Abstract

Transport Layer Security (TLS) is a secure communication protocol between a client and a server over a network. The TLS protocol provides the two endpoints with confidentiality through symmetric encryption, endpoint authentication using public-key cryptography, and data integrity using a MAC. However, studies show that security vulnerabilities within TLS connections are often caused by developers misusing TLS library APIs. We measure the usability of four TLS libraries by performing a developer user study. Participants were given code that connects to google.com through HTTP, and tasked with using a TLS library to change the code so that it connects securely to Google through HTTPS. Our results help show what makes a library usable and what problems arise for developers using these TLS libraries. We found that the main way to ensure a TLS library is usable is to focus on having clear documentation. From our results, we provide suggestions on how to create usable documentation.

Degree

MS

College and Department

Physical and Mathematical Sciences; Computer Science

Rights

https://lib.byu.edu/about/copyright/

Date Submitted

2020-09-15

Document Type

Thesis

Handle

http://hdl.lib.byu.edu/1877/etd11430

Keywords

TLS protocol, API usability, developer study

Language

english

Share

COinS