A methodology to Evaluate the Usability of Security APIs

TL;DR

This paper proposes a new methodology for evaluating the usability of security APIs to identify usability issues that could lead to security vulnerabilities, aiming to reduce cyber-attacks caused by developer mistakes.

Contribution

It introduces a tailored methodology for assessing security API usability, building on existing general API evaluation methods and adapting them for security-specific concerns.

Findings

Reviewed existing usability evaluation methodologies for APIs.

Identified key characteristics affecting security API evaluation.

Proposed a new, security-focused usability evaluation methodology.

Abstract

Increasing number of cyber-attacks demotivate people to use Information and Communication Technology (ICT) for industrial as well as day to day work. A main reason for the increasing number of cyber-attacks is mistakes that programmers make while developing software applications that are caused by usability issues exist in security Application Programming Interfaces (APIs). These mistakes make software vulnerable to cyber-attacks. In this paper, we attempt to take a step closer to solve this problem by proposing a methodology to evaluate the usability and identify usability issues exist in security APIs. By conducting a review of previous research, we identified 5 usability evaluation methodologies that have been proposed to evaluate the usability of general APIs and characteristics of those methodologies that would affect when using these methodologies to evaluate security APIs. Based on the findings, we propose a methodology to evaluate the usability of security APIs.