Skip to main content

Three Branches of Accountability

  • Chapter
  • First Online:
Protocols, Strands, and Logic

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13066))

  • 575 Accesses


Security protocols usually describe how honest agents behave, and one proves some security goals to hold even in the presence of an intruder who just does whatever he is capable of where cryptography alone does not provide sufficient protection, accountability can help as a deterrent for the intruder, because his actions may be detected and he could be punished. The novelty of this work is to model actually all three branches of government that are relevant here. First, instead of protocols we have a legal system that defines which actions are legal. Second, we have the police that may detect some crimes and collect evidence. Third, we have a justice system that evaluates evidence, can subpoena participants, and finally may convict players. The broad definition of a legal system allows us to avoid defining all protocols that honest participants may engage in. Rather we describe players (no matter if honest or dishonest) who may do anything that is legal and who can do anything except breaking the cryptography.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others


  1. 1.

    In fact, for properties \(\phi \) one must choose a language with a formal semantics, in particular formalizing implication from \(\phi '\) to \(\phi \), and this implication must be efficiently decidable. An simple example could be attribute value pairs with selective disclosure and comparison of attributes, e.g. “at least 66.6 years of age”.

  2. 2.

    One could make additional clauses that define it to be illegal, if A does not know \(\mathsf {inv}( PK ')\), but it would put a legal requirement on A never to lose old keys (and if A is using here a key that is already legally bound to somebody else, then A is already punishable according to §2). Further one could define it as illegal if A here asks for a \(\phi \) that is not implied by \(\phi '\). However, since every broker is obliged by §6 to check that, this is not necessary. In fact, one may argue that it could be counter-productive if it were illegal to ask for attestation of properties one does not have; a server could rely on the fact they are “off the hook” once a user asks for a wrong property.

  3. 3.

    In general, one could model transactions that represent the behavior of more than one player performed collaboratively. This then needs to be decoupled according to the choices each player makes.

  4. 4.

    Note that our legal system does not even regulate how the exchange between a player and a broker to obtain a credential is organized: this may be transmitted over a TLS channel or even clear text, either way can be done in a legal way.


  1. Alhadeff, J., Van Alsenoy, B., Dumortier, J.: The accountability principle in data protection regulation: origin, development and future directions. In: Guagnin, D., Hempel, L., Ilten, C., Kroener, I., Neyland, D., Postigo, H. (eds.) Managing Privacy through Accountability, pp. 49–82. Palgrave Macmillan UK, London (2012).

    Chapter  Google Scholar 

  2. Basin, D., Caronni, G., Ereth, S., Harvan, M., Klaedtke, F., Mantel, H.: Scalable offline monitoring. In: Bonakdarpour, B., Smolka, S.A. (eds.) RV 2014. LNCS, vol. 8734, pp. 31–47. Springer, Cham (2014).

    Chapter  Google Scholar 

  3. Bella, G., Paulson, L.C.: Accountability protocols: formalized and verified. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(2), 138–161 (2006)

    Article  Google Scholar 

  4. Bruni, A., Giustolisi, R., Schürmann, C.: Automated analysis of accountability. In: Nguyen, P.Q., Zhou, J. (eds.) ISC 2017. vol. 10599, pp. 417–434. Springer, Cham (2017).

  5. Cavoukian, A., Taylor, S., Abrams, M.E.: Privacy by design: essential for organizational accountability and strong business practices. Identity Inf. Soc. 3(2), 405–413 (2010)

    Article  Google Scholar 

  6. Cederquist, J., Conn, R., Dekker, M., Etalle, S., Den Hartog, J.: An audit logic for accountability. In: Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), pp. 34–43. IEEE (2005)

    Google Scholar 

  7. Corin, R., Etalle, S., den Hartog, J., Lenzini, G., Staicu, I.: A logic for auditing accountability in decentralized systems. In: Dimitrakos, T., Martinelli, F. (eds.) Formal Aspects in Security and Trust. IIFIP, vol. 173, pp. 187–201. Springer, Boston (2005).

    Chapter  Google Scholar 

  8. Falcone, Y., Krstić, S., Reger, G., Traytel, D.: A taxonomy for classifying runtime verification tools. Int. J. Softw. Tools Technol. Transfer 23(2), 255–284 (2021).

    Article  Google Scholar 

  9. Feigenbaum, J., Jaggard, A.D., Wright, R.N.: Towards a formal model of accountability. In: Proceedings of the 2011 New security paradigms workshop, pp. 45–56 (2011)

    Google Scholar 

  10. Graf, M., Küsters, R., Rausch, D.: Accountability in a permissioned blockchain: Formal analysis of hyperledger fabric. In: EuroS&P, IEEE (2020)

    Google Scholar 

  11. Kanovich, M., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C., Perovic, R.: A rewriting framework and logic for activities subject to regulations. Math. Struct. Comput. Sci. 27(3), 332–375 (2017)

    Article  MathSciNet  Google Scholar 

  12. Künnemann, R., Garg, D., Backes, M.: Accountability in the decentralised-adversary setting. In: 2021 IEEE 34th Computer Security Foundations Symposium (CSF), pp. 95–110. IEEE Computer Society (2021)

    Google Scholar 

  13. Küsters, R., Truderung, T., Vogt, A.: Accountability: definition and relationship to verifiability. In: Proceedings of the 17th ACM conference on Computer and Communications Security, pp. 526–535 (2010)

    Google Scholar 

  14. Lampson, B.: Privacy and security usable security: how to get it. Commun. ACM 52(11), 25–27 (2009)

    Article  Google Scholar 

  15. Popp, W.: Workflow-aware access control and accountability in IoT workflows, master Thesis, Uni Passau (2020)

    Google Scholar 

  16. Schneider, J., Basin, D., Brix, F., Krstić, S., Traytel, D.: Scalable online first-order monitoring. Int. J. Softw. Tools Technol. Transfer 23(2), 185–208 (2021).

    Article  MATH  Google Scholar 

  17. Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008)

    Article  Google Scholar 

Download references


This paper was inspired by discussions with Omar Almousa, Bud Brügger, and Max Tuengerthal. This work has been supported by the EU H2020-SU-ICT-03-2018 Project No. 830929 CyberSec4Europe (

Author information

Authors and Affiliations


Corresponding author

Correspondence to Sebastian Mödersheim .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Mödersheim, S., Cuellar, J. (2021). Three Branches of Accountability. In: Dougherty, D., Meseguer, J., Mödersheim, S.A., Rowe, P. (eds) Protocols, Strands, and Logic. Lecture Notes in Computer Science(), vol 13066. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-91630-5

  • Online ISBN: 978-3-030-91631-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics