Nudging for quantitative access control systems.
On the one hand, an access control mechanism must make a conclusive decision for a given access request. On the other hand, such a mechanism usually relies on one or several decision making processes, which can return partial decisions, inconclusive ones, or conflicting ones. In some cases, this information might not be sufficient to automatically make a conclusive decision, and the access control mechanism might have to involve a human expert to make the final decision. In this paper, we formalise these decision making processes as quantitative access control systems, which associate each decision with a measure, indicating for instance the level of confidence of the system in the decision. We then propose to explore how nudging, i.e., how modifying the context of the decision making process for that human expert, can be used in this context. We thus formalise when such a delegation is required, when nudging is applicable, and illustrate some examples from the MINDSPACE framework in the context of access control.
Citation : Morisset C., Gross T., van Moorsel A., Yevseyeva I., Nudging for quantitative access control systems. In T. Tryfonas, I. Askoxylakis (Eds.) “Human Aspects of Information Security, Privacy, and Trust”, Ser. LNCS (vol. 8533), Springer 2014, pp. 340-351
Research Group : Cyber Security Centre
Research Institute : Cyber Technology Institute (CTI)
Peer Reviewed : Yes