Abstract
Many modern information systems use a policy-based approach to manage sensitive information and availability of services. Obligations are essential part of security policies, which specify what actions a user is obliged to perform in the future. One interesting feature of obligations is unenforceable, that is, the system cannot guarantee that each obligation will be fulfilled. Indeed, obligations go unfulfilled for a variety of reasons. For example, a user may have family emergency that leads her having little time to discharge assigned obligations. We argue that delegation of obligations can be regarded as a means of providing opportunity for obligations to be discharged. However, this opportunity will be wasted if users who received delegation do not fulfil the obligations eventually. In this paper we propose a mechanism that incentivises users to accept and fulfil obligations for others by rewarding users credits. The amount of credits can be earned depends on their trust score, which reflects precisely how diligent of individuals in fulfilling obligations in the past. Users are motivated to raise up their trust scores by fulfilling obligations for others, in order to earn more credits in the future. We run experiments in a simulated multi-agent systems to evaluate our approach, which turns out that delegation with incentives achieves the best outcome in terms of the number of obligations being fulfilled.
Original language | English |
---|---|
Title of host publication | 17th International Conference on Risks and Security of Internet and Systems |
Subtitle of host publication | CRiSIS 2022: Risks and Security of Internet and Systems, Revised Selected Papers |
Editors | Slim Kallel, Mohamed Jmaiel, Ahmed Hadj Kacem, Mohammad Zulkernine, Frédéric Cuppens, Nora Cuppens |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 191-206 |
Number of pages | 16 |
Volume | LNCS 13857 |
Edition | 17 |
ISBN (Electronic) | 978-3-031-31108-6 |
ISBN (Print) | 978-3-031-31107-9 |
DOIs | |
Publication status | E-pub ahead of print - 14 May 2023 |
Event | 17th International Conference on Risks and Security of Internet and Systems, CRiSIS 2022 - Sousse, Tunisia Duration: 7 Dec 2022 → 9 Dec 2022 https://link.springer.com/book/10.1007/978-3-031-31108-6 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 13857 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 17th International Conference on Risks and Security of Internet and Systems, CRiSIS 2022 |
---|---|
Abbreviated title | CRiSIS 2022 |
Country/Territory | Tunisia |
City | Sousse |
Period | 7/12/22 → 9/12/22 |
Internet address |