Usability and Security Effects of Code Examples on Crypto APIs
| Autor: | Kai Mindermann, Stefan Wagner |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Application programming interface
business.industry Computer science 05 social sciences 020207 software engineering Cryptography Usability Context (language use) 02 engineering and technology USable Documentation Symmetric-key algorithm 0202 electrical engineering electronic engineering information engineering Code (cryptography) 0501 psychology and cognitive sciences business Software engineering 050107 human factors |
| Zdroj: | PST |
| DOI: | 10.1109/pst.2018.8514203 |
| Popis: | Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of created applications by non security experts. Method: We created the open-source web platform CryptoExamples and conducted a controlled experiment where 58 students added symmetric encryption to a Java program. We then measured the usability and security. Results: The participants who used the platform were not only significantly more effective $( +73$ %) but also their code contained significantly less possible security vulnerabilities (-66 %). Conclusions: With CryptoExamples the gap between hard to change API documentation and the need for complete and secure code examples can be closed. Still, the platform needs more code examples. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|