Towards a Unified Model of Accountability Infrastructures

TL;DR

This paper proposes a comprehensive formal model of accountability infrastructures in computer systems, unifying safety, security, and privacy explanations using causality models to enhance reasoning and applicability.

Contribution

It introduces a unified, formal framework for accountability that captures multiple domains and demonstrates its application to real-world scenarios.

Findings

The model effectively captures accountability across safety, security, and privacy.

It provides a formal reasoning framework based on causality.

The model can be instantiated for various real-world use cases.

Abstract

Accountability aims to provide explanations for why unwanted situations occurred, thus providing means to assign responsibility and liability. As such, accountability has slightly different meanings across the sciences. In computer science, our focus is on providing explanations for technical systems, in particular if they interact with their physical environment using sensors and actuators and may do serious harm. Accountability is relevant when considering safety, security and privacy properties and we realize that all these incarnations are facets of the same core idea. Hence, in this paper we motivate and propose a model for accountability infrastructures that is expressive enough to capture all of these domains. At its core, this model leverages formal causality models from the literature in order to provide a solid reasoning framework. We show how this model can be instantiated for several real-world use cases.