Trust but verify

Aydan R. Yumerefendi, Jeffrey S. Chase
2004 Proceedings of the 11th workshop on ACM SIGOPS European workshop: beyond the PC - EW11  
This paper promotes accountability as a central design goal for dependable networked systems. We define three properties for accountable systems that extend beyond the basic security properties of authentication, privacy, and integrity. These accountability properties reduce the vulnerability of network services to subversion, tampering, corruption, and abuse. For example, actions taken in accountable systems and their clients are provable or even legally binding, to support contractual
more » ... ships in federated systems. We propose a framework for accountable network services, and explore its applicability and limitations. The foundation of our approach is to preserve digitally signed records of actions and/or internal state snapshots of each service, and use them to detect tampering, verify the consistency of actions and behavior, and prove responsibility for unexpected states or actions. We outline the key challenges in generalizing the principles and methodology of accountable design for practical use.
doi:10.1145/1133572.1133585 dblp:conf/sigopsE/YumerefendiC04 fatcat:5m5lfyslwndrro4ja2cjoajdsq