Title :
Enforcing Expressive Accountability Policies
Author :
Cherrueau, Ronan-Alexandre ; Sudholt, Mario
Author_Institution :
Dept. Inf., Ecole des Mines de Nantes, Nantes, France
Abstract :
Accountability policies for the enforcement of the responsible stewardship of personal data have to support the gathering of information at all levels of the service stack and across different policy domains, for instance, for the retrospective enforcement of transparency and remediation properties. Existing approaches to accountability, however, often do not meet these requirements and corresponding implementation support is lacking. In this paper we show how expressive accountability policies can be defined in terms of policy domains, accessible data at all levels of the service stack, and preventive and retrospective mechanisms. Additionally, we present a notion of accountability schemes that support the constructive implementation of our accountability policies. Finally, we motivate and apply our approach in the context of real-world attacks to OAuth-based authorization and authentication protocols.
Keywords :
authorisation; OAuth-based authentication protocol; OAuth-based authorization protocol; accountability approach; accountability schemes; expressive accountability policy; information gathering; personal data stewardship; preventive mechanism; remediation property; retrospective mechanism; service stack; transparency property; Authentication; Authorization; Cloud computing; Context; Protocols; Servers; Accountability; Cross-domain and multi-level policies; Oauth; Policy definition and enforcement; Security in social networks;
Conference_Titel :
WETICE Conference (WETICE), 2014 IEEE 23rd International
Conference_Location :
Parma
DOI :
10.1109/WETICE.2014.71
