Transport Layer Security (TLS) is a secure communication protocol between a client and a server over a network. The TLS protocol provides the two endpoints with confidentiality through symmetric encryption, endpoint authentication using public-key cryptography, and data integrity using a MAC. However, studies show that security vulnerabilities within TLS connections are often caused by developers misusing TLS library APIs. We measure the usability of four TLS libraries by performing a developer user study. Participants were given code that connects to google.com through HTTP, and tasked with using a TLS library to change the code so that it connects securely to Google through HTTPS. Our results help show what makes a library usable and what problems arise for developers using these TLS libraries. We found that the main way to ensure a TLS library is usable is to focus on having clear documentation. From our results, we provide suggestions on how to create usable documentation.
Identifer | oai:union.ndltd.org:BGMYU2/oai:scholarsarchive.byu.edu:etd-9685 |
Date | 15 September 2020 |
Creators | Armknecht, Jonathan Blake |
Publisher | BYU ScholarsArchive |
Source Sets | Brigham Young University |
Detected Language | English |
Type | text |
Format | application/pdf |
Source | Theses and Dissertations |
Rights | https://lib.byu.edu/about/copyright/ |
Page generated in 0.0013 seconds