Advanced search
Start date

New Principles of Usable Privacy and Security (UPS) of Access Control Interfaces Designed for the Average User

Grant number: 17/15239-0
Support Opportunities:Scholarships in Brazil - Doctorate
Effective date (Start): March 01, 2018
Effective date (End): January 31, 2021
Field of knowledge:Physical Sciences and Mathematics - Computer Science - Computing Methodologies and Techniques
Principal Investigator:Renata Pontin de Mattos Fortes
Grantee:André de Lima Salgado
Host Institution: Instituto de Ciências Matemáticas e de Computação (ICMC). Universidade de São Paulo (USP). São Carlos , SP, Brazil
Associated scholarship(s):18/26038-8 - Smart toys and child's privacy: recommendations for designing more usable parental controls, BE.EP.DR


Usable Security and Privacy (UPS) is a research field aimed to study the usability of systems that help end-users or administrators to manage security and privacy. Appropriate UPS inspection methods, as Heuristic Evaluations (HEs), of such systems are a requirement to move forward in the field. Usability principles for Information Technology Security Management (ITSM) tools have been studied, but such tools aim security administrators in organizational context. We need UPS principles focused on privacy tools, as access controls, designed for the average user in their context. The Research Questions (RQs) of this project are as follows: (RQ1) What are the common UPS problems faced by average users using access control tools in daily context?, (RQ2) What principles can guide HEs to common UPS problems faced by average users using access control tools in daily context?, (RQ3) What set of UPS principles is the most appropriate for HEs in the access control domain regarding the average user in daily context? The Objectives (Os) of this project are: (O1) to identify common UPS problems faced by average users using access control tools; (O2) to describe factors (principles) associated with common UPS problems faced by average users using access control tools.; and (O3) to indicate a set of UPS principles that, employed in Heuristic Evaluation of access control tools designed for the average user, are associated with higher F-measures. This project has a crossdisciplinarization method, employing Human-Computer Interaction (HCI) literature (as the F-measure) to develop UPS principles and enhance Cybersecurity applications. The design of this project includes, but is not limited to: tests with 20 potential users and UPS inspections with 48 evaluators. Multivariate data analyses were planned. In summary, I expect to provide the literature with: a description of typical interface characteristics of access control features, common UPS problems faced by the average user when interacting with access controls, and new UPS principles to employ during UPS inspections of access controls designed for the average user. Also, social benefits are expected, because this project may help average users to contribute with a more private and secure Web.

News published in Agência FAPESP Newsletter about the scholarship:
Articles published in other media outlets (0 total):
More itemsLess items

Scientific publications
(References retrieved automatically from Web of Science and SciELO through information on FAPESP grants and their corresponding numbers as mentioned in the publications by the authors)
SALGADO, ANDRE DE LIMA; FORTES, RENATA PONTIN DE MATTOS; DE OLIVEIRA, RICARDO RAMOS; FREIRE, ANDRE PIMENTA. Usability heuristics on parental privacy controls for smart toys: From an exploratory map to a confirmatory research. ELECTRONIC COMMERCE RESEARCH AND APPLICATIONS, v. 42, . (15/24525-0, 17/15239-0, 18/26038-8)
Academic Publications
(References retrieved automatically from State of São Paulo Research Institutions)
SALGADO, André de Lima. Six Privacy and Usability Heuristics: from grounded models to validated new heuristics of usable privacy. 2022. Doctoral Thesis - Universidade de São Paulo (USP). Instituto de Ciências Matemáticas e de Computação (ICMC/SB) São Carlos.

Please report errors in scientific publications list by writing to: