Accountability and Identifiability

This material is based on collaborative research supported by the NSF Trustworthy Computing program through grants CNS-1016875 and CNS-1018557. (Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.)

Description

The World Wide Web and other networked information systems provide enormous benefits by enabling access to unprecedented amounts of information. However, for many years, users have been frustrated by the fact that these systems also create significant problems. Sensitive personal data are disclosed, confidential corporate data are stolen, copyrights are infringed, and databases owned by one government organization are accessed by members of another in violation of government policy. The frequency of such incidents continues to increase, and an incident must now be truly outrageous to be considered newsworthy. This project takes the view that when security violations occur, it should be possible to punish the violators in some fashion.

Although "accountability" is widely agreed to be important and desirable, there has been little theoretical work on the subject; indeed, there does not even seem to be a standard definition of "accountability," and researchers in different areas use it to mean different things. This project addresses these issues, the relationship between accountability and other goals (such as user privacy), and the requirements (such as identifiability of violators and violations) for accountability in real-world systems. This clarification of the important notion of accountability will help propel a next generation of network-mediated interaction and services that users understand and trust.

The project's technical approach to accountability as an essential component of trustworthiness involves two intertwined research thrusts. The first thrust focuses on definitions and foundational theory. Intuitively, accountability is present in any system in which actions are governed by well defined rules, and violations of those rules are punished. Project goals are to identify ambiguities and gaps in this intuitive notion, provide formal definitions that capture important accountability desiderata, and explicate relationships of accountability to well studied notions such as identifiability, authentication, authorization, privacy, and anonymity. The second thrust focuses on analysis, design, and abstraction. The project studies fundamental accountability and identifiability requirements in real-world systems, both technological and social. One project goal is to use the resulting better understanding of the extent to which accountability is truly at odds with privacy and other desirable system properties to design new protocols with provable accountability properties. Building on that understanding and insights gained in designing protocols, the project also addresses fundamental tradeoffs and impossibility results about accountability and identifiability in various settings.

People

Senior Personnel

Graduate Students

Collaborators

Jim Hendler, Danny Weitzner

Papers

  1. Joan Feigenbaum, Aaron D. Jaggard, Rebecca N. Wright, and Hongda Xiao, "Systematizing 'Accountability' in Computer Science"
  2. Joan Feigenbaum, Aaron D. Jaggard, and Rebecca N. Wright, "Towards a Formal Model of Accountability"
  3. Joan Feigenbaum, James Hendler, Aaron D. Jaggard, Daniel Weitzner, and Rebecca N. Wright, "Accountability and Deterrence in Online Life (Extended Abstract)''
  4. Joan Feigenbaum, "Accountability as a Driver of Innovative Privacy Solutions", in Privacy and Innovation Symposium Thought Pieces, Yale Law School Information Society Project, October 2010.

Talks

  1. "Toward a Clearer Understanding of Accountability," presented at the NY Area Security and Privacy Day, 10 December 2010. (.pptx slides)

Courses

Tuesday, April 3, 2012 at 01:42