New Principles of Usable Privacy and Security (UPS) of Access Control Interfaces Designed for the Average User

Abstract

Usable Security and Privacy (UPS) is a research field aimed to study the usability of systems that help end-users or administrators to manage security and privacy. Appropriate UPS inspection methods, as Heuristic Evaluations (HEs), of such systems are a requirement to move forward in the field. Usability principles for Information Technology Security Management (ITSM) tools have been studied, but such tools aim security administrators in organizational context. We need UPS principles focused on privacy tools, as access controls, designed for the average user in their context. The Research Questions (RQs) of this project are as follows: (RQ1) What are the common UPS problems faced by average users using access control tools in daily context?, (RQ2) What principles can guide HEs to common UPS problems faced by average users using access control tools in daily context?, (RQ3) What set of UPS principles is the most appropriate for HEs in the access control domain regarding the average user in daily context? The Objectives (Os) of this project are: (O1) to identify common UPS problems faced by average users using access control tools; (O2) to describe factors (principles) associated with common UPS problems faced by average users using access control tools.; and (O3) to indicate a set of UPS principles that, employed in Heuristic Evaluation of access control tools designed for the average user, are associated with higher F-measures. This project has a crossdisciplinarization method, employing Human-Computer Interaction (HCI) literature (as the F-measure) to develop UPS principles and enhance Cybersecurity applications. The design of this project includes, but is not limited to: tests with 20 potential users and UPS inspections with 48 evaluators. Multivariate data analyses were planned. In summary, I expect to provide the literature with: a description of typical interface characteristics of access control features, common UPS problems faced by the average user when interacting with access controls, and new UPS principles to employ during UPS inspections of access controls designed for the average user. Also, social benefits are expected, because this project may help average users to contribute with a more private and secure Web.