%0 Conference Paper %1 mindermann2018usable %A Mindermann, Kai %A Keck, Philipp %A Wagner, Stefan %B Proceedings of the International Conference Software on Quality, Reliability, and Security %D 2018 %I IEEE %K %T How Usable are Rust Cryptography APIs? %U https://arxiv.org/abs/1806.04929 %X Context: Poor usability of cryptographic APIs is a severe source of vulnerabilities. Aim: We wanted to find out what kind of cryptographic libraries are present in Rust and how usable they are. Method: We explored Rust's cryptographic libraries through a systematic search, conducted an exploratory study on the major libraries and a controlled experiment on two of these libraries with 28 student participants. Results: Only half of the major libraries explicitly focus on usability and misuse resistance, which is reflected in their current APIs. We found that participants were more successful using rust-crypto which we considered less usable than ring before the experiment. Conclusion: We discuss API design insights and make recommendations for the design of crypto libraries in Rust regarding the detail and structure of the documentation, higher-level APIs as wrappers for the existing low-level libraries, and selected, good-quality example code to improve the emerging cryptographic libraries of Rust.

@inproceedings{mindermann2018usable, abstract = {Context: Poor usability of cryptographic APIs is a severe source of vulnerabilities. Aim: We wanted to find out what kind of cryptographic libraries are present in Rust and how usable they are. Method: We explored Rust's cryptographic libraries through a systematic search, conducted an exploratory study on the major libraries and a controlled experiment on two of these libraries with 28 student participants. Results: Only half of the major libraries explicitly focus on usability and misuse resistance, which is reflected in their current APIs. We found that participants were more successful using rust-crypto which we considered less usable than ring before the experiment. Conclusion: We discuss API design insights and make recommendations for the design of crypto libraries in Rust regarding the detail and structure of the documentation, higher-level APIs as wrappers for the existing low-level libraries, and selected, good-quality example code to improve the emerging cryptographic libraries of Rust.}, added-at = {2023-08-31T14:11:59.000+0200}, author = {Mindermann, Kai and Keck, Philipp and Wagner, Stefan}, biburl = {https://puma.ub.uni-stuttgart.de/bibtex/2496b93bdc59af72d48dd6663a70d6505/puma-wartung}, booktitle = {Proceedings of the International Conference Software on Quality, Reliability, and Security}, interhash = {297999fd0396c59b44b42c2d2ff0bf24}, intrahash = {496b93bdc59af72d48dd6663a70d6505}, keywords = {}, publisher = {IEEE}, timestamp = {2023-08-31T12:11:59.000+0200}, title = {How Usable are Rust Cryptography APIs?}, url = {https://arxiv.org/abs/1806.04929}, venue = {Lisbon}, year = 2018 }