This paper promotes accountability as a central design goal for dependable networked systems. We define three properties for accountable systems that extend beyond the basic security properties of authentication, privacy, and integrity. These accountability properties reduce the vulnerability of network services to subversion, tampering, corruption, and abuse. For example, actions taken in accountable systems and their clients are provable or even legally binding, to support contractual relationships in federated systems.We propose a framework for accountable network services, and explore its applicability and limitations. The foundation of our approach is to preserve digitally signed records of actions and/or internal state snapshots of each service, and use them to detect tampering, verify the consistency of actions and behavior, and prove responsibility for unexpected states or actions. We outline the key challenges in generalizing the principles and methodology of accountable design for practical use.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Aris Anagnostopoulos , Michael T. Goodrich , Roberto Tamassia, Persistent Authenticated Dictionaries and Their Applications, Proceedings of the 4th International Conference on Information Security, p.379-393, October 01-03, 2001
	2	Ross J. Anderson, Why cryptosystems fail, Communications of the ACM, v.37 n.11, p.32-40, Nov. 1994  [doi>10.1145/188280.188291]
	3	Ahto Buldas , Peeter Laud , Helger Lipmaa, Accountable certificate management using undeniable attestations, Proceedings of the 7th ACM conference on Computer and communications security, p.9-17, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352604]
	4	Yun Fu , Jeffrey Chase , Brent Chun , Stephen Schwab , Amin Vahdat, SHARP: an architecture for secure resource peering, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	5	D. Hitz, J. Lau, and M. Malcolm. File System Design for an NFS File Server Appliance. In Proceedings of the USENIX Annual Technical Conference, pages 235--246, January 1994.
	6	Mahesh Kallahalla , Erik Riedel , Ram Swaminathan , Qian Wang , Kevin Fu, Plutus: Scalable Secure File Sharing on Untrusted Storage, Proceedings of the 2nd USENIX Conference on File and Storage Technologies, March 31-31, 2003, San Francisco, CA
	7	Petros Maniatis , Mary Baker, Historic integrity in distributed systems, 2003
	8	Petros Maniatis , Mary Baker, Enabling the Archival Storage of Signed Documents, Proceedings of the Conference on File and Storage Technologies, p.31-45, January 28-30, 2002
	9	David Mazières , Dennis Shasha, Building secure file systems out of byzantine storage, Proceedings of the twenty-first annual symposium on Principles of distributed computing, July 21-24, 2002, Monterey, California  [doi>10.1145/571825.571840]
	10	R. C. Merkle. Protocols for Public Key Cryptosystems. In Proceedings of the 1980 Sysmposium on Security and Privacy, pages 122--133, April 1980.
	11	Miguel Castro , Barbara Liskov, Practical Byzantine fault tolerance, Proceedings of the third symposium on Operating systems design and implementation, p.173-186, February 1999, New Orleans, Louisiana, United States
	12	M. Naor and K. Nissim. Certificate Revocation and Certificate Update. IEEE Journal on Selected Areas in Communications, 18(4):561--570, 2000.
	13	L. Pearlman , V. Welch , I. Foster , C. Kesselman , S. Tuecke, A Community Authorization Service for Group Collaboration, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.50, June 05-07, 2002
	14	Fred B. Schneider, Implementing fault-tolerant services using the state machine approach: a tutorial, ACM Computing Surveys (CSUR), v.22 n.4, p.299-319, Dec. 1990  [doi>10.1145/98163.98167]
	15	Bruce Schneier , John Kelsey, Secure audit logs to support computer forensics, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.159-176, May 1999  [doi>10.1145/317087.317089]
	16	Sean W. Smith , Elaine R. Palmer , Steve Weingart, Using a High-Performance, Programmable Secure Coprocessor, Proceedings of the Second International Conference on Financial Cryptography, p.73-89, February 23-25, 1998
	17	J. D. Strunk, G. R. Goodson, M. L. Scheinholtz, C. A. N. Soules, and G. R. Ganger. Self-Securing Storage: Protecting Data in Compromised Systems. In 4th Symposium on Operating System Design and Implementation (OSDI 2000), pages 165--180, October 23--25 2000.
	18	B. Yee. Using Secure Coprocessors. PhD thesis, Carnegie Mellon University, May 1994.