Usable Security for Developers

This project focuses on cryptographic APIs with respect to their developer usability. Such APIs are notoriously complex and prone to usage errors – our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security.

The current research focus is on usable interfaces of cryptographic libraries from the point of developers and administrators lacking detailed security education. We are interested in both programmable and command-line interfaces. Currently, the emphasis is placed on X.509-capable libraries, such as OpenSSL, GnuTLS and NSS, paying special attention to the process of certificate creation and validation. The goal is to enable the developers to use security APIs errorlessly and API designers create better interfaces less prone to misuse. We emphasize the necessity of a usable design even for tools targeted at experienced users.

Our efforts to create a better error system for X.509 certificate validation led us to the creation of the website x509errors.org, where we collect and enhance the existing error documentation. This project has also been featured in the Innovate@Open podcast focused on Red Hat Research Day Europe 2020.

Project summary at Red Hat Reseasrch Day Europe 2020