Advertisement

How Accountability is Implemented and Understood in Research Tools

A Systematic Mapping Study
  • Severin KaciankaEmail author
  • Kristian Beckers
  • Florian Kelbert
  • Prachi Kumari
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10611)

Abstract

[Context/Background]: With the increasing use of cyber-physical systems in complex socio-technical setups, mechanisms that hold specific entities accountable for safety and security incidents are needed. Although there exist models that try to capture and formalize accountability concepts, many of these lack practical implementations. We hence know little about how accountability mechanisms work in practice and how specific entities could be held responsible for incidents. [Goal]: As a step towards the practical implementation of providing accountability, this systematic mapping study investigates existing implementations of accountability concepts with the goal to (1) identify a common definition of accountability and (2) identify the general trend of practical research. [Method]: To survey the literature for existing implementations, we conducted a systematic mapping study. [Results]: We thus contribute by providing a systematic overview of current accountability realizations and requirements for future accountability approaches. [Conclusions]: We find that existing practical accountability research lacks a common definition of accountability in the first place. The research field seems rather scattered with no generally accepted architecture and/or set of requirements. While most accountability implementations focus on privacy and security, no safety-related approaches seem to exist. Furthermore, we did not find excessive references to relevant and related concepts such as reasoning, log analysis and causality.

Keywords

Accountability Tools Literature review Survey Systematic mapping study 

Notes

Acknowledgments

This work was funded in part by the Munich Center for Internet Research and the TUM Living Lab Connected Mobility (TUM LLCM) project which has been funded by the Bavarian Ministry of Economic Affairs and Media, Energy and Technology (StMWi) through the Center Digitisation. Bavaria, an initiative of the Bavarian State Government.

References

  1. 1.
    ACM digital library (2017). http://dl.acm.org/. Accessed 07 June 2017
  2. 2.
    IEEE Xplore (2017). http://ieeexplore.ieee.org. Accessed 07 June 2017
  3. 3.
    Scopus (2017). http://www.scopus.com. Accessed 07 June 2017
  4. 4.
    Springer (2017). http://link.springer.com. Accessed 07 June 2017
  5. 5.
    Zotero (2017). http://www.zotero.org. Accessed 07 June 2017
  6. 6.
    Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., Shenker, S.: Accountable internet protocol (AIP). ACM Comput. Commun. Rev. 38, 339–350 (2008). ACMCrossRefGoogle Scholar
  7. 7.
    Bhargav-Spantzel, A., Camenisch, J., Gross, T., Sommer, D.: User centricity: a taxonomy and open issues. J. Comput. Secur. 15(5), 493–527 (2007)CrossRefGoogle Scholar
  8. 8.
    Brzuska, C., Pöhls, H.C., Samelin, K.: Non-interactive public accountability for sanitizable signatures. In: De Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 178–193. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40012-4_12CrossRefzbMATHGoogle Scholar
  9. 9.
    Chen, H., Tu, S., Zhao, C., Huang, Y.: Provenance cloud security auditing system based on log analysis. In: 2016 IEEE International Conference of Online Analysis and Computing Science (ICOACS), pp. 155–159 (2016).  https://doi.org/10.1109/ICOACS.2016.7563069
  10. 10.
    Coileáin, D.O., O’mahony, D.: Accounting and accountability in content distribution architectures: a survey. ACM Comput. Surv. 47(4), 59:1–59:35 (2015). http://doi.acm.org/10.1145/2723701
  11. 11.
    Datta, A., Kar, S., Sinopoli, B., Weerakkody, S.: Accountability in cyber-physical systems. In: 2016 Science of Security for Cyber-Physical Systems Workshop (SOSCYPS), pp. 1–3 (2016).  https://doi.org/10.1109/SOSCYPS.2016.7579998
  12. 12.
    Feigenbaum, J., Jaggard, A.D., Wright, R.N.: Towards a formal model of accountability. In: Workshop on New Security Paradigms Workshop, pp. 45–56. ACM (2011)Google Scholar
  13. 13.
    Grunwel, D., Sahama, T.: Delegation of access in an information accountability framework for ehealth. In: Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2016, NY, USA, pp. 59:1–59:8. ACM, New York (2016).  https://doi.org/10.1145/2843043.2843383
  14. 14.
    Grunwell, D., Batista, P., Campos, S., Sahama, T.: Managing and sharing health data through information accountability protocols. In: 2015 17th International Conference on E-health Networking, Application Services (HealthCom), pp. 200–204 (2015).  https://doi.org/10.1109/HealthCom.2015.7454498
  15. 15.
    Jain, J.R., Asaduzzaman, A.: A novel data logging framework to enhance security of cloud computing. In: SoutheastCon 2016, pp. 1–6 (2016).  https://doi.org/10.1109/SECON.2016.7506764
  16. 16.
    Kacianka, S., Beckers, K., Kelbert, F., Kumari, P.: Dataset: How Accountability is Understood and Realized (2017). https://doi.org/10.5281/zenodo.807129
  17. 17.
    Kelbert, F., Pretschner, A.: A fully decentralized data usage control enforcement infrastructure. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 409–430. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-28166-7_20CrossRefGoogle Scholar
  18. 18.
    Ko, R.K., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., Lee, B.S.: Trustcloud: a framework for accountability and trust in cloud computing. In: IEEE World Congress on Services, pp. 584–588. IEEE (2011)Google Scholar
  19. 19.
    Papanikolaou, N., Pearson, S.: A cross-disciplinary review of the concept of accountability. In: Proceedings of the International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (2011)Google Scholar
  20. 20.
    Pearson, S.: Toward accountability in the cloud. IEEE Internet Comput. 15(4), 64 (2011)CrossRefGoogle Scholar
  21. 21.
    Petersen, K., Feldt, R., Mujtaba, S., Mattsson, M.: Systematic mapping studies in software engineering. In: 12th International Conference on Evaluation and Assessment in Software Engineering, vol. 17 (2008)Google Scholar
  22. 22.
    Petticrew, M., Roberts, H.: Systematic Review in the Social Sciences: A Practical Guide. Blackwell Publishing, Oxford (2006)Google Scholar
  23. 23.
    Povey, D.: Optimistic security: a new access control paradigm. In: Proceedings of the 1999 Workshop on New Security Paradigms, pp. 40–45. ACM (2000)Google Scholar
  24. 24.
    Rooney, J.J., Heuvel, L.N.V.: Root cause analysis for beginners. Qual. Prog. 37(7), 45–56 (2004)Google Scholar
  25. 25.
    Salleh, N., Mendes, E., Grundy, J.: Empirical studies of pair programming for CS/SE teaching in higher education: a systematic literature review. IEEE Trans. Softw. Eng. 37(4), 509–525 (2011)CrossRefGoogle Scholar
  26. 26.
    Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008)CrossRefGoogle Scholar
  27. 27.
    Wickramage, C., Sahama, T., Fidge, C.: Anatomy of log files: implications for information accountability measures. In: Healthcom, pp. 1–6 (2016).  https://doi.org/10.1109/HealthCom.2016.7749426
  28. 28.
    Wieringa, R., Maiden, N., Mead, N., Rolland, C.: Requirements engineering paper classification and evaluation criteria: a proposal and a discussion. Requir. Eng. 11(1), 102–107 (2005)CrossRefGoogle Scholar
  29. 29.
    Xiao, Y.: Flow-net methodology for accountability in wireless networks. IEEE Netw. 23(5), 30–37 (2009)CrossRefGoogle Scholar
  30. 30.
    Xiao, Z., Kathiresshan, N., Xiao, Y.: A survey of accountability in computer networks and distributed systems. Secur. Commun. Netw. 9(4), 290–315 (2012)CrossRefGoogle Scholar

Study Papers

  1. 31.
    Ahmed, M., Ahamad, M.: Combating abuse of health data in the age of eHealth exchange. In: IEEE International Conference on Healthcare Informatics, pp. 109–118 (2014)Google Scholar
  2. 32.
    Alexiou, N., Laganà, M., Gisdakis, S., Khodaei, M., Papadimitratos, P.: VeSPA: Vehicular Security and Privacy-preserving Architecture. In: 2nd ACM Workshop on Hot Topics on Wireless Network Security and Privacy, pp. 19–24. ACM (2013)Google Scholar
  3. 33.
    Ali, M., Moreau, L.: A provenance-aware policy language (cProvl) and a data traceability model (cProv) for the cloud. In: Third International Conference on Cloud and Green Computing, pp. 479–486 (2013)Google Scholar
  4. 34.
    Ali, S., Sivaraman, V., Ostry, D., Tsudik, G., Jha, S.: Securing first-hop data provenance for bodyworn devices using wireless link fingerprints. IEEE Trans. Inf. Forensics Secur. 9(12), 2193–2204 (2014)CrossRefGoogle Scholar
  5. 35.
    Ali, S.T., Sivaraman, V., Ostry, D., Jha, S.: Securing data provenance in body area networks using lightweight wireless link fingerprints. In: Proceedings of 3rd International Workshop on Trustworthy Embedded Devices, pp. 65–72. ACM (2013)Google Scholar
  6. 36.
    Asokan, N., Dmitrienko, A., Nagy, M., Reshetova, E., Sadeghi, A.-R., Schneider, T., Stelle, S.: CrowdShare: secure mobile resource sharing. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 432–440. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38980-1_27CrossRefGoogle Scholar
  7. 37.
    Brzuska, C., Pöhls, H.C., Samelin, K.: Efficient and perfectly unlinkable sanitizable signatures without group signatures. In: Katsikas, S., Agudo, I. (eds.) EuroPKI 2013. LNCS, vol. 8341, pp. 12–30. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-53997-8_2CrossRefzbMATHGoogle Scholar
  8. 38.
    Cherrueau, R.A., Sudholt, M.: Enforcing expressive accountability policies. In: IEEE 23rd International WETICE Conference, pp. 333–338 (2014)Google Scholar
  9. 39.
    Choi, C., Dong, Y., Zhang, Z.-L.: LIPS: Lightweight Internet Permit System for stopping unwanted packets. In: Boutaba, R., Almeroth, K., Puigjaner, R., Shen, S., Black, J.P. (eds.) NETWORKING 2005. LNCS, vol. 3462, pp. 178–190. Springer, Heidelberg (2005).  https://doi.org/10.1007/11422778_15CrossRefGoogle Scholar
  10. 40.
    Clifton, D., Fernandez, E.: A microprocessor design for multilevel security. In: Fourth Aerospace Computer Security Applications Conference, pp. 194–198 (1988)Google Scholar
  11. 41.
    Dailianas, A., Yemini, Y., Florissi, D., Huang, H.: MarketNet: market-based protection of network systems and services-an application to SNMP protection. In: Proceedings 19th Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3 (2000)Google Scholar
  12. 42.
    De Oliveira, A., Sendor, J., Garaga, A., Jenatton, K.: Monitoring personal data transfers in the cloud. In: IEEE 5th International Confernce on Cloud Computing Technology and Science, vol. 1, pp. 347–354 (2013)Google Scholar
  13. 43.
    Fahl, S., Dechand, S., Perl, H., Fischer, F., Smrcek, J., Smith, M.: Hey, NSA: stay away from my market! Future proofing app. Markets against powerful attackers. In: Proceedings of 2014 ACM Conference on Computer and Communications Security, pp. 1143–1155. ACM (2014)Google Scholar
  14. 44.
    Flegel, U.: Pseudonymizing unix log files. In: Davida, G., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 162–179. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45831-X_12CrossRefGoogle Scholar
  15. 45.
    Fugkeaw, S., Manpanpanich, P., Juntapremjitt, S.: AmTRUE: authentication management and trusted role-based authorization in multi-application and multi-user environment. In: The International Conference on Emerging Security Information, Systems, and Technologies, pp. 216–221 (2007)Google Scholar
  16. 46.
    Fugkeaw, S., Manpanpanich, P., Juntapremjitt, S.: A-COLD: access control of web OLAP over multi-data warehouse. In: International Conference on Availability, Reliability and Security, pp. 469–474 (2009)Google Scholar
  17. 47.
    Haidar, A., Zasada, S., Coveney, P., Abdallah, A., Beckles, B.: Audited credential delegation - a user-centric identity management solution for computational grid environments. In: Sixth International Confernce on Information Assurance and Security, pp. 222–227 (2010)Google Scholar
  18. 48.
    Jedrzejczyk, L., Price, B.A., Bandara, A.K., Nuseibeh, B.: On the impact of real-time feedback on users’ behaviour in mobile location-sharing applications. In: Proceedings of Sixth Symposium on Usable Privacy and Security, pp. 14:1–14:12. ACM (2010)Google Scholar
  19. 49.
    Kang, Y., Schiffman, A., Shrager, J.: RAPPD: a language and prototype for recipient-accountable private personal data. In: IEEE Security and Privacy Workshops, pp. 49–56 (2014)Google Scholar
  20. 50.
    Khalasi, G., Chaudhari, M.: TrustGK monitor: ‘Customer Trust As a Service’ for the cloud. In: Proceedings of CUBE International Information Technology Conference, pp. 537–543. ACM (2012)Google Scholar
  21. 51.
    Ko, R., Jagadpramana, P., Lee, B.S.: Flogger: a file-centric logger for monitoring file access and transfers within cloud computing environments. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 765–771 (2011)Google Scholar
  22. 52.
    Ko, R., Will, M.: Progger: an efficient, tamper-evident kernel-space logger for cloud data provenance tracking. In: IEEE 7th International Conference on Cloud Computing, pp. 881–889 (2014)Google Scholar
  23. 53.
    Kuacharoen, P.: Design and implementation of a secure online lottery system. In: Papasratorn, B., Charoenkitkarn, N., Lavangnananda, K., Chutimaskul, W., Vanijja, V. (eds.) IAIT 2012. CCIS, vol. 344, pp. 94–105. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-35076-4_9CrossRefGoogle Scholar
  24. 54.
    Langheinrich, M.: A privacy awareness system for ubiquitous computing environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, pp. 237–245. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45809-3_19CrossRefzbMATHGoogle Scholar
  25. 55.
    Lee, W., Squicciarini, A., Bertino, E.: The design and evaluation of accountable grid computing system. In: 29th IEEE International Conference on Distributed Computing Systems, pp. 145–154 (2009)Google Scholar
  26. 56.
    Lin, K.J., Chang, S.: A service accountability framework for QoS service management and engineering. Inf. Syst. e-Business Manag. 7(4), 429–446 (2009)MathSciNetCrossRefGoogle Scholar
  27. 57.
    Masmoudi, F., Loulou, M., Kacem, A.: Multi-tenant services monitoring for accountability in cloud computing. In: IEEE 6th International Conference on Cloud Computing Technology and Science, pp. 620–625 (2014)Google Scholar
  28. 58.
    Michalas, A., Komninos, N.: The lord of the sense: a privacy preserving reputation system for participatory sensing applications. In: IEEE Symposium on Computers and Communication, pp. 1–6 (2014)Google Scholar
  29. 59.
    Mivule, K., Otunba, S., Tripathy, T.: Implementation of data privacy and security in an online student health records system. Technical report, Department of Computer Science, Bowie State University (2014)Google Scholar
  30. 60.
    Mortimer, D., Cook, N.: Supporting accountable business to business document exchange in the cloud. In: IEEE International Conference on Service-Oriented Computing and Applications, pp. 1–8 (2010)Google Scholar
  31. 61.
    Naessens, V., De Decker, B., Demuynck, L.: Accountable anonymous E-mail. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 3–18. Springer, Boston (2005).  https://doi.org/10.1007/0-387-25660-1_1CrossRefGoogle Scholar
  32. 62.
    Pato, J., Paradesi, S., Jacobi, I., Shih, F., Wang, S.: Aintno: demonstration of information accountability on the web. In: IEEE 3rd International Conference on Privacy, Security, Risk and Trust and 2011 IEEE 3rd International Conference on Social Computing, pp. 1072–1080 (2011)Google Scholar
  33. 63.
    Pearce, C., Bertok, P., Van Schyndel, R.: Protecting consumer data in composite web services. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 19–34. Springer, Boston (2005).  https://doi.org/10.1007/0-387-25660-1_2CrossRefGoogle Scholar
  34. 64.
    Pearson, S., Rao, P., Sander, T., Parry, A., Paull, A., Patruni, S., Dandamudi-Ratnakar, V., Sharma, P.: Scalable, accountable privacy management for large organizations. In: 13th Enterprise Distributed Object Computing Conference Workshops, pp. 168–175 (2009)Google Scholar
  35. 65.
    Popa, R.A., Blumberg, A.J., Balakrishnan, H., Li, F.H.: Privacy and accountability for location-based aggregate statistics. In: Proceedings of 18th ACM Conference on Computer and Communications Security, pp. 653–666. ACM (2011)Google Scholar
  36. 66.
    Rubin, A.: Trusted distribution of software over the internet. In: Proceedings of Symposium on Network and Distributed System Security, pp. 47–53 (1995)Google Scholar
  37. 67.
    Ruth, P., Xu, D., Bhargava, B., Regnier, F.: E-notebook middleware for accountability and reputation based trust in distributed data sharing communities. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 161–175. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24747-0_13CrossRefzbMATHGoogle Scholar
  38. 68.
    Sriram, V., Narayan, G., Gopinath, K.: SAFIUS - a secure and accountable filesystem over untrusted storage. In: Fourth International IEEE Security in Storage Workshop, pp. 34–45 (2007)Google Scholar
  39. 69.
    Such, J.M., Espinosa, A., Garcia-Fornes, A.: An agent infrastructure for privacy-enhancing agent-based E-commerce applications. In: Dechesne, F., Hattori, H., ter Mors, A., Such, J.M., Weyns, D., Dignum, F. (eds.) AAMAS 2011. LNCS, vol. 7068, pp. 411–425. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-27216-5_31CrossRefGoogle Scholar
  40. 70.
    Such, J.M., García-Fornes, A., Espinosa, A., Bellver, J.: Magentix2: a privacy-enhancing agent platform. Eng. Appl. Artif. Intell. 26(1), 96–109 (2013)CrossRefGoogle Scholar
  41. 71.
    Suen, C.H., Ko, R., Tan, Y.S., Jagadpramana, P., Lee, B.S.: S2Logger: end-to-end data tracking mechanism for cloud data provenance. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 594–602 (2013)Google Scholar
  42. 72.
    Wang, K., Malozemoff, A., Jia, N., Han, C., Maheswaran, M.: A social accountability framework for computer networks. In: IEEE Global Telecommunications Conference, pp. 1–6 (2010)Google Scholar
  43. 73.
    Xiao, Y., Meng, K., Takahashi, D.: Implementation and evaluation of accountability using flow-net in wireless networks. In: Military Communications Conference, pp. 7–12 (2010)Google Scholar
  44. 74.
    Xu, G., Aguilera, L., Guan, Y.: Accountable anonymity: a proxy re-encryption based anonymous communication system. In: IEEE 18th International Conference on Parallel and Distributed Systems, pp. 109–116 (2012)Google Scholar
  45. 75.
    Zhou, W., Sherr, M., Tao, T., Li, X., Loo, B.T., Mao, Y.: Efficient querying and maintenance of network provenance at internet-scale. In: Proceedings of 2010 ACM SIGMOD International Conference on Management of Data, pp. 615–626. ACM (2010)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Severin Kacianka
    • 1
    Email author
  • Kristian Beckers
    • 2
  • Florian Kelbert
    • 3
  • Prachi Kumari
    • 4
  1. 1.Technical University of MunichMunichGermany
  2. 2.SiemensMunichGermany
  3. 3.Imperial College LondonLondonEngland
  4. 4.MunichGermany

Personalised recommendations