The Abstract Accountability Language: its Syntax, Semantics and Tools

Accountability is the driving principle for several of regulatory frameworks such as the European Union's General Data Protection Regulation (EU GDPR), the Health Insurance Portability and Accountability Act (HIPAA) and the Corporate and Auditing Accountability and Responsibility Act, thus influencing how organizations run their business processes. It is a central concept for enabling trust and assurance in cloud computing and future internet-based services that may emerge. Nevertheless, accountability can have different interpretations according to the level abstraction. This leads to uncertainty concerning handling and responsibility for data in computer systems with outsourcing supply-chains, as in cloud computing. When defining policies to govern organizations, we need tools to model accountability in rich contexts, including concepts like multiple agents, obligations, remediation actions and temporal aspects. The Abstract Accountability Language (AAL) is built on logical foundations allowing to describe real-world scenarios involving accountability concerns. Its semantic principles provide us means to answer whether the conditions to reach accountability in a given context are met. Moreover, we created a tool support to verify and monitor accountability policies

Abstract Accountability Language

Part 3: Short PapersInternational audienceAccountability becomes a necessary principle for future computer systems. This is specially critical for the cloud and Web applications that collect personal and sensitive data from end users. Accountability regards the responsibility and liability for the data handling performed by a computer system on behalf of an organization. In case of misconduct (e.g. security breaches, personal data leaks, etc.), accountability should imply remediation and redress actions. Contrary to data privacy and access control, which is already supported by several concrete languages, there is currently no language supporting accountability clauses representation. In this work, we provide an abstract language for accountability clauses representation with temporal logic semantics

Abstract Accountability Language: Translation, Compliance and Application

International audienceWith the rise of the services-based economy andthe democratization of on-line services, more and more users(individual and/or business) use on-line applications in their dailylives. Usually personal data transits between different actorsinvolved in a service’s delivery chain (e.g. application/storageservice providers) and thus might raise some privacy issues.Accountability, which is the property of an entity of beingresponsible for its acts, can help mitigate data privacy anddata disclosures issues in such applications. In this paper, wepropose a translational semantics for our accountability languageand we present some expected properties. We introduce anatural criterion to achieve the accountability compliance oftwo clauses and few heuristics to speed up the resolution time.We demonstrate the feasibility of our verification process with arealistic health care use case and the TSPASS theorem prover

The Abstract Accountability Language: its Syntax, Semantics and Tools

Accountability is the driving principle for several of regulatory frameworks such as the European Union's General Data Protection Regulation (EU GDPR), the Health Insurance Portability and Accountability Act (HIPAA) and the Corporate and Auditing Accountability and Responsibility Act, thus influencing how organizations run their business processes. It is a central concept for enabling trust and assurance in cloud computing and future internet-based services that may emerge. Nevertheless, accountability can have different interpretations according to the level abstraction. This leads to uncertainty concerning handling and responsibility for data in computer systems with outsourcing supply-chains, as in cloud computing. When defining policies to govern organizations, we need tools to model accountability in rich contexts, including concepts like multiple agents, obligations, remediation actions and temporal aspects. The Abstract Accountability Language (AAL) is built on logical foundations allowing to describe real-world scenarios involving accountability concerns. Its semantic principles provide us means to answer whether the conditions to reach accountability in a given context are met. Moreover, we created a tool support to verify and monitor accountability policies

The Abstract Accountability Language: its Syntax, Semantics and Tools

Accountability is the driving principle for several of regulatory frameworks such as the European Union's General Data Protection Regulation (EU GDPR), the Health Insurance Portability and Accountability Act (HIPAA) and the Corporate and Auditing Accountability and Responsibility Act, thus influencing how organizations run their business processes. It is a central concept for enabling trust and assurance in cloud computing and future internet-based services that may emerge. Nevertheless, accountability can have different interpretations according to the level abstraction. This leads to uncertainty concerning handling and responsibility for data in computer systems with outsourcing supply-chains, as in cloud computing. When defining policies to govern organizations, we need tools to model accountability in rich contexts, including concepts like multiple agents, obligations, remediation actions and temporal aspects. The Abstract Accountability Language (AAL) is built on logical foundations allowing to describe real-world scenarios involving accountability concerns. Its semantic principles provide us means to answer whether the conditions to reach accountability in a given context are met. Moreover, we created a tool support to verify and monitor accountability policies

Towards the Specification of Natural Language Accountability Policies with AccLab: The Laptop Policy Use Case

International audienceAccountability means to obey a contract and to ensure responsibilities in case of violations. In previous work we defined the Abstract Accountability Language (AAL) and its AccLab tool support. In order to evaluate the suitability of our language and tool we experiment with the laptop user agreement, one of the policies of the Hope University in Liverpool

Accountability for Abstract Component Design

International audienceThe importance of the services-based market, 62.9% of the World gross domestic product (GDP), triggered an increase in the use of software offered on-line as services (SaaS). The use of such software usually implies the flow of personal data on-line between several parties. This can make users reluctant to their use. In this work, we consider this issue at the design-time of the software and we propose some foundations for an accountable software design. Accountability for a software is a property describing, among other aspects, its liability to end-users for the usage of the data it has been entrusted. We propose to enrich software's component design by accountability obligations using an abstract accountability language (AAL). We also define conditions for the well-formedness of an accountable component design and show how they can be checked using a model-checking tool