With the development of cloud computing, data sharing and collaboration have become increasing among cloud‐oriented organizations. In addition to trivial management work, data providers face many difficulties in managing access control policies in cloud data sharing, to prevent permission abuse and information leakage. This article mainly answers the following question: is it possible to achieve verifiably secure inter‐cloud data sharing? This article proposes an inter‐cloud data sharing (ICDS) approach based on ciphertext‐policy attribute‐based encryption (CP‐ABE) to ensure the security of ICDS. The security properties that ICDS holds are formally verified, where the information flow rules are defined and used in the verification. The information flow of the proposed ICDS is firstly modeled by use of high‐level Petri nets (HLPN) formally, then being represented in Z language, and at last the security properties of ICDS are verified by the Z3 solver. The formal analysis proves that the ICDS holds the security properties of confidentiality, authenticity, and collusion‐resistance.