A Formal Model for Soft Enforcement: Influencing the Decision-Maker
- Cite this paper as:
- Morisset C., Yevseyeva I., Groß T., van Moorsel A. (2014) A Formal Model for Soft Enforcement: Influencing the Decision-Maker. In: Mauw S., Jensen C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham
We propose in this paper a formal model for soft enforcement, where a decision-maker is influenced towards a decision, rather than forced to select that decision. This novel type of enforcement is particularly useful when the policy enforcer cannot fully control the environment of the decision-maker, as we illustrate in the context of attribute-based access control, by limiting the control over attributes. We also show that soft enforcement can improve the security of the system when the influencer is uncertain about the environment, and when neither forcing the decision-maker nor leaving them make their own selection is optimal. We define the general notion of optimal influencing policy, that takes into account both the control of the influencer and the uncertainty in the system.
Unable to display preview. Download preview PDF.