Enforcing Expressive Accountability Policies

Author

Cherrueau, Ronan-Alexandre ; Sudholt, Mario

Author_Institution

Dept. Inf., Ecole des Mines de Nantes, Nantes, France

fYear

2014

fDate

23-25 June 2014

Firstpage

333

Lastpage

338

Abstract

Accountability policies for the enforcement of the responsible stewardship of personal data have to support the gathering of information at all levels of the service stack and across different policy domains, for instance, for the retrospective enforcement of transparency and remediation properties. Existing approaches to accountability, however, often do not meet these requirements and corresponding implementation support is lacking. In this paper we show how expressive accountability policies can be defined in terms of policy domains, accessible data at all levels of the service stack, and preventive and retrospective mechanisms. Additionally, we present a notion of accountability schemes that support the constructive implementation of our accountability policies. Finally, we motivate and apply our approach in the context of real-world attacks to OAuth-based authorization and authentication protocols.

Keywords

authorisation; OAuth-based authentication protocol; OAuth-based authorization protocol; accountability approach; accountability schemes; expressive accountability policy; information gathering; personal data stewardship; preventive mechanism; remediation property; retrospective mechanism; service stack; transparency property; Authentication; Authorization; Cloud computing; Context; Protocols; Servers; Accountability; Cross-domain and multi-level policies; Oauth; Policy definition and enforcement; Security in social networks;

fLanguage

English

Publisher

ieee

Conference_Titel

WETICE Conference (WETICE), 2014 IEEE 23rd International

Conference_Location

Parma

Type

conf

DOI

10.1109/WETICE.2014.71

Filename

6927078