research-article

Open vs. closed systems for accountability

Authors:

Joan Feigenbaum,

Aaron D. Jaggard,

Rebecca N. WrightAuthors Info & Claims

HotSoS '14: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security

Article No.: 4, Pages 1 - 11

https://doi.org/10.1145/2600176.2600179

Published: 08 April 2014 Publication History

Abstract

The relationship between accountability and identity in online life presents many interesting questions. Here, we first systematically survey the various (directed) relationships among principals, system identities (nyms) used by principals, and actions carried out by principals using those nyms. We also map these relationships to corresponding accountability-related properties from the literature.

Because punishment is fundamental to accountability, we then focus on the relationship between punishment and the strength of the connection between principals and nyms. To study this particular relationship, we formulate a utility-theoretic framework that distinguishes between principals and the identities they may use to commit violations. In doing so, we argue that the analogue applicable to our setting of the well known concept of quasilinear utility is insufficiently rich to capture important properties such as reputation. We propose more general utilities with linear transfer that do seem suitable for this model.

In our use of this framework, we define notions of "open" and "closed" systems. This distinction captures the degree to which system participants are required to be bound to their system identities as a condition of participating in the system. This allows us to study the relationship between the strength of identity binding and the accountability properties of a system.

References

[1]

M. Backes, A. Datta, A. Derek, J. C. Mitchell, and M. Turuani. Compositional analysis of contract-signing protocols. Theor. Comput. Sci., 367(1):33--56, Nov. 2006.

Digital Library

[2]

A. Barth, J. Mitchell, A. Datta, and S. Sundaram. Privacy and utility in business processes. In Proceedings of the 20th IEEE Computer Security Foundations Symposium, CSF '07, pages 279--294, Washington, DC, USA, 2007. IEEE Computer Society.

Digital Library

[3]

G. Bella and L. C. Paulson. Accountability protocols: Formalized and verified. ACM Trans. Inf. Syst. Secur., 9(2):138--161, May 2006.

Digital Library

[4]

H. Chockler and J. Y. Halpern. Responsibility and blame: a structural-model approach. J. Artif. Int. Res., 22(1):93--115, Oct. 2004.

Digital Library

[5]

H. Chockler, J. Y. Halpern, and O. Kupferman. What causes a system to satisfy a specification? ACM Trans. Comput. Logic, 9(3):20:1--20:26, June 2008.

Digital Library

[6]

H. Chockler, J. Y. Halpern, and O. Kupferman. Erratum for "What causes a system to satisfy a specification?". ACM Trans. Comput. Logic, 11(4):29:1--29:2, July 2010.

Digital Library

[7]

J. Feigenbaum, J. A. Hendler, A. D. Jaggard, D. J. Weitzner, and R. N. Wright. Accountability and deterrence in online life (extended abstract). In Proceedings of the 3rd International Web Science Conference, WebSci '11, pages 7:1--7:7, New York, NY, USA, 2011. ACM.

Digital Library

[8]

J. Feigenbaum, A. D. Jaggard, and R. N. Wright. Towards a formal model of accountability. In Proceedings of the 2011 New Security Paradigms Workshop, NSPW '11, pages 45--56, New York, NY, USA, 2011. ACM.

Digital Library

[9]

J. Feigenbaum, A. D. Jaggard, and R. N. Wright. Accountability as an interface between cybersecurity and social science. In L. J. Hoffman, editor, Social Science, Computer Science, and Cybersecurity Workshop Summary Report, 2013. George Washington University CSPRI report GW-CSPRI-2013-02, http://www.cspri.seas.gwu.edu/uploads/2/1/3/2/21324690/research_summary.pdf.

[10]

J. Feigenbaum, A. D. Jaggard, R. N. Wright, and H. Xiao. Systematizing "accountability" in computer science. Technical Report 1452, Yale University Department of Computer Science, February 2012.

[11]

J. Feigenbaum and S. Shenker. Distributed algorithmic mechanism design: Recent results and future directions. In Proceedings of the 6th International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications, DIALM '02, pages 1--13, New York, NY, USA, 2002. ACM.

Digital Library

[12]

E. J. Friedman and P. Resnick. The social cost of cheap pseudonyms. Journal of Economics & Management Strategy, 10(2):173--199, 2001.

[13]

R. Jagadeesan, A. Jeffrey, C. Pitcher, and J. Riely. Towards a theory of accountability and audit. In Proceedings of the 14th European Conference on Research in Computer Security, ESORICS'09, pages 152--167, Berlin, Heidelberg, 2009. Springer-Verlag.

Digital Library

[14]

A. Jøsang, J. Fabre, B. Hay, J. Dalziel, and S. Pope. Trust requirements in identity management. In Proceedings of the 2005 Australasian Workshop on Grid Computing and e-Research - Volume 44, ACSW Frontiers '05, pages 99--108, Darlinghurst, Australia, Australia, 2005. Australian Computer Society, Inc.

Digital Library

[15]

R. K. L. Ko, B. S. Lee, and S. Pearson. Towards achieving accountability, auditability and trust in cloud computing. In A. Abraham, J. L. Mauri, J. F. Buford, J. Suzuki, and S. M. Thampi, editors, Advances in Computing and Communications, volume 193 of Communications in Computer and Information Science, pages 432--444. Springer Berlin Heidelberg, 2011.

[16]

R. Kohias and U. Maurer. Reasoning about public-key certification: On bindings between entities and public keys. IEEE J. Sel. A. Commun., 18(4):551--560, 2000.

Digital Library

[17]

J. GS Koppell. Pathologies of accountability: ICANN and the challenge of "multiple accountabilities disorder". Public Administration Review, 65(1):94--108, 2005.

[18]

R. Küsters, T. Truderung, and A. Vogt. Accountability: definition and relationship to verifiability. In Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, pages 526--535, New York, NY, USA, 2010. ACM.

Digital Library

[19]

B. Lampson. Notes for presentation entitled "Acountability and Freedom", 2005. Available at http://research.microsoft.com/en-us/um/people/blampson/slides/AccountabilityAndFreedom.ppt. Accessed March 20, 2014.

[20]

B. Lampson. Privacy and security: Usable security: How to get it. Commun. ACM, 52(11):25--27, Nov. 2009.

Digital Library

[21]

U. Maurer. Modelling a public-key infrastructure. In Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, ESORICS '96, pages 325--350, London, UK, UK, 1996. Springer-Verlag.

Digital Library

[22]

R. Mulgan. 'Accountability': An ever-expanding concept? Public Administration, 78(3):555--573, 2000.

[23]

S. Pearson. Toward accountability in the cloud. IEEE Internet Computing, 15(4):64--69, July 2011.

Digital Library

[24]

M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. ACM Trans. Inf. Syst. Secur., 1(1):66--92, Nov. 1998.

Digital Library

[25]

S. G. Stubblebine and P. F. Syverson. Authentic attributes with fine-grained anonymity protection. In Proceedings of the 4th International Conference on Financial Cryptography, FC '00, pages 276--294, London, UK, UK, 2001. Springer-Verlag.

Digital Library

[26]

P. F. Syverson and S. G. Stubblebine. Group principals and the formalization of anonymity. In Proceedings of the Wold Congress on Formal Methods in the Development of Computing Systems-Volume I - Volume I, FM '99, pages 814--833, London, UK, UK, 1999. Springer-Verlag.

Digital Library

[27]

E. Weisband and A. Ebrahim. Introduction: Forging global accountabilities. In A. Ebrahim and E. Weisband, editors, Forging Global Accountabilities: Participation, Pluralism, and Public Ethics. Cambridge University Press, 2007.

[28]

D. J. Weitzner, H. Abelson, T. Berners-Lee, J. Feigenbaum, J. Hendler, and G. J. Sussman. Information accountability. Commun. ACM, 51(6):82--87, June 2008.

Digital Library

Cited By

Graf MKüsters RRausch DEgger SBechtold MFlinspach M(2024)Accountable Bulletin Boards: Definition and Provably Secure Implementation2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00013(201-216)Online publication date: 8-Jul-2024
https://doi.org/10.1109/CSF61375.2024.00013
Graf MKüsters RRausch D(2023)AUC: Accountable Universal Composability2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179384(1148-1167)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179384
Kieras TFarooq JZhu QKieras TFarooq JZhu Q(2022)Policy ManagementIoT Supply Chain Security Risk Analysis and Mitigation10.1007/978-3-031-08480-5_4(57-106)Online publication date: 11-Jun-2022
https://doi.org/10.1007/978-3-031-08480-5_4
Show More Cited By

Index Terms

Open vs. closed systems for accountability

Recommendations

Balancing accountability and privacy in the network
SIGCOMM'14

Though most would agree that accountability and privacy are both valuable, today's Internet provides little support for either. Previous efforts have explored ways to offer stronger guarantees for one of the two, typically at the expense of the other; ...
Balancing accountability and privacy in the network
SIGCOMM '14: Proceedings of the 2014 ACM conference on SIGCOMM

Though most would agree that accountability and privacy are both valuable, today's Internet provides little support for either. Previous efforts have explored ways to offer stronger guarantees for one of the two, typically at the expense of the other; ...
POSTER: Preserving privacy and accountability for personal devices
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Using personal mobile devices for work gave rise to a trend called "bring your own device", or BYOD. BYOD brings a productivity boost for employees, but also headaches for employers: on the one hand, the business has a legitimate interest in monitoring ...

Comments

comments powered by Disqus.

Information & Contributors

Information

Published In

HotSoS '14: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security

April 2014

184 pages

ISBN:9781450329071

DOI:10.1145/2600176

General Chair:
Laurie A. Williams
North Carolina State University
,
Program Chairs:
David M. Nicol
University of Illinois, Urbana-Champaign
,
Munindar P. Singh
North Carolina State University

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

No. Carolina State Univeresity: North Carolina State University

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

HotSoS '14

Sponsor:

No. Carolina State Univeresity

HotSoS '14: Symposium and Bootcamp on the Science of Security

April 8 - 9, 2014

North Carolina, Raleigh, USA

Acceptance Rates

HotSoS '14 Paper Acceptance Rate 12 of 21 submissions, 57%;

Overall Acceptance Rate 34 of 60 submissions, 57%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
148
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Graf MKüsters RRausch DEgger SBechtold MFlinspach M(2024)Accountable Bulletin Boards: Definition and Provably Secure Implementation2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00013(201-216)Online publication date: 8-Jul-2024
https://doi.org/10.1109/CSF61375.2024.00013
Graf MKüsters RRausch D(2023)AUC: Accountable Universal Composability2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179384(1148-1167)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179384
Kieras TFarooq JZhu QKieras TFarooq JZhu Q(2022)Policy ManagementIoT Supply Chain Security Risk Analysis and Mitigation10.1007/978-3-031-08480-5_4(57-106)Online publication date: 11-Jun-2022
https://doi.org/10.1007/978-3-031-08480-5_4
Singh MWeiss GYolum PBordini RElkind E(2015)Cybersecurity as an Application Domain for Multiagent SystemsProceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems10.5555/2772879.2773304(1207-1212)Online publication date: 4-May-2015
https://dl.acm.org/doi/10.5555/2772879.2773304
Fu BXiao Y(2015)A multi-resolution accountable logging and its applicationsComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2015.06.01189:C(44-58)Online publication date: 4-Oct-2015
https://dl.acm.org/doi/10.1016/j.comnet.2015.06.011

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy