Towards a formal model of accountability

We propose a focus on accountability as a mechanism for ensuring security in information systems. To that end, we present a formal definition of it accountability in information systems. Our definition is more general and potentially more widely applicable than the accountability notions that have previously appeared in the security literature. In particular, we treat in a unified manner scenarios in which accountability is enforced automatically and those in which enforcement must be mediated by an authority; similarly, our formalism includes scenarios in which the parties who are held accountable can remain anonymous and those in which they must be identified by the authorities to whom they are accountable. Essential elements of our formalism include event traces and it utility functions and the use of these to define punishment and related notions.

[1]  Butler W. Lampson Privacy and securityUsable security , 2009, Commun. ACM.

[2]  Bryan Ford,et al.  Dissent: accountable anonymous group messaging , 2010, CCS '10.

[3]  R. Grant,et al.  Accountability and Abuses of Power in World Politics , 2005, American Political Science Review.

[4]  Richard Mulgan,et al.  Holding Power to Account , 2003 .

[5]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[6]  William Vickrey,et al.  Counterspeculation, Auctions, And Competitive Sealed Tenders , 1961 .

[7]  Butler W. Lampson,et al.  Usable Security: How to Get It , 2009 .

[8]  Sean W. Smith,et al.  Blacklistable anonymous credentials: blocking misbehaving users without ttps , 2007, CCS '07.

[9]  Richard Mulgan,et al.  Holding Power to Account: Accountability in Modern Democracies , 2003 .

[10]  Jan Camenisch,et al.  Endorsed E-Cash , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[11]  Joseph Y. Halpern,et al.  Causes and explanations: A structural-model approach , 2000 .

[12]  H. Nissenbaum Accountability in a computerized society , 1997 .

[13]  James A. Hendler,et al.  Accountability and Deterrence in Online Life (Extended Abstract) , 2011 .

[14]  Jerry L. Mashaw,et al.  Structuring a "Dense Complexity": Accountability and the Project of Administrative Law , 2005 .

[15]  Joseph Y. Halpern Defaults and Normality in Causal Structures , 2008, KR.

[16]  Lawrence C. Paulson,et al.  Accountability protocols: Formalized and verified , 2006, TSEC.

[17]  Nick Feamster,et al.  Accountable internet protocol (aip) , 2008, SIGCOMM '08.

[18]  Radha Jagadeesan,et al.  Towards a Theory of Accountability and Audit , 2009, ESORICS.

[19]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[20]  Ralf Küsters,et al.  Accountability: definition and relationship to verifiability , 2010, CCS '10.

[21]  James A. Hendler,et al.  Information accountability , 2008, CACM.

[22]  Joseph Y. Halpern,et al.  Causes and Explanations: A Structural-Model Approach. Part I: Causes , 2000, The British Journal for the Philosophy of Science.