A methodology to Evaluate the Usability of Security APIs (1810.05100v1)

Abstract: Increasing number of cyber-attacks demotivate people to use Information and Communication Technology (ICT) for industrial as well as day to day work. A main reason for the increasing number of cyber-attacks is mistakes that programmers make while developing software applications that are caused by usability issues exist in security Application Programming Interfaces (APIs). These mistakes make software vulnerable to cyber-attacks. In this paper, we attempt to take a step closer to solve this problem by proposing a methodology to evaluate the usability and identify usability issues exist in security APIs. By conducting a review of previous research, we identified 5 usability evaluation methodologies that have been proposed to evaluate the usability of general APIs and characteristics of those methodologies that would affect when using these methodologies to evaluate security APIs. Based on the findings, we propose a methodology to evaluate the usability of security APIs.