By Joan Feigenbaum, Yale University, USA, joan.feigenbaum@yale.edu | Aaron D. Jaggard, U.S. Naval Research Laboratory, USA, aaron.jaggard@nrl.navy.mil | Rebecca N. Wright, Barnard College, USA, rwright@barnard.edu
Accountability is a widely studied but amorphous concept, used to mean different things across different disciplines and domains of application. Here, we survey work on accountability in computer science and other disciplines. We motivate our survey with a study of the myriad ways in which the term “accountability” has been used across disciplines and the concepts that play key roles in defining it. This leads us to identify a temporal spectrum onto which we may place different notions of accountability to facilitate their comparison. We then survey accountability mechanisms for different application domains in computer science and place them on our spectrum. Building on this broader survey, we review frameworks and languages for studying accountability in computer science. Finally, we offer conclusions, open questions, and future directions.
Modern day security technologies, such as passwords, authentication protocols, firewalls, and access-control Mechanisms, are preventive in nature. That is, they stop unauthorized parties before they are able to access data, information and services or violate system policies. However, the dramatically increased scale and complexity of Internet commerce, social networking, remote work, distance learning, and myriad other forms of social, economic, and intellectual engagement online with both strangers and friends has increased the awareness that these preventive mechanisms are inadequate in certain circumstances. The result is a growing interest in accountability mechanisms to complement preventive measures.
In this survey of the concept of accountability in information systems, the authors focus on systems in which policy violations are punished; that is, the actors are held accountable for their actions. As there is no accepted definition of the precise meaning of accountability in terms of such systems, the authors provide the reader with a broad overview of the concept. In doing so, they introduce the topic and place it in context of the social and systematic factors which help to define the term. They proceed to discuss in depth the mechanisms and domains across numerous disciplines before describing the available tools and proofs for implementing accountability in systems. Finally, they summarize the ideas, key published papers and ideas for future work.
This monograph provides the reader with a thorough overview of the concept of accountability in modern day computing systems. In enables the reader to quickly understand the concept and the progress that has been to date in implementing the tools for the next generation of online security systems.