Showing 1–2 of 2 results for author: Dwyer, A C
-
How darknet market users learned to worry more and love PGP: Analysis of security advice on darknet marketplaces
Authors:
Andrew C. Dwyer,
Joseph Hallett,
Claudia Peersman,
Matthew Edwards,
Brittany I. Davidson,
Awais Rashid
Abstract:
Darknet marketplaces, accessible through, Tor are where users can buy illicit goods, and learn to hide from law enforcement. We surveyed the advice on these markets and found valid security advice mixed up with paranoid threat models and a reliance on privacy tools dismissed as unusable by the mainstream.
Darknet marketplaces, accessible through, Tor are where users can buy illicit goods, and learn to hide from law enforcement. We surveyed the advice on these markets and found valid security advice mixed up with paranoid threat models and a reliance on privacy tools dismissed as unusable by the mainstream.
△ Less
Submitted 16 March, 2022;
originally announced March 2022.
-
Don't forget your classics: Systematizing 45 years of Ancestry for Security API Usability Recommendations
Authors:
Nikhil Patnaik,
Andrew C. Dwyer,
Joseph Hallett,
Awais Rashid
Abstract:
Producing secure software is challenging. The poor usability of security APIs makes this even harder. Many recommendations have been proposed to support developers by improving the usability of cryptography libraries and APIs; rooted in wider best practice guidance in software engineering and API design. In this SLR, we systematize knowledge regarding these recommendations.
We identify and analy…
▽ More
Producing secure software is challenging. The poor usability of security APIs makes this even harder. Many recommendations have been proposed to support developers by improving the usability of cryptography libraries and APIs; rooted in wider best practice guidance in software engineering and API design. In this SLR, we systematize knowledge regarding these recommendations.
We identify and analyze 65 papers spanning 45 years, offering a total of 883 recommendations.We undertake a thematic analysis to identify 7 core ways to improve usability of APIs. We find that most of the recommendations focus on hel** API developers to construct and structure their code and make it more usable and easier for programmers to understand. There is less focus, however, on documentation, writing requirements, code quality assessment and the impact of organizational software development practices. By tracing and analyzing paper ancestry, we map how this knowledge becomes validated and translated over time.We find evidence that less than a quarter of all API usability recommendations are empirically validated, and that recommendations specific to usable security APIs lag even further behind in this regard.
△ Less
Submitted 5 May, 2021;
originally announced May 2021.