Logo des Repositoriums
 

“Jumping Through Hoops”: Why do Java Developers Struggle With Cryptography APIs?

dc.contributor.authorNadi, Sarah
dc.contributor.authorKrüger, Stefan
dc.contributor.authorMezini, Mira
dc.contributor.authorBodden, Eric
dc.contributor.editorJürjens, Jan
dc.contributor.editorSchneider, Kurt
dc.date.accessioned2017-06-21T19:18:04Z
dc.date.available2017-06-21T19:18:04Z
dc.date.issued2017
dc.description.abstractTo protect sensitive data processed by current applications, developers, whether security experts or not, have to rely on cryptography. While cryptography algorithms have become increasingly advanced, many data breaches occur because developers do not correctly use the corresponding APIs. To guide future research into practical solutions to this problem, we perform an empirical investigation into the obstacles developers face while using the Java cryptography APIs, the tasks they use the APIs for, and the kind of (tool) support they desire. We triangulate data from four separate studies that include the analysis of 100 StackOverflow posts, 100 GitHub repositories, and survey input from 48 developers. We find that while developers find it difficult to use certain crypto- graphic algorithms correctly, they feel surprisingly confident in selecting the relevant cryptography concepts (e.g., encryption vs. signatures). We also find that the APIs are generally perceived to be too low-level and that developers prefer more task-based solutions.en
dc.identifier.isbn978-3-88579-661-9
dc.identifier.pissn1617-5468
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSoftware Engineering 2017
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-267
dc.subjectCryptography
dc.subjectAPI misuse
dc.subjectempirical software engineering
dc.title“Jumping Through Hoops”: Why do Java Developers Struggle With Cryptography APIs?en
dc.typeText/Conference Paper
gi.citation.publisherPlaceBonn
gi.citation.startPage57
gi.conference.date21.-24. Februar 2017
gi.conference.locationHannover
gi.conference.sessiontitleEmpirical Software Engineering 1

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
paper17.pdf
Größe:
33.25 KB
Format:
Adobe Portable Document Format