Log Design for Accountability

Denis Butin 1, 2, * Marcos Chicote 1, 2 Daniel Le Métayer 1, 2, *
* Auteur correspondant
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : The position put forward in this paper is that accountability is a requirement to be taken into account from the initial design phase of a system because of its strong impact on log architecture implementation. As an illustration, the logs we consider here record actions by data controllers handling personally identifiable information to deliver services to data subjects. The structures of those logs seldom take into account requirements for accountability, preventing effective dispute resolution. We address the question of what information should be included in logs to make their a posteriori compliance analysis meaningful. Real-world scenarios are used to show that decisions about log architectures are nontrivial and should be made from the design stage on. Three categories of situations for which straightforward solutions are problematic are presented. Our discussion shows how log content choices and accountability definitions mutually affect each other and incites service providers to rethink up to what extent they can be held responsible. These different aspects are synthesized into key guidelines to avoid common pitfalls in accountable log design. This analysis is based on case studies performed on our implementation of the PPL policy language.
Type de document :
Communication dans un congrès
DUMA13 - 4th International Workshop on Data Usage Management - 2013, May 2013, San Francisco, United States. 2013, 〈10.1109/SPW.2013.26〉
Liste complète des métadonnées

Littérature citée [22 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-00799100
Contributeur : Denis Butin <>
Soumis le : lundi 10 juin 2013 - 14:14:48
Dernière modification le : jeudi 29 novembre 2018 - 18:18:02
Document(s) archivé(s) le : mercredi 11 septembre 2013 - 03:05:10

Fichier

bcm-log_design_accountability....
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Denis Butin, Marcos Chicote, Daniel Le Métayer. Log Design for Accountability. DUMA13 - 4th International Workshop on Data Usage Management - 2013, May 2013, San Francisco, United States. 2013, 〈10.1109/SPW.2013.26〉. 〈hal-00799100〉

Partager

Métriques

Consultations de la notice

276

Téléchargements de fichiers

327