Charles Morisset, Thomas Groß, Aad van Moorsel and Iryna Yevseyeva

Abstract

Whereas an access control system returns a decision, such as permit, deny or not-applicable, for an access request, a quantitative access control system also associates each decision with a measure, indicating for instance the level of confidence of the system in the decision. In some cases, the system might not be able to make a conclusive decision, and the final decision thus delegated to a human expert. We propose here to explore how the usage of nudging, i.e., how modifying the context of the decision making process for that human expert, can be enforced in such situations. We thus formalise when such a delegation is required, when nudging is applicable, and illustrate some nudges from the MINDSPACE framework in the context of access control.

Keywords: nudging, quantitative access control, security decision making
Date: Jun 23, 2014
Presented: 16th International Conference on Human-Computer Interaction (HCI International 2014), 22-27 June 2014, Creta Maris, Heraklion, Crete, Greece
Published: In Human Aspects of Information Security, Privacy and Trust, LNCS, Springer, Volume 8533, 2014, pp. 340-351.
Editors: Tryfonas, Theo and Askoxylakis, Ioannis
ISBN: 978-3-319-07619-5
Full Text: http://link.springer.com/chapter/10.1007%2F978-3-319-07620-1_30

Categories: Publications