Skip to main content
Springer Nature Link
Log in

How Accountability is Implemented and Understood in Research Tools

A Systematic Mapping Study

  • Conference paper
  • First Online:
Product-Focused Software Process Improvement (PROFES 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10611))

  • 3942 Accesses

Abstract

[Context/Background]: With the increasing use of cyber-physical systems in complex socio-technical setups, mechanisms that hold specific entities accountable for safety and security incidents are needed. Although there exist models that try to capture and formalize accountability concepts, many of these lack practical implementations. We hence know little about how accountability mechanisms work in practice and how specific entities could be held responsible for incidents. [Goal]: As a step towards the practical implementation of providing accountability, this systematic mapping study investigates existing implementations of accountability concepts with the goal to (1) identify a common definition of accountability and (2) identify the general trend of practical research. [Method]: To survey the literature for existing implementations, we conducted a systematic mapping study. [Results]: We thus contribute by providing a systematic overview of current accountability realizations and requirements for future accountability approaches. [Conclusions]: We find that existing practical accountability research lacks a common definition of accountability in the first place. The research field seems rather scattered with no generally accepted architecture and/or set of requirements. While most accountability implementations focus on privacy and security, no safety-related approaches seem to exist. Furthermore, we did not find excessive references to relevant and related concepts such as reasoning, log analysis and causality.

P. Kumari was formerly at TU Munich, Munich, Germany.

The original version of this chapter was revised. Modifications have made to Table 3. For detailed information please see Erratum. The erratum to this publication is available online at https://doi.org/10.1007/978-3-319-69926-4_56

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The Oxford dictionary defines accountability as “The fact or condition of being accountable; responsibility”. For a more detailed discussion see [19].

References

  1. ACM digital library (2017). http://dl.acm.org/. Accessed 07 June 2017

  2. IEEE Xplore (2017). http://ieeexplore.ieee.org. Accessed 07 June 2017

  3. Scopus (2017). http://www.scopus.com. Accessed 07 June 2017

  4. Springer (2017). http://link.springer.com. Accessed 07 June 2017

  5. Zotero (2017). http://www.zotero.org. Accessed 07 June 2017

  6. Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., Shenker, S.: Accountable internet protocol (AIP). ACM Comput. Commun. Rev. 38, 339–350 (2008). ACM

    Article  Google Scholar 

  7. Bhargav-Spantzel, A., Camenisch, J., Gross, T., Sommer, D.: User centricity: a taxonomy and open issues. J. Comput. Secur. 15(5), 493–527 (2007)

    Article  Google Scholar 

  8. Brzuska, C., Pöhls, H.C., Samelin, K.: Non-interactive public accountability for sanitizable signatures. In: De Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 178–193. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40012-4_12

    Chapter  MATH  Google Scholar 

  9. Chen, H., Tu, S., Zhao, C., Huang, Y.: Provenance cloud security auditing system based on log analysis. In: 2016 IEEE International Conference of Online Analysis and Computing Science (ICOACS), pp. 155–159 (2016). https://doi.org/10.1109/ICOACS.2016.7563069

  10. Coileáin, D.O., O’mahony, D.: Accounting and accountability in content distribution architectures: a survey. ACM Comput. Surv. 47(4), 59:1–59:35 (2015). http://doi.acm.org/10.1145/2723701

  11. Datta, A., Kar, S., Sinopoli, B., Weerakkody, S.: Accountability in cyber-physical systems. In: 2016 Science of Security for Cyber-Physical Systems Workshop (SOSCYPS), pp. 1–3 (2016). https://doi.org/10.1109/SOSCYPS.2016.7579998

  12. Feigenbaum, J., Jaggard, A.D., Wright, R.N.: Towards a formal model of accountability. In: Workshop on New Security Paradigms Workshop, pp. 45–56. ACM (2011)

    Google Scholar 

  13. Grunwel, D., Sahama, T.: Delegation of access in an information accountability framework for ehealth. In: Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2016, NY, USA, pp. 59:1–59:8. ACM, New York (2016). https://doi.org/10.1145/2843043.2843383

  14. Grunwell, D., Batista, P., Campos, S., Sahama, T.: Managing and sharing health data through information accountability protocols. In: 2015 17th International Conference on E-health Networking, Application Services (HealthCom), pp. 200–204 (2015). https://doi.org/10.1109/HealthCom.2015.7454498

  15. Jain, J.R., Asaduzzaman, A.: A novel data logging framework to enhance security of cloud computing. In: SoutheastCon 2016, pp. 1–6 (2016). https://doi.org/10.1109/SECON.2016.7506764

  16. Kacianka, S., Beckers, K., Kelbert, F., Kumari, P.: Dataset: How Accountability is Understood and Realized (2017). https://doi.org/10.5281/zenodo.807129

  17. Kelbert, F., Pretschner, A.: A fully decentralized data usage control enforcement infrastructure. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 409–430. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28166-7_20

    Chapter  Google Scholar 

  18. Ko, R.K., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., Lee, B.S.: Trustcloud: a framework for accountability and trust in cloud computing. In: IEEE World Congress on Services, pp. 584–588. IEEE (2011)

    Google Scholar 

  19. Papanikolaou, N., Pearson, S.: A cross-disciplinary review of the concept of accountability. In: Proceedings of the International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (2011)

    Google Scholar 

  20. Pearson, S.: Toward accountability in the cloud. IEEE Internet Comput. 15(4), 64 (2011)

    Article  Google Scholar 

  21. Petersen, K., Feldt, R., Mujtaba, S., Mattsson, M.: Systematic mapping studies in software engineering. In: 12th International Conference on Evaluation and Assessment in Software Engineering, vol. 17 (2008)

    Google Scholar 

  22. Petticrew, M., Roberts, H.: Systematic Review in the Social Sciences: A Practical Guide. Blackwell Publishing, Oxford (2006)

    Google Scholar 

  23. Povey, D.: Optimistic security: a new access control paradigm. In: Proceedings of the 1999 Workshop on New Security Paradigms, pp. 40–45. ACM (2000)

    Google Scholar 

  24. Rooney, J.J., Heuvel, L.N.V.: Root cause analysis for beginners. Qual. Prog. 37(7), 45–56 (2004)

    Google Scholar 

  25. Salleh, N., Mendes, E., Grundy, J.: Empirical studies of pair programming for CS/SE teaching in higher education: a systematic literature review. IEEE Trans. Softw. Eng. 37(4), 509–525 (2011)

    Article  Google Scholar 

  26. Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008)

    Article  Google Scholar 

  27. Wickramage, C., Sahama, T., Fidge, C.: Anatomy of log files: implications for information accountability measures. In: Healthcom, pp. 1–6 (2016). https://doi.org/10.1109/HealthCom.2016.7749426

  28. Wieringa, R., Maiden, N., Mead, N., Rolland, C.: Requirements engineering paper classification and evaluation criteria: a proposal and a discussion. Requir. Eng. 11(1), 102–107 (2005)

    Article  Google Scholar 

  29. Xiao, Y.: Flow-net methodology for accountability in wireless networks. IEEE Netw. 23(5), 30–37 (2009)

    Article  Google Scholar 

  30. Xiao, Z., Kathiresshan, N., Xiao, Y.: A survey of accountability in computer networks and distributed systems. Secur. Commun. Netw. 9(4), 290–315 (2012)

    Article  Google Scholar 

Study Papers

  1. Ahmed, M., Ahamad, M.: Combating abuse of health data in the age of eHealth exchange. In: IEEE International Conference on Healthcare Informatics, pp. 109–118 (2014)

    Google Scholar 

  2. Alexiou, N., Laganà, M., Gisdakis, S., Khodaei, M., Papadimitratos, P.: VeSPA: Vehicular Security and Privacy-preserving Architecture. In: 2nd ACM Workshop on Hot Topics on Wireless Network Security and Privacy, pp. 19–24. ACM (2013)

    Google Scholar 

  3. Ali, M., Moreau, L.: A provenance-aware policy language (cProvl) and a data traceability model (cProv) for the cloud. In: Third International Conference on Cloud and Green Computing, pp. 479–486 (2013)

    Google Scholar 

  4. Ali, S., Sivaraman, V., Ostry, D., Tsudik, G., Jha, S.: Securing first-hop data provenance for bodyworn devices using wireless link fingerprints. IEEE Trans. Inf. Forensics Secur. 9(12), 2193–2204 (2014)

    Article  Google Scholar 

  5. Ali, S.T., Sivaraman, V., Ostry, D., Jha, S.: Securing data provenance in body area networks using lightweight wireless link fingerprints. In: Proceedings of 3rd International Workshop on Trustworthy Embedded Devices, pp. 65–72. ACM (2013)

    Google Scholar 

  6. Asokan, N., Dmitrienko, A., Nagy, M., Reshetova, E., Sadeghi, A.-R., Schneider, T., Stelle, S.: CrowdShare: secure mobile resource sharing. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 432–440. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_27

    Chapter  Google Scholar 

  7. Brzuska, C., Pöhls, H.C., Samelin, K.: Efficient and perfectly unlinkable sanitizable signatures without group signatures. In: Katsikas, S., Agudo, I. (eds.) EuroPKI 2013. LNCS, vol. 8341, pp. 12–30. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-53997-8_2

    Chapter  MATH  Google Scholar 

  8. Cherrueau, R.A., Sudholt, M.: Enforcing expressive accountability policies. In: IEEE 23rd International WETICE Conference, pp. 333–338 (2014)

    Google Scholar 

  9. Choi, C., Dong, Y., Zhang, Z.-L.: LIPS: Lightweight Internet Permit System for stopping unwanted packets. In: Boutaba, R., Almeroth, K., Puigjaner, R., Shen, S., Black, J.P. (eds.) NETWORKING 2005. LNCS, vol. 3462, pp. 178–190. Springer, Heidelberg (2005). https://doi.org/10.1007/11422778_15

    Chapter  Google Scholar 

  10. Clifton, D., Fernandez, E.: A microprocessor design for multilevel security. In: Fourth Aerospace Computer Security Applications Conference, pp. 194–198 (1988)

    Google Scholar 

  11. Dailianas, A., Yemini, Y., Florissi, D., Huang, H.: MarketNet: market-based protection of network systems and services-an application to SNMP protection. In: Proceedings 19th Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3 (2000)

    Google Scholar 

  12. De Oliveira, A., Sendor, J., Garaga, A., Jenatton, K.: Monitoring personal data transfers in the cloud. In: IEEE 5th International Confernce on Cloud Computing Technology and Science, vol. 1, pp. 347–354 (2013)

    Google Scholar 

  13. Fahl, S., Dechand, S., Perl, H., Fischer, F., Smrcek, J., Smith, M.: Hey, NSA: stay away from my market! Future proofing app. Markets against powerful attackers. In: Proceedings of 2014 ACM Conference on Computer and Communications Security, pp. 1143–1155. ACM (2014)

    Google Scholar 

  14. Flegel, U.: Pseudonymizing unix log files. In: Davida, G., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 162–179. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45831-X_12

    Chapter  Google Scholar 

  15. Fugkeaw, S., Manpanpanich, P., Juntapremjitt, S.: AmTRUE: authentication management and trusted role-based authorization in multi-application and multi-user environment. In: The International Conference on Emerging Security Information, Systems, and Technologies, pp. 216–221 (2007)

    Google Scholar 

  16. Fugkeaw, S., Manpanpanich, P., Juntapremjitt, S.: A-COLD: access control of web OLAP over multi-data warehouse. In: International Conference on Availability, Reliability and Security, pp. 469–474 (2009)

    Google Scholar 

  17. Haidar, A., Zasada, S., Coveney, P., Abdallah, A., Beckles, B.: Audited credential delegation - a user-centric identity management solution for computational grid environments. In: Sixth International Confernce on Information Assurance and Security, pp. 222–227 (2010)

    Google Scholar 

  18. Jedrzejczyk, L., Price, B.A., Bandara, A.K., Nuseibeh, B.: On the impact of real-time feedback on users’ behaviour in mobile location-sharing applications. In: Proceedings of Sixth Symposium on Usable Privacy and Security, pp. 14:1–14:12. ACM (2010)

    Google Scholar 

  19. Kang, Y., Schiffman, A., Shrager, J.: RAPPD: a language and prototype for recipient-accountable private personal data. In: IEEE Security and Privacy Workshops, pp. 49–56 (2014)

    Google Scholar 

  20. Khalasi, G., Chaudhari, M.: TrustGK monitor: ‘Customer Trust As a Service’ for the cloud. In: Proceedings of CUBE International Information Technology Conference, pp. 537–543. ACM (2012)

    Google Scholar 

  21. Ko, R., Jagadpramana, P., Lee, B.S.: Flogger: a file-centric logger for monitoring file access and transfers within cloud computing environments. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 765–771 (2011)

    Google Scholar 

  22. Ko, R., Will, M.: Progger: an efficient, tamper-evident kernel-space logger for cloud data provenance tracking. In: IEEE 7th International Conference on Cloud Computing, pp. 881–889 (2014)

    Google Scholar 

  23. Kuacharoen, P.: Design and implementation of a secure online lottery system. In: Papasratorn, B., Charoenkitkarn, N., Lavangnananda, K., Chutimaskul, W., Vanijja, V. (eds.) IAIT 2012. CCIS, vol. 344, pp. 94–105. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35076-4_9

    Chapter  Google Scholar 

  24. Langheinrich, M.: A privacy awareness system for ubiquitous computing environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, pp. 237–245. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45809-3_19

    Chapter  MATH  Google Scholar 

  25. Lee, W., Squicciarini, A., Bertino, E.: The design and evaluation of accountable grid computing system. In: 29th IEEE International Conference on Distributed Computing Systems, pp. 145–154 (2009)

    Google Scholar 

  26. Lin, K.J., Chang, S.: A service accountability framework for QoS service management and engineering. Inf. Syst. e-Business Manag. 7(4), 429–446 (2009)

    Article  MathSciNet  Google Scholar 

  27. Masmoudi, F., Loulou, M., Kacem, A.: Multi-tenant services monitoring for accountability in cloud computing. In: IEEE 6th International Conference on Cloud Computing Technology and Science, pp. 620–625 (2014)

    Google Scholar 

  28. Michalas, A., Komninos, N.: The lord of the sense: a privacy preserving reputation system for participatory sensing applications. In: IEEE Symposium on Computers and Communication, pp. 1–6 (2014)

    Google Scholar 

  29. Mivule, K., Otunba, S., Tripathy, T.: Implementation of data privacy and security in an online student health records system. Technical report, Department of Computer Science, Bowie State University (2014)

    Google Scholar 

  30. Mortimer, D., Cook, N.: Supporting accountable business to business document exchange in the cloud. In: IEEE International Conference on Service-Oriented Computing and Applications, pp. 1–8 (2010)

    Google Scholar 

  31. Naessens, V., De Decker, B., Demuynck, L.: Accountable anonymous E-mail. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 3–18. Springer, Boston (2005). https://doi.org/10.1007/0-387-25660-1_1

    Chapter  Google Scholar 

  32. Pato, J., Paradesi, S., Jacobi, I., Shih, F., Wang, S.: Aintno: demonstration of information accountability on the web. In: IEEE 3rd International Conference on Privacy, Security, Risk and Trust and 2011 IEEE 3rd International Conference on Social Computing, pp. 1072–1080 (2011)

    Google Scholar 

  33. Pearce, C., Bertok, P., Van Schyndel, R.: Protecting consumer data in composite web services. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 19–34. Springer, Boston (2005). https://doi.org/10.1007/0-387-25660-1_2

    Chapter  Google Scholar 

  34. Pearson, S., Rao, P., Sander, T., Parry, A., Paull, A., Patruni, S., Dandamudi-Ratnakar, V., Sharma, P.: Scalable, accountable privacy management for large organizations. In: 13th Enterprise Distributed Object Computing Conference Workshops, pp. 168–175 (2009)

    Google Scholar 

  35. Popa, R.A., Blumberg, A.J., Balakrishnan, H., Li, F.H.: Privacy and accountability for location-based aggregate statistics. In: Proceedings of 18th ACM Conference on Computer and Communications Security, pp. 653–666. ACM (2011)

    Google Scholar 

  36. Rubin, A.: Trusted distribution of software over the internet. In: Proceedings of Symposium on Network and Distributed System Security, pp. 47–53 (1995)

    Google Scholar 

  37. Ruth, P., Xu, D., Bhargava, B., Regnier, F.: E-notebook middleware for accountability and reputation based trust in distributed data sharing communities. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 161–175. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24747-0_13

    Chapter  MATH  Google Scholar 

  38. Sriram, V., Narayan, G., Gopinath, K.: SAFIUS - a secure and accountable filesystem over untrusted storage. In: Fourth International IEEE Security in Storage Workshop, pp. 34–45 (2007)

    Google Scholar 

  39. Such, J.M., Espinosa, A., Garcia-Fornes, A.: An agent infrastructure for privacy-enhancing agent-based E-commerce applications. In: Dechesne, F., Hattori, H., ter Mors, A., Such, J.M., Weyns, D., Dignum, F. (eds.) AAMAS 2011. LNCS, vol. 7068, pp. 411–425. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27216-5_31

    Chapter  Google Scholar 

  40. Such, J.M., García-Fornes, A., Espinosa, A., Bellver, J.: Magentix2: a privacy-enhancing agent platform. Eng. Appl. Artif. Intell. 26(1), 96–109 (2013)

    Article  Google Scholar 

  41. Suen, C.H., Ko, R., Tan, Y.S., Jagadpramana, P., Lee, B.S.: S2Logger: end-to-end data tracking mechanism for cloud data provenance. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 594–602 (2013)

    Google Scholar 

  42. Wang, K., Malozemoff, A., Jia, N., Han, C., Maheswaran, M.: A social accountability framework for computer networks. In: IEEE Global Telecommunications Conference, pp. 1–6 (2010)

    Google Scholar 

  43. Xiao, Y., Meng, K., Takahashi, D.: Implementation and evaluation of accountability using flow-net in wireless networks. In: Military Communications Conference, pp. 7–12 (2010)

    Google Scholar 

  44. Xu, G., Aguilera, L., Guan, Y.: Accountable anonymity: a proxy re-encryption based anonymous communication system. In: IEEE 18th International Conference on Parallel and Distributed Systems, pp. 109–116 (2012)

    Google Scholar 

  45. Zhou, W., Sherr, M., Tao, T., Li, X., Loo, B.T., Mao, Y.: Efficient querying and maintenance of network provenance at internet-scale. In: Proceedings of 2010 ACM SIGMOD International Conference on Management of Data, pp. 615–626. ACM (2010)

    Google Scholar 

Download references

Acknowledgments

This work was funded in part by the Munich Center for Internet Research and the TUM Living Lab Connected Mobility (TUM LLCM) project which has been funded by the Bavarian Ministry of Economic Affairs and Media, Energy and Technology (StMWi) through the Center Digitisation. Bavaria, an initiative of the Bavarian State Government.

Author information

Authors and Affiliations

  1. Technical University of Munich, Munich, Germany

    Severin Kacianka

  2. Siemens, Munich, Germany

    Kristian Beckers

  3. Imperial College London, London, England

    Florian Kelbert

  4. Munich, Germany

    Prachi Kumari

Authors
  1. Severin Kacianka
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kristian Beckers
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Florian Kelbert
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Prachi Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Severin Kacianka .

Editor information

Editors and Affiliations

  1. University of Innsbruck, Innsbruck, Austria

    Michael Felderer

  2. Technical University Munich, Garching, Germany

    Daniel Méndez Fernández

  3. Brunel University London, Uxbridge, United Kingdom

    Burak Turhan

  4. Pontifical Catholic University of Rio de, Rio de Janeiro, Brazil

    Marcos Kalinowski

  5. University College London, London, United Kingdom

    Federica Sarro

  6. Vienna University of Technology, Vienna, Austria

    Dietmar Winkler

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Kacianka, S., Beckers, K., Kelbert, F., Kumari, P. (2017). How Accountability is Implemented and Understood in Research Tools. In: Felderer, M., Méndez Fernández, D., Turhan, B., Kalinowski, M., Sarro, F., Winkler, D. (eds) Product-Focused Software Process Improvement. PROFES 2017. Lecture Notes in Computer Science(), vol 10611. Springer, Cham. https://doi.org/10.1007/978-3-319-69926-4_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69926-4_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69925-7

  • Online ISBN: 978-3-319-69926-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics