TP3.1: Accountablity

Subproject manager
Prof. Dr. Alexander Pretschner
Amjad Ibrahim
Ehsan Zibaei


Modern socio-technical systems are increasingly complex, e.g. connected mobility systems. Especially when designed as platforms or ecosystems, system boundaries of such systems are constantly changing. At run-time, new components are on- or off-boarded. This makes the consideration of all possible threats, e.g. privacy or security incidents, at design time impossible. Consequently, during runtime unwanted behavior occurs (almost) inevitably.
Ideally, unwanted behavior should be prevented. If this is not possible, systems can still be equipped with detective measures. Accountability[1], as a detective approach, provides mechanisms to answer questions about a system’s behavior and identify responsible parties a posteriori. For example, “why was the airbag released?”
Accountability fundamentally means preserving evidence and supporting reasoning about the causal relationships[2] within the collected evidence.

Accountability Framework


Although there are several proposed algorithms in the literature [3,4,5], there are no open implementations that can be used to test and compare the effectiveness and the performance of these algorithms.
  • Logs as the basis of the causality analysis requires the security (integrity, completeness, soundness) of these logs.
  • At design time, the granularity and the precision of logged data should be specified.


Conceptual and Technical Framework for Accountability
  • Identification of unwanted behavior derived from legal, contractual, and self-imposed obligations at different layers
  • Detect, document and reason about violations of requirements concerning security, safety and privacy


Assess generic causality-based mechanisms
  • Implementation of three causality algorithms [3,4,5]
  • Development of a benchmark framework (ACCBench) for comparing these algorithms [6]

Securing the evidence (Work in progress)
  • Using cryptographic schemes to ensure integrity, confidentiality, verifiability and tamper evidence of the evidence.

Severin Kacianka, Kristian Beckers, Florian Kelbert, Prachi Kumari: “How Accountability is Implemented and Understood in Research Tools – A Systematic Mapping Study.” PROFES 2017: 199-218
Simon Rehwald, Amjad Ibrahim, Kristian Beckers, Alexander Pretschner: “ACCBench: A Framework for Comparing Causality Algorithms.”
Kristian Beckers, Jörg Landthaler, Florian Matthes, Alexander Pretschner, Bernhard Waltl: “Data Accountability in Socio-Technical Systems.” Enterprise, Business-Process and Information Systems Modeling – 17th International Conference, BPMDS 2016, 21st International Conference, EMMSAD 2016, Held at CAiSE 2016, Ljubljana, Slovenia, June 13-14, 2016, Proceedings, Springer, 2016,
Amjad Ibrahim and Sebastian Banescu: “StIns4CS: A State Inspection Tool for C#.” Proceedings of the 2016 ACM Workshop on Software PROtection, ACM, 2016, 61—71
Kristian Beckers, Sebastian Pape: “A Serious Game for Eliciting Social Engineering Security Requirements.” Proceedings of the International Conference on Requirements Engineering, RE, 2016

Supervised student projects
Simon Rehwald: Comparing causality-based Accountability Mechanisms, B.Sc. Thesis in Information Systems, Technische Universität München 2016. Supervisors: Dr.-Ing. Kristian Beckers, Prof. Alexander Pretschner.
Christopher Siewert: Visualization of Causality Algorithms, MSc. Thesis in informatics, Technische Universität München 2017. Supervisors: Amjad Ibrahim, Prof. Alexander Pretschner
Guided Research, Christian Wörle, An Accountability Analysis for a semi-autonomous Car Park, Supervisors: Dr.-Ing. Kristian Beckers, Severin Kacianka, Prof. Alexander Pretschner
Master Seminar: Accountability: A Cross-disciplinary View, Supervisors: Amjad Ibrahim, Ehsan Zibaei Prof. Alexander Pretschner, Summer Semester 2017:

[1] Weitzner, D., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.: Information accountability, Communications of the ACM 51(6):82-87, 2008
[2] Halpern, J., Pearl, J.: Causes and Explanations: A Structural-Model Approach. Part I: Causes. arXiv:cs/0011012v3 [cs.AI] 7, 2005
[3] Go¨ssler, G., Le Me´tayer, D.: A General Trace-Based Framework of Logical Causality. [Research Report] RR-8378, 2013.
[4] Gregor Gössler and Lacramioara Astefanoaei. 2014. Blaming in component-based real-time systems. In Proceedings of the 14th International Conference on Embedded Software (EMSOFT ’14). ACM, New York, NY, USA, , Article 7 , 10 pages.
[5] U. S. Mian, J. den Hartog, S. Etalle, N. Zannone Auditing with incomplete logs. In Proceedings of the 3rd Hot Issues in Security Principles and Trust (HotSpot 2015), 2015.
[6] Simon Rehwald: Comparing causality-based Accountability Mechanisms, B.Sc. Thesis in Information Systems, Technische Universität München 2016.
[7] University College London (UCL), Electronic Access Control – Specification Guidance Document,