Theory and Practice of Accountable Systems

Overview

This NSF funded project on the Theory and Practice of Accountable Systems (TPAS) investigates computational and social properties of information networks necessary to provide reliable assessments of compliance with rules and policies governing the use of information. In past research, we have demonstrated that achieving basic social policy goals in open information networks will require increased reliance on information accountability through after-the-fact detection of rule violations. This approach stands in contrast to the traditional mechanisms of policy compliance in network environments that rely on security technology to enforce rules by denial of access to resources at risk of abuse. So, access-based systems must be supplemented with accountability-based systems. To ensure that accountable systems can provide a stable, reliable, trustworthy basis on which to ground social policy arrangements in the future, it is necessary: (i) to research practical engineering approaches to designing these systems at scale, and (ii) to develop a theory of the operating dynamics of accountable systems in order to establish what types of accountability assessments can be made, when those assertions are reliable, and what vulnerabilities accountable systems may have to attack, intrusion and manipulation.

Status

Research on the development on accountable systems architecture comprises six primary areas of investigation:

Testing the expressivity of the AIR policy language against a wide range of real-world legal scenarios, and extending the scalability and robustness of existing infrastructure to support larger and more distributed systems.
- Develop scenarios to test AIR expressivity and scalability
- SPARQL based implementation of Distributed Truth Maintenance System (TMS) system
- The Propagator project, aimed at enabling distributed reasoning, is developing a programming model built on the idea that the basic computational elements are autonomous machines interconnected by shared cells through which they communicate.
Providing an intuitive and relatively easy interface for policy authoring of AIR policies
- First draft of policy authoring tool
Access control
- Verify expressivity of AIR for rules-based access control policies. Initial formalization of AIR.
- Integrate AIR reasoner into Apache server module to provide control over Web resources. Two projects: (i) TAAC project develops access control functionality on top of existing accountability system design using FOAF+SSL for decentralized authentication and AIR for access control (ii) RDF-based access control project develops an Apache module that provides single sign-on via FOAF+SSL while maintaining a fully decentralized architecture in which identities, data storage, and applications can all be independent and managed by different sites
Developing formal models of the behavior of accountable systems to test various designs and provide insight into their overall capability for supporting information accountability.
Implementing a testbed to conduct evaluations of the impact of accountable systems in various social and political contexts
- Develop accountability and policy-aware applications for Facebook and/or open social networks. RespectMyPrivacy project is aimed at supporting information accountability in social networks by allowing users to clearly declare the policies that govern the use of their private data, implementing mechanisms that make people who use this data aware of the policies, and notifying the user of misuse of this data.
- Perform experimental validation, using ethnographic techniques, of accountability.
Proposing a jurisprudence of information accountability as a guide to policy makers seeking to address public policy needs in new, open information environments
- Develop public policy models to encourage and take advantage of accountable systems

Team

Proposal CNS-0831442 “CT-M: Theory and Practice of Accountable Systems” is funded by NSF and the team is lead by MIT with RPI as a subcontractor.

References

Henry Story, Bruno Harbulot, Ian Jacobi and Mike Jones, FOAF+SSL: RESTful Authentication for the Social Web, SPOT2009 - Trust and Privacy on the Social and Semantic Web workshop at ESWC 2009, June 2009.
RDF Policy-based URI Access Control for Content Authoring on the Social Semantic Web, Joe Presbrey, Undergraduate Advanced Project, Spring 2009.
Framework for Respect My Privacy, MEng Thesis, Ted Kang, Spring 2009
Weitzner, Abelson, Berners-Lee, Feigenbaum, Hendler, Sussman, Information Accountability (alt link),Communications of the ACM, Jun. 2008, 82-87
Lalana Kagal, Chris Hanson, and Daniel Weitzner, Integrated Policy Explanations via Dependency Tracking, IEEE Policy 2008
Weitzner, Abelson, Berners-Lee, Hanson, Hendler, Kagal, McGuinness, Sussman, Waterman, Transparent Accountable Data Mining: New Strategies for Privacy Protection,; MIT CSAIL Technical Report MIT-CSAIL-TR-2006-007 [DSpace handle] (27 January 2006).
AIR examples and online demos
Policy Aware Web, funded by NSF, a collaboration between MINDSWAP and DIG to work toward creating discretionary, rules-based access for the World Wide Web
The Art of the Propagator, Alexey Radul and Gerald Jay Sussman, MIT Technical Report, January 2009

maintained by Lalana Kagal
$Revision: 26757 $
$Date: 2009-07-19 17:55:47 -0400 (Sun, 19 Jul 2009) $