specifying　negative　authorization　by　the　user,　access　to　unwanted　information　and　services　offered　by　the　cloud　can　be　disabled　through　access　control.　Compared　to　filtering　mechanisms　that　block　unwanted　information　and　services,　negative　authorization　has　the　advantage　of　saving　precious　computation　and　network　resources　because　access　control　happens　prior　to　actual　access　while　filtering　takes　place　after　system　access　and　network　transmission.