skip to main content
10.1145/3194707.3194709acmconferencesArticle/Chapter ViewAbstractPublication PagesicseConference Proceedingsconference-collections
short-paper

Safe cryptography for all: towards visual metaphor driven cryptography building blocks

Published: 27 May 2018 Publication History

Abstract

In this vision paper, we focus on a key aspect of the modern software developer's potential to write secure software: their (lack of) success in securely using cryptography APIs. In particular, we note that most ongoing research tends to focus on identifying concrete problems software developers experience, and providing workable solutions, but that such solutions still require developers to identify the appropriate API calls to make and, worse, to be familiar with and configure sometimes obscure parameters of such calls. In contrast, we envision identifying and employing targeted visual metaphors to allow developers to simply select the most appropriate cryptographic functionality they need.

References

[1]
Mihir Bellare and Chanathip Namprempre. 2000. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 531--545.
[2]
Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, and Christos Xenakis. 2016. Evaluation of cryptography usage in android applications. In Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 83--90.
[3]
Amy Cravens. 2012. A demographic and business model analysis of today's app developer. GigaOM Pro (2012).
[4]
Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. 2013. An empirical study of cryptographic misuse in android applications. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 73--84.
[5]
Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov. 2012. The most dangerous code in the world: validating SSL certificates in non-browser software. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 38--49.
[6]
Jeff Gray, Hal Abelson, David Wolber, and Michelle Friend. 2012. Teaching CS Principles with App Inventor. In Proceedings of the 50th Annual Southeast Regional Conference (ACM-SE '12). ACM, New York, NY, USA, 405--406.
[7]
E. C. Groen, N. Seyff, R. Ali, F. Dalpiaz, J. Doerr, E. Guzman, M. Hosseini, J. Marco, M. Oriol, A. Perini, and M. Stade. 2017. The Crowd in Requirements Engineering: The Landscape and Challenges. IEEE Software 34, 2 (Mar 2017), 44--52.
[8]
Filiz Kalelioğlu. 2015. A new way of teaching programming skills to K-12 students: Code. org. Computers in Human Behavior 52 (2015), 200--210.
[9]
S. Krüger, S. Nadi, M. Reif, K. Ali, M. Mezini, E. Bodden, F. Göpfert, F. Günther, C. Weinert, D. Demmler, and R. Kamath. 2017. CogniCrypt: Supporting developers in using cryptography. In 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE). 931--936.
[10]
Sarah Nadi, Stefan Krüger, Mira Mezini, and Eric Bodden. 2016. Jumping Through Hoops: Why Do Java Developers Struggle with Cryptography APIs?. In Proceedings of the 38th International Conference on Software Engineering (ICSE '16). ACM, New York, NY, USA, 935--946.
[11]
Chaim Perelman. 1971. The new rhetoric. In Pragmatics of natural languages. Springer, 145--149.
[12]
Mitchel Resnick, John Maloney, Andrés Monroy-Hernández, Natalie Rusk, Evelyn Eastmond, Karen Brennan, Amon Millner, Eric Rosenbaum, Jay Silver, Brian Silverman, et al. 2009. Scratch: programming for all. Commun. ACM 52, 11 (2009), 60--67.
[13]
Shao Shuai, Dong Guowei, Guo Tao, Yang Tianchang, and Shi Chenjie. 2014. Modelling analysis and auto-detection of cryptographic misuse in android applications. In Dependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12th International Conference on. IEEE, 75--80.
[14]
SlashData Developer Economics. 2017. Developer Economics: State of the Developer Nation. https://www.developereconomics.com/reports. (2017). Online; accessed 20 October 2017.
[15]
Nikolai Tillmann, Michal Moskal, Jonathan de Halleux, and Manuel Fahndrich. 2011. TouchDevelop: programming cloud-connected mobile devices via touchscreen. In Proceedings of the 10th SIGPLAN symposium on New ideas, new paradigms, and reflections on programming and software. ACM, 49--60.
[16]
Alma Whitten and J Doug Tygar. 1999. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In USENIX Security Symposium, Vol. 348.
[17]
David Wolber, Harold Abelson, and Mark Friedman. 2015. Democratizing Computing with App Inventor. GetMobile: Mobile Comp. and Comm. 18, 4 (Jan. 2015), 53--58.
[18]
Benjamin Xie and Hal Abelson. 2016. Skill progression in MIT app inventor. In Visual Languages and Human-Centric Computing (VL/HCC), 2016 IEEE Symposium on. IEEE, 213--217.

Cited By

View all
  • (2022)Cryptography in Grade 10Proceedings of the 27th ACM Conference on on Innovation and Technology in Computer Science Education Vol. 110.1145/3502718.3524767(456-462)Online publication date: 7-Jul-2022

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SEAD '18: Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment
May 2018
66 pages
ISBN:9781450357272
DOI:10.1145/3194707
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 May 2018

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cryptography
  2. developer support
  3. secure code
  4. visual metaphor

Qualifiers

  • Short-paper

Funding Sources

  • EPSRC

Conference

ICSE '18
Sponsor:

Upcoming Conference

ICSE 2025

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)1
Reflects downloads up to 12 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Cryptography in Grade 10Proceedings of the 27th ACM Conference on on Innovation and Technology in Computer Science Education Vol. 110.1145/3502718.3524767(456-462)Online publication date: 7-Jul-2022

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media