A Generic Cognitive Dimensions Questionnaire to Evaluate the Usability of Security APIs

Programmers use security APIs to embed security into the applications they develop. Security vulnerabilities get introduced into those applications, due to the usability issues that exist in the security APIs. Improving usability of security APIs would contribute to improve the security of applications that programmers develop. However, currently there is no methodology to evaluate the usability of security APIs. In this study, we attempt to improve the Cognitive Dimensions framework based API usability evaluation methodology, to evaluate the usability of security APIs.

[1]  Paul Vixie DNS Complexity , 2007, ACM Queue.

[2]  Alan F. Blackwell,et al.  A Cognitive Dimensions questionnaire optimised for users , 2000, PPIG.

[3]  Vitaly Shmatikov,et al.  The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.

[4]  Chanchal Kumar Roy,et al.  Useful, But Usable? Factors Affecting the Usability of APIs , 2011, 2011 18th Working Conference on Reverse Engineering.

[5]  eva Kühn,et al.  Automated measurement of API usability: The API Concepts Framework , 2015, Inf. Softw. Technol..

[6]  Brad A. Myers,et al.  Improving API usability , 2016, Commun. ACM.

[7]  Thomas R. G. Green,et al.  Cognitive dimensions of notations , 1990 .

[8]  Jeffrey Stylos,et al.  Usability Implications of Requiring Parameters in Objects' Constructors , 2007, 29th International Conference on Software Engineering (ICSE'07).

[9]  Michi Henning,et al.  API design matters , 2009, CACM.

[10]  Kai Mindermann,et al.  Are Easily Usable Security Libraries Possible and How Should Experts Work Together to Create Them? , 2016, 2016 IEEE/ACM Cooperative and Human Aspects of Software Engineering (CHASE).

[11]  Sae Young Jeong,et al.  Usability challenges for enterprise service-oriented architecture APIs , 2008, 2008 IEEE Symposium on Visual Languages and Human-Centric Computing.

[12]  Konstantin Beznosov,et al.  Phishing threat avoidance behaviour: An empirical investigation , 2016, Comput. Hum. Behav..

[13]  Steven Clarke Evaluating a new programming language , 2001, PPIG.

[14]  Luigi Lo Iacono,et al.  Towards the Usability Evaluation of Security APIs , 2016, HAISA.

[15]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[16]  Jeffrey Stylos,et al.  A case study of API redesign for improved usability , 2008, 2008 IEEE Symposium on Visual Languages and Human-Centric Computing.

[17]  Umer Farooq,et al.  API peer reviews: a method for evaluating usability of application programming interfaces , 2010, CSCW '10.

[18]  Umer Farooq,et al.  API usability: CHI'2009 special interest group meeting , 2009, CHI Extended Abstracts.

[19]  Dan Diaper,et al.  Desirable features of educational theorem provers - a cognitive dimensions viewpoint , 1999, PPIG.

[20]  Matthew Smith,et al.  Rethinking SSL development in an appified world , 2013, CCS.

[21]  Brad A. Myers,et al.  The implications of method placement on API learnability , 2008, SIGSOFT '08/FSE-16.

[22]  Mike Bond Understanding security APIs , 2004 .

[23]  Bertrand Meyer,et al.  An Empirical Study of API Usability , 2013, 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement.

[24]  Manfred Tscheligi,et al.  Methods towards API Usability: A Structural Analysis of Usability Problem Categories , 2012, HCSE.

[25]  Matthew Green,et al.  Developers Are Users Too: Designing Crypto and Security APIs That Busy Engineers and Sysadmins Can Use Securely , 2015 .

[26]  Ted Boren,et al.  Thinking aloud: reconciling theory and practice , 2000 .

[27]  Paul C. van Oorschot,et al.  The developer is the enemy , 2009, NSPW '08.