How Usable are Rust Cryptography APIs?
| Autor: | Kai Mindermann, Stefan Wagner, Philipp Keck |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2018 |
| Předmět: |
FOS: Computer and information sciences
Computer Science - Cryptography and Security Computer Science - Programming Languages Computer science business.industry Exploratory research Cryptography Usability Context (language use) USable Encryption World Wide Web Software Engineering (cs.SE) Computer Science - Software Engineering Documentation business computer Cryptography and Security (cs.CR) Rust (programming language) computer.programming_language Programming Languages (cs.PL) |
| Zdroj: | QRS |
| Popis: | Context: Poor usability of cryptographic APIs is a severe source of vulnerabilities. Aim: We wanted to find out what kind of cryptographic libraries are present in Rust and how usable they are. Method: We explored Rust's cryptographic libraries through a systematic search, conducted an exploratory study on the major libraries and a controlled experiment on two of these libraries with 28 student participants. Results: Only half of the major libraries explicitly focus on usability and misuse resistance, which is reflected in their current APIs. We found that participants were more successful using rust-crypto which we considered less usable than ring before the experiment. Conclusion: We discuss API design insights and make recommendations for the design of crypto libraries in Rust regarding the detail and structure of the documentation, higher-level APIs as wrappers for the existing low-level libraries, and selected, good-quality example code to improve the emerging cryptographic libraries of Rust. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|