42
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Usability and Security Effects of Code Examples on Crypto APIs - CryptoExamples: A platform for free, minimal, complete and secure crypto examples

      Preprint
      ,

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of created applications by non security experts. Method: We created the open-source web platform CryptoExamples and conducted a controlled experiment where 58 students added symmetric encryption to a Java program. We then measured the usability and security. Results: The participants who used the platform were not only significantly more effective (+73 %) but also their code contained significantly less possible security vulnerabilities (-66 %). Conclusions: With CryptoExamples the gap between hard to change API documentation and the need for complete and secure code examples can be closed. Still, the platform needs more code examples.

          Related collections

          Most cited references3

          • Record: found
          • Abstract: not found
          • Conference Proceedings: not found

          You Get Where You're Looking for: The Impact of Information Sources on Code Security

            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            Developers are Not the Enemy!: The Need for Usable Security APIs

              Bookmark
              • Record: found
              • Abstract: found
              • Article: found
              Is Open Access

              Are easily usable security libraries possible and how should experts work together to create them?

              Due to non-experts also developing security relevant applications it is necessary to support them too. Some improvements in the current research may not reach or impact these developers. Nonetheless these developers use security libraries. There are findings that even their usage is not easily possible and applications are left vulnerable to supposedly treated threats. So it is important to improve the usability of the security libraries. This is itself is not straightforward because of a required maturing process for example. By getting together experts of different involved areas, especially cryptographic and API-usability experts, both of the problems can be tackled.
                Bookmark

                Author and article information

                Journal
                03 July 2018
                Article
                1807.01095
                ff6b47f6-fb42-49fa-b4a1-343f3ca5c752

                http://arxiv.org/licenses/nonexclusive-distrib/1.0/

                History
                Custom metadata
                cs.CR cs.SE

                Software engineering,Security & Cryptology
                Software engineering, Security & Cryptology

                Comments

                Comment on this article