Abstract Accountability Language

Abstract : Usual preventive security mechanisms are not adequate for a world where personal data can be exchanged on-line between different parties and/or stored at multiple jurisdictions. Accountability becomes a necessary principle for future computer systems. This is specially critical for the cloud and Web applications that collect personal and sensitive data from end users. Accountability regards the responsibility and liability (including other attributes) for the data handling performed by a computer system on behalf of an organisation. In case of misconduct (e.g. security breaches, personal data leak, etc.), accountability should imply in remediation and redress actions, as in the real life. Contrary to data privacy, which is already supported by several concrete languages, there is currently no language supporting accountability obligations representation. In this work, we provide an abstract language for accountability obligations representation. We analyze two use cases to illustrate the efficiency of our approach in representing accountability obligations in realistic situations.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-00973399
Contributor : Walid Benghabrit <>
Submitted on : Friday, April 4, 2014 - 10:52:17 AM
Last modification on : Monday, September 9, 2019 - 3:24:05 PM

Identifiers

  • HAL Id : hal-00973399, version 1

Citation

Walid Benghabrit, Hervé Grall, Jean-Claude Royer, Mohamed Sellami, Karin Bernsmed, et al.. Abstract Accountability Language. IFIPTM - 8th IFIP WG 11.11 International Conference on Trust Management, Jul 2014, Singapore, Singapore. pp.229--236. ⟨hal-00973399⟩

Share

Metrics

Record views

431