Usability and Security Effects of Code Examples on Crypto APIs

Kai Mindermann, Stefan Wagner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Scopus citations

Abstract

Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of created applications by non security experts. Method: We created the open-source web platform CryptoExamples and conducted a controlled experiment where 58 students added symmetric encryption to a Java program. We then measured the usability and security. Results: The participants who used the platform were not only significantly more effective (+73%) but also their code contained significantly less possible security vulnerabilities (-66 %). Conclusions: With CryptoExamples the gap between hard to change API documentation and the need for complete and secure code examples can be closed. Still, the platform needs more code examples.

Original languageEnglish
Title of host publication2018 16th Annual Conference on Privacy, Security and Trust, PST 2018
EditorsRobert H. Deng, Stephen Marsh, Jason Nurse, Rongxing Lu, Sakir Sezer, Paul Miller, Liqun Chen, Kieran McLaughlin, Ali Ghorbani
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538674932
DOIs
StatePublished - 29 Oct 2018
Externally publishedYes
Event16th Annual Conference on Privacy, Security and Trust, PST 2018 - Belfast, Northern Ireland, United Kingdom
Duration: 28 Aug 201830 Aug 2018

Publication series

Name2018 16th Annual Conference on Privacy, Security and Trust, PST 2018

Conference

Conference16th Annual Conference on Privacy, Security and Trust, PST 2018
Country/TerritoryUnited Kingdom
CityBelfast, Northern Ireland
Period28/08/1830/08/18

Fingerprint

Dive into the research topics of 'Usability and Security Effects of Code Examples on Crypto APIs'. Together they form a unique fingerprint.

Cite this