Developers Are Users Too: Designing Crypto and Security APIs That Busy Engineers and Sysadmins Can Use Securely

Abstract

Over the past several years a number of new cryptographic libraries and APIs have become available to developers. These libraries promise to greatly increase the use of cryptography on the web and in the cloud, but they often do so at a cost. In this workshop we will attempt to outline a new paradigm for cryptographic API development that treats normal developers, rather than cryptographers, as the primary consumer – and treat developer use as a critical failure mode, rather than a regrettable failure. To begin this discussion, we will present several case studies of existing APIs that have seen widespread real world misuse, and we will attempt to characterize the key failings that created these situations. We will also discuss the contributing factors that led to these conditions, including: standards bodies, lack of formal testing requirements, and the expressiveness/safety tradeoff. We will then consider the base requirements for a "developer safe" regime of library and API development that reduce the possibility of misuse. Towards this end we will also consider a number of APIs that have been successful in this regard, and work to distill these lessons into formal recommendations. Finally, we will discuss if we as a community need to adopt techniques from the HCI community when designing cryptographic APIs and libraries.