Abstract
Transport Layer Security (TLS) is a secure communication protocol between a client and a server over a network. The TLS protocol provides the two endpoints with confidentiality through symmetric encryption, endpoint authentication using public-key cryptography, and data integrity using a MAC. However, studies show that security vulnerabilities within TLS connections are often caused by developers misusing TLS library APIs. We measure the usability of four TLS libraries by performing a developer user study. Participants were given code that connects to google.com through HTTP, and tasked with using a TLS library to change the code so that it connects securely to Google through HTTPS. Our results help show what makes a library usable and what problems arise for developers using these TLS libraries. We found that the main way to ensure a TLS library is usable is to focus on having clear documentation. From our results, we provide suggestions on how to create usable documentation.
Degree
MS
College and Department
Physical and Mathematical Sciences; Computer Science
Rights
https://lib.byu.edu/about/copyright/
BYU ScholarsArchive Citation
Armknecht, Jonathan Blake, "A Developer Usability Study of TLS Libraries" (2020). Theses and Dissertations. 8685.
https://scholarsarchive.byu.edu/etd/8685
Date Submitted
2020-09-15
Document Type
Thesis
Handle
http://hdl.lib.byu.edu/1877/etd11430
Keywords
TLS protocol, API usability, developer study
Language
english