Sponsored by Applied Computer Security Associates Empirical Evaluation of API Usability and Security∗

The aim of our project is to gather empirical evidence on the security impacts of language and Application Program Interface (API) design. Ultimately, the cause of cybersecu-rity failures is flawed code written by programmers. Our philosophy is that programmers are people, and we need to study how to design APIs which are usable by programmers — APIs with which it is easy to develop secure code. It is well-known that API design can have a large impact on security, and this barrier is difficult, if not impossible, to overcome by training alone. For example, buffer overflows were understood and documented as early as 1972, but are still one of the most common vulnerabilities. Furthermore, APIs are typically designed by a small number of experi-enced developers but have an extremely long life-span, and therefore the impact of poor API design can have far reach-ing consequences. There has been some previous work on the usability of APIs, but so far this work has restricted itself to other soft-ware quality attributes, such as learnability. A relevant ex-ample of such work is Stylos et al [1], which studied the relative usability of different styles of constructing objects. The results were rather dismaying from a security point-of-view: programmers strongly preferred a style which would cause contructed objects to be mutable, whereas the secu-rity community generally considers mutability a source of security problems. One of our tasks will be to investigate and measure this apparent trade-off between traditional us-ability and security. We should make clear that we are not targeting just APIs with security-relevant functionality, such as libraries that support authentication. Ordinary libraries — including but not limited to string, file, and XML processing and net-work libraries — pose more interesting problems because ∗This work is partially supported by NSF award 142305