Conference poster

Poster: On the Effect of Security Warnings on Cryptographic API Misuse


Authors listGorski, Peter Leo; Lo Iacono, Luigi; Acar, Yasemin; Moeller, Sebastian; Stransky, Christian; Fahl, Sascha

Publication year2018

URLhttps://www.ieee-security.org/TC/SP2018/poster-abstracts/oakland2018-paper51-poster-abstract.pdf

Conference39th IEEE Symposium on Security and Privacy


Abstract

Cryptographic API misuse is responsible for a large number of software vulnerabilities. In many cases developers are overburdened by the complex set of programming choices and their security implications. Past studies have identified significant challenges when using cryptographic APIs that lack a certain set of usability features (e. g. easy-to-use documentation or meaningful warning and error messages) leading to an especially high likelihood of writing functionally correct but insecure code.
To support software developers in writing more secure code, this work investigates a novel approach aimed at these hard-touse cryptographic APIs. In a controlled online experiment with 53 participants, we study the effectiveness of an API integrated security advice which informs about an API misuse and places secure programming hints as guidance close to the developer. This allows to address insecure cryptographic choices including encryption algorithms, key sizes, modes of operation and hashing algorithms with helpful documentation in the guise of warnings. Whenever possible, the security advice proposes code changes to fix the responsible security issues. We find that our approach significantly improves code security. 73% of the participants who received the security advice fixed their insecure code.




Citation Styles

Harvard Citation styleGorski, P., Lo Iacono, L., Acar, Y., Moeller, S., Stransky, C. and Fahl, S. (2018) Poster: On the Effect of Security Warnings on Cryptographic API Misuse [Poster], 39th IEEE Symposium on Security and Privacy, San Francisco, CA, May 21 -23, 2018. https://www.ieee-security.org/TC/SP2018/poster-abstracts/oakland2018-paper51-poster-abstract.pdf

APA Citation styleGorski, P., Lo Iacono, L., Acar, Y., Moeller, S., Stransky, C., & Fahl, S. (2018, May 21 -23, 2018). Poster: On the Effect of Security Warnings on Cryptographic API Misuse [Poster]. 39th IEEE Symposium on Security and Privacy, San Francisco, CA. https://www.ieee-security.org/TC/SP2018/poster-abstracts/oakland2018-paper51-poster-abstract.pdf


Last updated on 2025-05-08 at 14:56