Enforcing Expressive Accountability Policies

Ronan-Alexandre Cherrueau 1, 2 Mario Südholt 1, 2
1 ASCOLA - Aspect and composition languages
LINA - Laboratoire d'Informatique de Nantes Atlantique, Département informatique - EMN, Inria Rennes – Bretagne Atlantique
Abstract : Accountability policies for the enforcement of the responsible stewardship of personal data have to support the gathering of information at all levels of the service stack and across different policy domains, for instance, for the retrospective enforcement of transparency and remediation properties. Existing approaches to accountability, however, often do not meet these requirements and corresponding implementation support is generally lacking. In this paper we show how expressive policies can be defined in terms of properties that change across boundaries of policy domains, include access to data at different levels of the service stack, and support preventive and retrospective mechanisms for different accountability properties, notably transparency and remediability. Furthermore, we present a notion of accountability schemes that support the constructive implementation of accountability policies. Finally, we motivate and apply our approach in the context of real-world attacks to OAuth-based authorization and authentication schemes.
Type de document :
Communication dans un congrès
WETICE - IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, Jun 2014, Parma, Italy. pp.333--338, 2014, 〈10.1109/WETICE.2014.71〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00967398
Contributeur : Ronan-Alexandre Cherrueau <>
Soumis le : vendredi 28 mars 2014 - 14:49:48
Dernière modification le : mercredi 11 avril 2018 - 02:00:13

Identifiants

Citation

Ronan-Alexandre Cherrueau, Mario Südholt. Enforcing Expressive Accountability Policies. WETICE - IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, Jun 2014, Parma, Italy. pp.333--338, 2014, 〈10.1109/WETICE.2014.71〉. 〈hal-00967398〉

Partager

Métriques

Consultations de la notice

245