Usability and Security Effects of Code Examples on Crypto APIs - CryptoExamples: A platform for free, minimal, complete and secure crypto examples

07/03/2018
by   Kai Mindermann, et al.
0

Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of created applications by non security experts. Method: We created the open-source web platform CryptoExamples and conducted a controlled experiment where 58 students added symmetric encryption to a Java program. We then measured the usability and security. Results: The participants who used the platform were not only significantly more effective (+73 code contained significantly less possible security vulnerabilities (-66 Conclusions: With CryptoExamples the gap between hard to change API documentation and the need for complete and secure code examples can be closed. Still, the platform needs more code examples.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

04/08/2020

Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs

Context: Programmers frequently look for the code of previously solved p...
01/03/2020

CryptoExplorer: An Interactive Web Platform Supporting Secure Use of Cryptography APIs

Research has shown that cryptographic APIs are hard to use. Consequently...
05/24/2018

Why Johnny Can't Store Passwords Securely? A Usability Evaluation of Bouncycastle Password Hashing

Lack of usability of security Application Programming In- terfaces (APIs...
03/17/2022

Example-Based Vulnerability Detection and Repair in Java Code

The Java libraries JCA and JSSE offer cryptographic APIs to facilitate s...
06/13/2018

How Usable are Rust Cryptography APIs?

Context: Poor usability of cryptographic APIs is a severe source of vuln...
06/18/2018

CHIRON: Deployment-quality Detection of Java Cryptographic Vulnerabilities

Cryptographic API misuses threaten software security. Examples include e...
06/18/2018

RIGORITYJ: Deployment-quality Detection of Java Cryptographic Vulnerabilities

Cryptographic API misuses threaten software security. Examples include e...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.