TY - GEN
T1 - Nudging for quantitative access control systems
AU - Morisset, Charles
AU - Groß, Thomas
AU - Van Moorsel, Aad
AU - Yevseyeva, Iryna
PY - 2014
Y1 - 2014
N2 - On the one hand, an access control mechanism must make a conclusive decision for a given access request. On the other hand, such a mechanism usually relies on one or several decision making processes, which can return partial decisions, inconclusive ones, or conflicting ones. In some cases, this information might not be sufficient to automatically make a conclusive decision, and the access control mechanism might have to involve a human expert to make the final decision. In this paper, we formalise these decision making processes as quantitative access control systems, which associate each decision with a measure, indicating for instance the level of confidence of the system in the decision. We then propose to explore how nudging, i.e., how modifying the context of the decision making process for that human expert, can be used in this context. We thus formalise when such a delegation is required, when nudging is applicable, and illustrate some examples from the MINDSPACE framework in the context of access control.
AB - On the one hand, an access control mechanism must make a conclusive decision for a given access request. On the other hand, such a mechanism usually relies on one or several decision making processes, which can return partial decisions, inconclusive ones, or conflicting ones. In some cases, this information might not be sufficient to automatically make a conclusive decision, and the access control mechanism might have to involve a human expert to make the final decision. In this paper, we formalise these decision making processes as quantitative access control systems, which associate each decision with a measure, indicating for instance the level of confidence of the system in the decision. We then propose to explore how nudging, i.e., how modifying the context of the decision making process for that human expert, can be used in this context. We thus formalise when such a delegation is required, when nudging is applicable, and illustrate some examples from the MINDSPACE framework in the context of access control.
UR - https://www.scopus.com/pages/publications/84903699203
U2 - 10.1007/978-3-319-07620-1_30
DO - 10.1007/978-3-319-07620-1_30
M3 - Conference contribution
AN - SCOPUS:84903699203
SN - 9783319076195
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 340
EP - 351
BT - Human Aspects of Information Security, Privacy, and Trust - Second International Conference, HAS 2014, Held as Part of HCI International 2014, Proceedings
PB - Springer Verlag
T2 - 2nd International Conference on Human Aspects of Information Security, Privacy, and Trust, HAS 2014 - Held as Part of 16th International Conference on Human-Computer Interaction, HCI International 2014
Y2 - 22 June 2014 through 27 June 2014
ER -