Program Actions as Actual Causes: A Building Block for Accountability
This work addresses accountability in security protocols for applications such as electronic voting and secure multiparty computation, though it appears incremental as it builds on existing formal models.
The paper tackles the problem of determining which deviations from prescribed programs cause security violations in protocols like authentication and voting, and presents a formal definition and sound technique for establishing program actions as actual causes, proving that violations of a specific class of safety properties always have an actual cause.
Protocols for tasks such as authentication, electronic voting, and secure multiparty computation ensure desirable security properties if agents follow their prescribed programs. However, if some agents deviate from their prescribed programs and a security property is violated, it is important to hold agents accountable by determining which deviations actually caused the violation. Motivated by these applications, we initiate a formal study of program actions as actual causes. Specifically, we define in an interacting program model what it means for a set of program actions to be an actual cause of a violation. We present a sound technique for establishing program actions as actual causes. We demonstrate the value of this formalism in two ways. First, we prove that violations of a specific class of safety properties always have an actual cause. Thus, our definition applies to relevant security properties. Second, we provide a cause analysis of a representative protocol designed to address weaknesses in the current public key certification infrastructure.