A Logic for Auditing Accountability in Decentralized Systems

Corin, Ricardo; Etalle, Sandro; Hartog, J.I. den; Lenzini, Gabriele; Staicu, I.

doi:10.1007/0-387-24098-5_14

Cited by 33 publications

(22 citation statements)

References 10 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Other work applies formal methods (including predicate logics [16,10], process calculi and game theory [28]) to model, specify, and enforce auditing and accountability requirements in distributed systems. In that work, audit logs serve as evidence of resource access rights, an idea also explored in Aura [39] and the APPLE system [22].…”

Section: Related Workmentioning

confidence: 99%

Correct Audit Logging: Theory and Practice

Amir-Mohammadian

Chong

Skalka

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Retrospective security has become increasingly important to the theory and practice of cyber security, with auditing a crucial component of it. However, in systems where auditing is used, programs are typically instrumented to generate audit logs using manual, ad-hoc strategies. This is a potential source of error even if log analysis techniques are formal, since the relation of the log itself to program execution is unclear. This paper focuses on provably correct program rewriting algorithms for instrumenting formal logging specifications. Correctness guarantees that the execution of an instrumented program produces sound and complete audit logs, properties defined by an information containment relation between logs and the program's logging semantics. We also propose a program rewriting approach to instrumentation for audit log generation, in a manner that guarantees correct log generation even for untrusted programs. As a case study, we develop such a tool for OpenMRS, a popular medical records management system, and consider instrumentation of break the glass policies.

show abstract

Section: Related Workmentioning

confidence: 99%

Correct Audit Logging: Theory and Practice

Amir-Mohammadian

Chong

Skalka

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…But it has limitation that data processed on SP is in unencrypted at the point of processing so there is a risk of data leakage. In [4], the author gives a language which permits to serve data with policies by agent; agent should prove their action and authorization to use particular data. In this logic data owner attach Policies with data, which contain a description of which actions are allowed with which data, but there is the problem of Continuous auditing of agent, but they provide solution that incorrect behavior.…”

Section: Literature Surveymentioning

confidence: 99%

Distributed Accountability for Data Sharing in Cloud

Suryawanshi¹,

Bagade²

2012

IJCA

View full text Add to dashboard Cite

show abstract

“…These definitions allow an authority to audit agents, to establish whether the agent was allowed to do the actions he did. In previous work [6], we defined several notions of agent and data accountability, but without checking for obligations nor conditions. We did not have logs of agents either.…”

Section: Accountabilitymentioning

confidence: 99%

“…It is our belief that in many emerging scenarios active policy enforcement is infeasible. This paper builds on the preliminary work reported in [6]. In particular, we provide several extensions, the most notable of which are:…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Audit Logic for Accountability

Cederquist

Conn

Dekker

et al.

Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05)

Self Cite

View full text Add to dashboard Cite

We describe a policy language and implement its associated proof checking system. In our system, agents can distribute data along with usage policies in a decentralized architecture. Our language supports the specification of conditions and obligations, and also the possibility to refine policies. In our framework, the compliance with usage policies is not actively enforced. However, agents are accountable for their actions, and may be audited by an authority requiring justifications.

show abstract

A Logic for Auditing Accountability in Decentralized Systems

Cited by 33 publications

References 10 publications

Correct Audit Logging: Theory and Practice

Correct Audit Logging: Theory and Practice

Distributed Accountability for Data Sharing in Cloud

An Audit Logic for Accountability

Contact Info

Product

Resources

About