Volltext-Downloads (blau) und Frontdoor-Views (grau)

Towards the Usability Evaluation of Security APIs

  • Application Programming Interfaces (APIs) are a vital link between software components as well as between software and developers. Security APIs deliver crucial functionalities for programmers who see themselves in the increasing need for integrating security services into their software products. The ignorant or incorrect use of Security APIs leads to critical security flaws, as has been revealed by recent security studies. One major reason for this is rooted in usability issues. API Usability research has been deriving recommendations for designing usable APIs in general. Facing the growing relevance of Security APIs, the question arises, whether the observed usability aspects in the general space are already sufficient enough for building usable Security APIs. The currently available findings in the API Usability domain are selective fragments only, though. This still emerging field has not produced a comprehensive model yet. As a consequence, a first contribution of this paper is such a model that provides a consolidated view on the current research coverage of API Usability. On this baseline, the paper continues by conducting an analysis of relevant security studies, which give insights on usability problems developers had, when using Security APIs. This analysis leads to a proposal of eleven specific usability characteristics relevant for Security APIs. These have to be followed up by usability studies in order to evaluate how Security APIs need to be designed in a usable way and which potential trade-offs have to be balanced.

Export metadata

Additional Services

Search Google Scholar Check availability


Show usage statistics
Document Type:Conference Object
Author:Peter Leo Gorski, Luigi Lo Iacono
Parent Title (English):Clarke, Furnell (Eds.): Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016), Frankfurt, Germany, July 19-21, 2016
Number of pages:14
First Page:252
Last Page:265
Publication year:2016
Keyword:API usability; Evaluation; Security APIs; Software Security; Usable Security
Departments, institutes and facilities:Institut für Cyber Security & Privacy (ICSP)
Dewey Decimal Classification (DDC):0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 005 Computerprogrammierung, Programme, Daten
Entry in this database:2021/06/30