A methodology to Evaluate the Usability of Security APIs
This addresses usability problems in security APIs for software developers, but it is incremental as it builds on existing methodologies.
The paper tackles the problem of cyber-attacks caused by usability issues in security APIs by proposing a methodology to evaluate usability and identify these issues, based on a review of 5 existing general API usability evaluation methodologies and their characteristics.
Increasing number of cyber-attacks demotivate people to use Information and Communication Technology (ICT) for industrial as well as day to day work. A main reason for the increasing number of cyber-attacks is mistakes that programmers make while developing software applications that are caused by usability issues exist in security Application Programming Interfaces (APIs). These mistakes make software vulnerable to cyber-attacks. In this paper, we attempt to take a step closer to solve this problem by proposing a methodology to evaluate the usability and identify usability issues exist in security APIs. By conducting a review of previous research, we identified 5 usability evaluation methodologies that have been proposed to evaluate the usability of general APIs and characteristics of those methodologies that would affect when using these methodologies to evaluate security APIs. Based on the findings, we propose a methodology to evaluate the usability of security APIs.