Theory and Practice of Accountable Systems

Overview

This NSF funded project on the Theory and Practice of Accountable Systems (TPAS) investigates computational and social properties of information networks necessary to provide reliable assessments of compliance with rules and policies governing the use of information. In past research, we have demonstrated that achieving basic social policy goals in open information networks will require increased reliance on information accountability through after-the-fact detection of rule violations. This approach stands in contrast to the traditional mechanisms of policy compliance in network environments that rely on security technology to enforce rules by denial of access to resources at risk of abuse. So, access-based systems must be supplemented with accountability-based systems. To ensure that accountable systems can provide a stable, reliable, trustworthy basis on which to ground social policy arrangements in the future, it is necessary: (i) to research practical engineering approaches to designing these systems at scale, (ii) to develop a theory of the operating dynamics of accountable systems in order to establish what types of accountability assessments can be made, when those assertions are reliable, and (iii) to identify what vulnerabilities accountable systems may have to attack, intrusion and manipulation.

Status

Research on the development on accountable systems architecture comprises six primary areas of investigation:

• Testing the expressivity of the AIR policy language against a wide range of real-world legal scenarios, and extending the scalability and robustness of existing infrastructure to support larger and more distributed systems.
  • Develop scenarios to test AIR expressivity and scalability. Scenarios designed and implemented using DHS Fusion centers as use-cases.
  • SPARQL based implementation of Distributed Truth Maintenance System (TMS) system
  • The Propagator project, aimed at enabling distributed reasoning, is developing a programming model built on the idea that the basic computational elements are autonomous machines interconnected by shared cells through which they communicate.
    • A RESTful Messaging System for Asynchronous Distributed Processing
    • Data Provenance in Distributed Propagator Networks
    • Developing a rule interpreter that looks promising as a basis for a high-efficiency extensible distributed engine for the rules that we use in accountability research.
• Providing an intuitive and relatively easy interface for policy authoring of AIR policies
  • First draft of policy authoring tool
  • Second draft of policy authoring tool
• Access control
  • Verify expressivity of AIR for rules-based access control policies. Initial formalization of AIR.
  • Integrate AIR reasoner into Apache server module to provide control over Web resources. Two projects: (i) TAAC project develops access control functionality on top of existing accountability system design using FOAF+SSL for decentralized authentication and AIR for access control (ii) RDF-based access control project develops an Apache module that provides single sign-on via FOAF+SSL while maintaining a fully decentralized architecture in which identities, data storage, and applications can all be independent and managed by different sites
• Developing formal models of the behavior of accountable systems to test various designs and provide insight into their overall capability for supporting information accountability.
• Implementing a testbed to conduct evaluations of the impact of accountable systems in various social and political contexts
  • Develop accountability and policy-aware applications for Facebook and/or open social networks.
    • RespectMyPrivacy project is aimed at supporting information accountability in social networks by allowing users to clearly declare the policies that govern the use of their private data, implementing mechanisms that make people who use this data aware of the policies, and notifying the user of misuse of this data.
    • We have developed a widget library for creating policy-aware Web applications that can both read from and write to the Semantic Web
  • Perform experimental validation, using ethnographic techniques, of accountability.
• Proposing a jurisprudence of information accountability as a guide to policy makers seeking to address public policy needs in new, open information environments
  • Develop public policy models to encourage and take advantage of accountable systems

• Developing a set of basic principle and feartures for Linked Rules by which rules ca be represented and shared over the web so that they may be combined, re-used, and rule-bases should be named with dereference-able URIs.
• Defining a protocal, HTTPA (Accountable Hyper text Transfer Protocal), which requires that the date producer and data consumer come to an agreement before an HTTP transaction takes place.
• Developing a platform (AINTNO) for experimenting with information accountability.

Team

Proposal CNS-0831442 “CT-M: Theory and Practice of Accountable Systems” is funded by NSF and the team is lead by MIT with RPI as a subcontractor.

References

• RPI's TPAS project page
• Henry Story, Bruno Harbulot, Ian Jacobi and Mike Jones, FOAF+SSL: RESTful Authentication for the Social Web, SPOT2009 - Trust and Privacy on the Social and Semantic Web workshop at ESWC 2009, June 2009.
• RDF Policy-based URI Access Control for Content Authoring on the Social Semantic Web, Joe Presbrey, Undergraduate Advanced Project, Spring 2009.
• Framework for Respect My Privacy, MEng Thesis, Ted Kang, Spring 2009
• Weitzner, Abelson, Berners-Lee, Feigenbaum, Hendler, Sussman, Information Accountability (alt link),Communications of the ACM, Jun. 2008, 82-87
  
• Lalana Kagal, Chris Hanson, and Daniel Weitzner, Integrated Policy Explanations via Dependency Tracking, IEEE Policy 2008
• Weitzner, Abelson, Berners-Lee, Hanson, Hendler, Kagal, McGuinness, Sussman, Waterman, Transparent Accountable Data Mining: New Strategies for Privacy Protection,; MIT CSAIL Technical Report MIT-CSAIL-TR-2006-007 [DSpace handle] (27 January 2006).
• AIR examples and online demos
• Policy Aware Web, funded by NSF, a collaboration between MINDSWAP and DIG to work toward creating discretionary, rules-based access for the World Wide Web
• The Art of the Propagator, Alexey Radul and Gerald Jay Sussman, MIT Technical Report, January 2009
• Linked Rules: Principles for Rule Reuse on the Web, Ankesh Khandelwal, Ian Jacobi and Lalana Kagal, Fifth International Conference on Web Reasoning and Rule Systems (RR),August 2011
• Rule-Based Trust Assessment on the Semantic Web, Ian Jacobi, Lalana Kagal and Ankesh Khandelwal, 5th International Symposium on Rules (RuleML 2011), July 2011
  
• GlobalInferencer: Linking Personal Social Content with Data on the Web, Sharon Paradesi and Fuming Shih, ICWSM-11 Workshop on The Future of Social Web, July 2011
• Usage Restriction Management for Accountable Data Transfer on the Web, Oshani Seneviratne and Lalana Kagal, IEEE International Symposium on Policies for Distributed Systems and Networks (IEEE Policy 2011), June 2011
• HTTPa: Accountable HTTP, Oshani Seneviratne and Lalana Kagal, IAB/W3C Internet Privacy Workshop, December 2010
• Saveface: Save George's faces in Social Networks where Contexts Collapse, Fuming Shih and Sharon Paradesi, IAB/W3C Internet Privacy Workshop, December 2010
• Transdisciplinary ITexts and the Future of Web-Scale Collaboration, J. Fernheimer, L. Litterio, and J. Hendler, Journal of Business and Technical Communication, December 2010
• Prototyping Fusion Center Information Sharing; Implementing Policy Reasoning Over Cross-Jurisdictional Data Transactions Occurring in a Decentralized Environment, K. Krasnow Waterman and Samuel Wang, IEEE Conference on Homeland Security Technologies (IEEE HST 2010), November 2010
• Analyzing the AIR Language: A Semantic Web (Production) Rules Language, Ankesh Khandelwal, Jie Bao, Lalana Kagal, Ian Jacobi, Li Ding, and James Hendler, The Fourth International Conference on Web Reasoning and Rule Systems (RR 2010), Septemeber 2010
• Preserving Privacy Based on Semantic Policy Tools, Lalana Kagal and Joe Pato, IEEE Security & Privacy Sp Issue on Privacy Preserving Sharing of Sensitive Information (PPSSI)Vol.8, No. 4 pp 25-30, July/August 2010
• Access Control is an Inadequate Framework for Privacy Protection, Lalana Kagal and Hal Abelson, W3C Privacy Workshop, July 2010
  

---