Usability and Security Effects of Code Examples on Crypto APIs - CryptoExamples: A platform for free, minimal, complete and secure crypto examples

07/03/2018
by   Kai Mindermann, et al.
0

Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of created applications by non security experts. Method: We created the open-source web platform CryptoExamples and conducted a controlled experiment where 58 students added symmetric encryption to a Java program. We then measured the usability and security. Results: The participants who used the platform were not only significantly more effective (+73 code contained significantly less possible security vulnerabilities (-66 Conclusions: With CryptoExamples the gap between hard to change API documentation and the need for complete and secure code examples can be closed. Still, the platform needs more code examples.

READ FULL TEXT

page 1

page 2

research
04/08/2020

Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs

Context: Programmers frequently look for the code of previously solved p...
research
01/03/2020

CryptoExplorer: An Interactive Web Platform Supporting Secure Use of Cryptography APIs

Research has shown that cryptographic APIs are hard to use. Consequently...
research
05/24/2018

Why Johnny Can't Store Passwords Securely? A Usability Evaluation of Bouncycastle Password Hashing

Lack of usability of security Application Programming In- terfaces (APIs...
research
06/13/2018

How Usable are Rust Cryptography APIs?

Context: Poor usability of cryptographic APIs is a severe source of vuln...
research
07/26/2023

GovernR: Provenance and Confidentiality Guarantees In Research Data Repositories

We propose cryptographic protocols to incorporate time provenance guaran...
research
09/22/2022

To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild

Recent studies have revealed that 87 cryptographic APIs have a misuse w...
research
06/18/2018

RIGORITYJ: Deployment-quality Detection of Java Cryptographic Vulnerabilities

Cryptographic API misuses threaten software security. Examples include e...

Please sign up or login with your details

Forgot password? Click here to reset