Consideration of values in the design of access control systems

Since access control systems codify many of the power structures that govern everyday life, the design of such systems has direct rami®cations w.r.t. moral values held by the system’s designers, users, or operators. As an alternative to a design process based solely on functional or economical requirements, avalue-sensitive design” has been proposed as a structured approach to produce systems that are congruent with given sets of moral values. However, the literature has pointed out the lack of methods for handling tradeoffs between values that may limit the practical utility of the approach. In this position paper, we explore the value-sensitive design of an access control system in a data sharing scenario. To this end, we step through the analysis and evaluation of design alternatives from a purely qualitative consideration to a simple formalization that enables discussion and comparison of designs with respect to tradeoffs between values. While any ®nal design decision depends on value judgments by the stakeholders, we believe that by making value judgments explicit, the formalization can substantiate design discussions and lead to more satisfying designs.

[1]  Gerrit C. van der Veer,et al.  CHI '05 Extended Abstracts on Human Factors in Computing Systems , 2005, CHI 2005.

[2]  Ravi S. Sandhu,et al.  Engineering authority and trust in cyberspace: the OM-AM and RBAC way , 2000, RBAC '00.

[3]  Jeffrey Holbrook,et al.  Early engagement and new technologies: opening up the laboratory , 2014 .

[4]  S. Schwartz An Overview of the Schwartz Theory of Basic Values , 2012 .

[5]  P. Tetlock Thinking the unthinkable: sacred values and taboo cognitions , 2003, Trends in Cognitive Sciences.

[6]  Jens Köhler,et al.  Tunable Security for Deployable Data Outsourcing , 2015 .

[7]  Ibo van de Poel,et al.  Translating Values into Design Requirements , 2013 .

[8]  Daniel J. Solove,et al.  'I've Got Nothing to Hide' and Other Misunderstandings of Privacy , 2007 .

[9]  Gerd Stumme,et al.  Socio-technical Design of Ubiquitous Computing Systems , 2014, Springer International Publishing.

[10]  Pieter E. Vermaas,et al.  Handbook of ethics, values, and technological design : sources, theory, values and application domains , 2015 .

[11]  David F. Ferraiolo,et al.  Assessment of Access Control Systems , 2006 .

[12]  Barry W. Boehm,et al.  Value-Based Software Engineering: Overview and Agenda , 2006, Value-Based Software Engineering.

[13]  Ian Sommerville,et al.  Socio-technical systems: From design methods to systems engineering , 2011, Interact. Comput..

[14]  Enid Mumford,et al.  The story of socio‐technical design: reflections on its successes, failures and potential , 2006, Inf. Syst. J..

[15]  Jaehong Park,et al.  Towards an Engineering Framework for Usage Control and Digital Rights Management , 2001 .

[16]  Roland Bless,et al.  Values and Networks: Steps Toward Exploring their Relationships , 2016, CCRV.