Programs as Actual Causes: A Building Block for Accountability

Protocols for tasks such as authentication, electronic voting, and secure multiparty computation ensure desirable security properties if agents follow their prescribed programs. However, if some agents deviate from their prescribed programs and a security property is violated, it is important to hold agents accountable by determining which deviations actually caused the violation. Motivated by these applications, we initiate a formal study of programs as actual causes. Specifically, we define what it means for a set of programs to be an actual cause of a violation when they are run concurrently with a set of other programs. Our definitions are inspired by prior work on counterfactual-based actual causation [14, 16] that defines what it means for an event c to be an actual cause of an event e. Considering programs instead of events as actual causes is appropriate in security settings because individual agents can exercise their choice to either execute the prescribed program or deviate from it. We present a sound technique for establishing programs as actual causes. We demonstrate the value of this approach by providing a causal analysis of a representative protocol designed to address weaknesses in the current public key certification infrastructure. Specifically, we analyze causes of authentication failures of a protocol that leverages a set of notaries to address concerns about trust-on-first-use of self-signed certificates.

[1]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[2]  Ralf Küsters,et al.  Accountability: definition and relationship to verifiability , 2010, CCS '10.

[3]  Joseph Y. Halpern,et al.  Causes and explanations: A structural-model approach , 2000 .

[4]  R. W. Wright,et al.  Causation in Tort Law , 1985 .

[5]  James A. Hendler,et al.  Accountability and deterrence in online life , 2011, WebSci '11.

[6]  Joan Feigenbaum,et al.  Towards a formal model of accountability , 2011, NSPW '11.

[7]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[8]  James A. Hendler,et al.  Information accountability , 2008, CACM.

[9]  Joseph Y. Halpern Defaults and Normality in Causal Structures , 2008, KR.

[10]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[11]  John C. Mitchell,et al.  Privacy and Utility in Business Processes , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[12]  J. Pearl Causality: Models, Reasoning and Inference , 2000 .

[13]  John C. Mitchell,et al.  A derivation system and compositional logic for security protocols , 2005, J. Comput. Secur..

[14]  Dilsun Kirli Kaynar,et al.  Compositional System Security with Interface-Confined Adversaries , 2010, MFPS.

[15]  Claire Drucker Flight , 1985 .

[16]  Carl M. Ellison,et al.  Ceremony Design and Analysis , 2007, IACR Cryptol. ePrint Arch..

[17]  M. Hartmann Causation And Responsibility An Essay In Law Morals And Metaphysics , 2016 .

[18]  Joseph Y. Halpern,et al.  Causes and Explanations: A Structural-Model Approach. Part I: Causes , 2000, The British Journal for the Philosophy of Science.

[19]  J. Mackie,et al.  I . CAUSES AND CONDITIONS , 2008 .

[20]  T. Weir Causation in the Law . By H. L. A. Hart and Honoré Tony. [Oxford: Clarendon Press. Second Edition. 1985. lxxxi, 497 and (Bibliography and Index) 18 pp. Hardback £2500, paperback £14·50 net.] , 1985, The Cambridge Law Journal.

[21]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[22]  John C. Mitchell,et al.  Compositional analysis of contract-signing protocols , 2006, Theor. Comput. Sci..

[23]  Radha Jagadeesan,et al.  Towards a Theory of Accountability and Audit , 2009, ESORICS.

[24]  Insup Lee,et al.  Contract-based blame assignment by trace analysis , 2013, HiCoNS '13.

[25]  Franz von Kutschera,et al.  Causation , 1993, J. Philos. Log..

[26]  Butler W. Lampson,et al.  31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[27]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[28]  H. Nissenbaum Accountability in a computerized society , 1997 .

[29]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[30]  Lem Geva,et al.  Principles of European tort law: text and commentary , 2016 .

[31]  T. Troward Causes and conditions. , 1919 .

[32]  Jean-Baptiste Raclet,et al.  Causality Analysis in Contract Violation , 2010, RV.

[33]  Ned Hall,et al.  Causation and counterfactuals , 2004 .

[34]  David Hume,et al.  An enquiry concerning human understanding and other writings , 2007 .

[35]  David C. Parkes,et al.  Practical secrecy-preserving, verifiably correct and trustworthy auctions , 2006, ICEC '06.