Abstract Accountability Language

  • Walid Benghabrit
  • Hervé Grall
  • Jean-Claude Royer
  • Mohamed Sellami
  • Karin Bernsmed
  • Anderson Santana De Oliveira
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 430)

Abstract

Accountability becomes a necessary principle for future computer systems. This is specially critical for the cloud and Web applications that collect personal and sensitive data from end users. Accountability regards the responsibility and liability for the data handling performed by a computer system on behalf of an organization. In case of misconduct (e.g. security breaches, personal data leaks, etc.), accountability should imply remediation and redress actions. Contrary to data privacy and access control, which is already supported by several concrete languages, there is currently no language supporting accountability clauses representation. In this work, we provide an abstract language for accountability clauses representation with temporal logic semantics.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008)CrossRefGoogle Scholar
  2. 2.
    DeYoung, H., Garg, D., Jia, L., Kaynar, D., Datta, A.: Experiences in the logical specification of the HIPAA and GLBA privacy laws. In: WPES 2010, pp. 73–82 (2010)Google Scholar
  3. 3.
    Le Métayer, D.: A formal privacy management framework. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 162–176. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Piolle, G., Demazeau, Y.: Representing privacy regulations with deontico-temporal operators. Web Intelligence and Agent Systems 9(3), 209–226 (2011)Google Scholar
  5. 5.
    Etalle, S., Winsborough, W.H.: A posteriori compliance control. In: Lotz, V., Thuraisingham, B.M. (eds.) SACMAT 2007, pp. 11–20. ACM (2007)Google Scholar
  6. 6.
    Jagadeesan, R., Jeffrey, A., Pitcher, C., Riely, J.: Towards a theory of accountability and audit. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 152–167. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Feigenbaum, J., Jaggard, A.D., Wright, R.N.: Towards a formal model of accountability. In: NSPW, pp. 45–56. ACM (2011)Google Scholar
  8. 8.
    Zou, J., Wang, Y., Lin, K.-J.: A formal service contract model for accountable saas and cloud services. In: SCC 2010, pp. 73–80 (2010)Google Scholar
  9. 9.
    Benghabrit, W., Grall, H., Royer, J.-C., Sellami, M., Önen, M., Oliveira, A.S.D., Bernsmed, K.: A cloud accountability obligations representation framework. In: CLOSER (2014)Google Scholar
  10. 10.
    Feigenbaum, J., Jaggard, A.D., Wright, R.N., Xiao, H.: Systematizing ”accountability” in computer science. Technical Report TR-1452, University of Yale (2012)Google Scholar
  11. 11.
    Vaughan, J.A., Jia, L., Mazurak, K., Zdancewic, S.: Evidence-based audit. In: IEEE 25th Computer Security Foundations Symposium, pp. 177–191 (2008)Google Scholar
  12. 12.
    Fisher, M.: Temporal representation and reasoning. In: Handbook of Knowledge Representation, pp. 513–550. Elsevier, Amsterdam (2008)CrossRefGoogle Scholar
  13. 13.
    Hodkinson, I.M., Wolter, F., Zakharyaschev, M.: Decidable fragment of first-order temporal logics. Ann. Pure Appl. Logic 106(1-3), 85–134 (2000)CrossRefMATHMathSciNetGoogle Scholar
  14. 14.
    Bernsmed, K., Felici, M., Oliveira, A.S.D., Sendor, J., Moe, N.B., Rübsamen, T., Tountopoulos, V., Hasnain, B.: Use case descriptions. Deliverable, A4Cloud (2013)Google Scholar
  15. 15.
    Benghabrit, W., Grall, H., Royer, J.-C., Sellami, M.: Accountability for Abstract Component Design. In: EUROMICRO DSD/SEAA 2014, Verona, Italy (August 2014)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Walid Benghabrit
    • 1
  • Hervé Grall
    • 1
  • Jean-Claude Royer
    • 1
  • Mohamed Sellami
    • 1
  • Karin Bernsmed
    • 2
  • Anderson Santana De Oliveira
    • 3
  1. 1.Mines NantesNantesFrance
  2. 2.SINTEF ICTTrondheimNorway
  3. 3.SAP Labs FranceMougins Sophia AntipolisFrance

Personalised recommendations