In this paper we address how to achieve cryptography based accountability and service invocation control in a multicloud architecture. The detection and prevention of failures for a composed service is complicated because service composition spans multiple service providers from different and independent clouds for inter-cloud collaborations. Our system supports strong accountability in which any failure or misbehavior can always be identified and associated with responsible (or guilty) entity(s) because cryptographic proofs are collected during dynamic service composing. These proofs can also be applied to service invocation control. Compared with previous work, the proposed framework does not rely on any on-line or in-line trust third party. Implementation and experimental results are presented that demonstrate the feasibility of the proposed scheme.