Skip to Main content Skip to Navigation
New interface
Conference papers

Enforcing Expressive Accountability Policies

Ronan-Alexandre Cherrueau 1, 2 Mario Südholt 1, 2 
1 ASCOLA - Aspect and composition languages
LINA - Laboratoire d'Informatique de Nantes Atlantique, Département informatique - EMN, Inria Rennes – Bretagne Atlantique
Abstract : Accountability policies for the enforcement of the responsible stewardship of personal data have to support the gathering of information at all levels of the service stack and across different policy domains, for instance, for the retrospective enforcement of transparency and remediation properties. Existing approaches to accountability, however, often do not meet these requirements and corresponding implementation support is generally lacking. In this paper we show how expressive policies can be defined in terms of properties that change across boundaries of policy domains, include access to data at different levels of the service stack, and support preventive and retrospective mechanisms for different accountability properties, notably transparency and remediability. Furthermore, we present a notion of accountability schemes that support the constructive implementation of accountability policies. Finally, we motivate and apply our approach in the context of real-world attacks to OAuth-based authorization and authentication schemes.
Document type :
Conference papers
Complete list of metadata
Contributor : Ronan-Alexandre Cherrueau Connect in order to contact the contributor
Submitted on : Friday, March 28, 2014 - 2:49:48 PM
Last modification on : Wednesday, April 27, 2022 - 3:49:58 AM



Ronan-Alexandre Cherrueau, Mario Südholt. Enforcing Expressive Accountability Policies. WETICE - IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, Sumitra Reddy, Jun 2014, Parma, Italy. pp.333--338, ⟨10.1109/WETICE.2014.71⟩. ⟨hal-00967398⟩



Record views