Usability and Security Effects of Code Examples on Crypto APIs - CryptoExamples: A platform for free, minimal, complete and secure crypto examples
K. Mindermann, and S. Wagner. Proceedings of the 16th Annual Conference on Privacy, Security and Trust, (August 2018)
Abstract
Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of created applications by non security experts. Method: We created the open-source web platform CryptoExamples and conducted a controlled experiment where 58 students added symmetric encryption to a Java program. We then measured the usability and security. Results: The participants who used the platform were not only significantly more effective (+73 %) but also their code contained significantly less possible security vulnerabilities (-66 %). Conclusions: With CryptoExamples the gap between hard to change API documentation and the need for complete and secure code examples can be closed. Still, the platform needs more code examples.
%0 Journal Article
%1 noauthororeditor
%A Mindermann, Kai
%A Wagner, Stefan
%D 2018
%J Proceedings of the 16th Annual Conference on Privacy, Security and Trust
%K iste-se myown
%T Usability and Security Effects of Code Examples on Crypto APIs - CryptoExamples: A platform for free, minimal, complete and secure crypto examples
%U https://arxiv.org/abs/1807.01095
%X Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of created applications by non security experts. Method: We created the open-source web platform CryptoExamples and conducted a controlled experiment where 58 students added symmetric encryption to a Java program. We then measured the usability and security. Results: The participants who used the platform were not only significantly more effective (+73 %) but also their code contained significantly less possible security vulnerabilities (-66 %). Conclusions: With CryptoExamples the gap between hard to change API documentation and the need for complete and secure code examples can be closed. Still, the platform needs more code examples.
@article{noauthororeditor,
abstract = {Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of created applications by non security experts. Method: We created the open-source web platform CryptoExamples and conducted a controlled experiment where 58 students added symmetric encryption to a Java program. We then measured the usability and security. Results: The participants who used the platform were not only significantly more effective (+73 %) but also their code contained significantly less possible security vulnerabilities (-66 %). Conclusions: With CryptoExamples the gap between hard to change API documentation and the need for complete and secure code examples can be closed. Still, the platform needs more code examples.},
added-at = {2018-07-05T12:35:42.000+0200},
author = {Mindermann, Kai and Wagner, Stefan},
biburl = {https://puma.ub.uni-stuttgart.de/bibtex/2d55cd09ee2e2eaef130789427371e666/kaimindermann},
description = {authors version},
interhash = {c0ba1fa570bb2cec61549cfd0bbc2e23},
intrahash = {d55cd09ee2e2eaef130789427371e666},
journal = {Proceedings of the 16th Annual Conference on Privacy, Security and Trust},
keywords = {iste-se myown},
month = aug,
timestamp = {2018-08-16T14:54:14.000+0200},
title = {Usability and Security Effects of Code Examples on Crypto APIs - CryptoExamples: A platform for free, minimal, complete and secure crypto examples},
url = {https://arxiv.org/abs/1807.01095},
year = 2018
}
