Abstract
Accountability mechanisms, which rely on after-the-fact verification, are an attractive means to enforce authorization policies. In this paper, we describe an operational model of accountability-based distributed systems. We describe analyses which support both the design of accountability systems and the validation of auditors for finitary accountability systems. Our study provides formal foundations to explore the tradeoffs underlying the design of accountability systems including: the power of the auditor, the efficiency of the audit protocol, the requirements placed on the agents, and the requirements placed on the communication infrastructure.
Chapter PDF
Similar content being viewed by others
Keywords
- Session Initiation Protocol
- Communicate Sequential Process
- Accountability System
- Game Graph
- Authorization Policy
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M., Birrell, A., Wobber, T.: Access control in a world of software diversity. In: Proc. of the Tenth workshop on Hot Topics in Operating Systems (2005), http://www.usenix.org/events/hotos05/
Alur, R., Henzinger, T., Kupferman, O.: Alternating time temporal logic. Journal of ACM 49, 672–713 (2002)
Anagnostopoulos, A., Goodrich, M.T., Tamassia, R.: Persistent authenticated dictionaries and their applications. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 379–393. Springer, Heidelberg (2001)
Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., Shenker, S.: Accountable Internet Protocol (AIP). In: SIGCOMM, pp. 339–350. ACM Press, New York (2008)
Argyraki, K., Maniatis, P., Irzak, O., Shenker, S.: An accountability interface for the Internet. In: Proceedings of the 14th IEEE International Conference on Network Protocols (2007)
Barth, A., Mitchell, J.C., Datta, A., Sundaram, S.: Privacy and utility in business processes. In: CSF, pp. 279–294. IEEE Computer Society, Los Alamitos (2007)
Brookes, S.D., Hoare, C.A.R., Roscoe, A.W.: A theory of communicating sequential processes. J. ACM 31(3), 560–599 (1984)
Buldas, A., Laud, P., Lipmaa, H.: Accountable certificate management using undeniable attestations. In: ACM Conference on Computer and Communications Security, pp. 9–17 (2000)
Calandrino, J.A., Halderman, J.A., Felten, E.W.: Machine-assisted election auditing. In: EVT 2007: Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology, p. 9. USENIX Association (2007)
Cederquist, J.G., Corin, R., Dekker, M.A.C., Etalle, S., den Hartog, J.I.: An audit logic for accountability. In: POLICY, pp. 34–43. IEEE Computer Society Press, Los Alamitos (2005)
Cederquist, J.G., Corin, R., Dekker, M.A.C., Etalle, S., den Hartog, J.I., Lenzini, G.: Audit-based compliance control. Int. J. Inf. Sec. 6(2-3), 133–151 (2007)
Cirillo, A., Jagadeesan, R., Pitcher, C., Riely, J.: TAPIDO: Trust and authorization via provenance and integrity in distributed objects (extended abstract). In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 208–223. Springer, Heidelberg (2008)
Eriksén, S.: Designing for accountability. In: Proceedings of the second Nordic conference on Human-computer interaction, pp. 177–186 (2002)
Etalle, S., Winsborough, W.H.: A posteriori compliance control. In: SACMAT, pp. 11–20. ACM, New York (2007)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Computer Security Series. Artech House (2003)
Fournet, C., Gordon, A.D., Maffeis, S.: A type discipline for authorization policies. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 141–156. Springer, Heidelberg (2005)
Fournet, C., Guts, N., Nardelli, F.Z.: A formal implementation of value commitment. In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 383–397. Springer, Heidelberg (2008)
Friedman, B., Grudin, J.: Trust and accountability: preserving human values in interactional experience. In: CHI 1998: CHI 1998 conference summary on Human factors in computing systems, p. 213. ACM, New York (1998)
Haeberlen, A., Kouznetsov, P., Druschel, P.: PeerReview: practical accountability for distributed systems. In: Proceedings of 21st ACM SIGOPS symposium on Operating systems principles, pp. 175–188. ACM, New York (2007)
Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. In: CSFW, pp. 118–130 (2003)
Hennessy, M., Regan, T.: A process algebra for timed systems. Inf. Comput. 117(2), 221–239 (1995)
Lampson, B.W.: Computer security in the real world. IEEE Computer 37(6), 37–46 (2004)
Li, N., Mitchell, J.C.: A role-based trust-management framework. In: DISCEX (1), p. 201. IEEE Computer Society Press, Los Alamitos (2003)
Lynch, N.A.: Input/output automata: Basic, timed, hybrid, probabilistic, dynamic,.. In: Amadio, R.M., Lugiez, D. (eds.) CONCUR 2003. LNCS, vol. 2761, pp. 187–188. Springer, Heidelberg (2003)
Maniatis, P., Baker, M.: Secure history preservation through timeline entanglement. In: USENIX Security Symposium, pp. 297–312. USENIX (2002)
Schneider, F.B.: Enforceable security policies. Information and System Security 3(1), 30–50 (2000)
Vaughan, J.A., Jia, L., Mazurak, K., Zdancewic, S.: Evidence-based audit. In: CSF, pp. 177–191. IEEE Computer Society, Los Alamitos (2008)
Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Technical Report MIT-CSAIL-TR-2007-034, MIT (June 2007), http://hdl.handle.net/1721.1/37600
Yumerefendi, A.R., Chase, J.S.: Trust but verify: accountability for network services. In: EW11: Proceedings of the 11th workshop on ACM SIGOPS European workshop, p. 37. ACM, New York (2004)
Yumerefendi, A.R., Chase, J.S.: Strong accountability for network storage. Trans. Storage 3(3), 11 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jagadeesan, R., Jeffrey, A., Pitcher, C., Riely, J. (2009). Towards a Theory of Accountability and Audit. In: Backes, M., Ning, P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04444-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-04444-1_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04443-4
Online ISBN: 978-3-642-04444-1
eBook Packages: Computer ScienceComputer Science (R0)