TWC: Small: Empirical Evaluation of the Usability and Security Implications of Application Programming Interface Design

TWC：小：应用程序编程接口设计的可用性和安全性影响的实证评估

• 批准号: 1423054
• 负责人: Brad Myers
• 金额: $ 49.91万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-09-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1423054&HistoricalAwards=false
• 关键词: TWC; Small; Empirical; Evaluation; Usability

The objective of this project is to gather empirical evidence on the tradeoffs between security and usability in programming language and library design. Although it is well known that poorly-designed interfaces can lead to increased defect rates and software vulnerabilities, there is currently little specific guidance to designers on what precise language and library features make programmers more or less likely to write vulnerable code. Furthermore, little of the existing guidance is empirically based. The project will develop empirically-based guidance on two issues. First, the ISO/IEC standardization working group for the C programming language is currently evaluating multiple proposals for adding concurrency to the language, and this project will produce data to inform their decision-making process. Second, by evaluating the impact of the use of mutability, the project will provide data that may influence how future programming languages and libraries are designed. The project involves three parts. The first phase is an analysis of flaws in code that uses the draft versions of the C concurrency APIs under consideration as well as comparable Java databases on concurrency-related flaws. In the second and third phases, programmers who have between 2 and 5 years of experience will be asked to complete tasks using competing interface designs. The first set of experiments will evaluate competing C and C++ parallel language extensions to determine which language and library features are more likely to result in secure code. Specifically, the investigators will measure the programmers' ability to produce concurrent code free from security-related defects, such as "data races" and "time-of-check-to-time-of-use" errors using the different libraries. The investigators will then build upon this work to evaluate tradeoffs between security and usability when using immutability to reduce the likelihood of vulnerabilities in concurrent code. Through these two experiments, the project will advance the science of cybersecurity by developing a methodology for empirically evaluating how library and language design affect the frequency with which trained professional programmers inadvertently introduce security vulnerabilities during implementation.

这个项目的目标是收集关于编程语言和库设计中安全性和可用性之间权衡的经验证据。尽管众所周知，设计不佳的界面会导致缺陷率和软件漏洞的增加，但目前几乎没有针对设计人员的具体指导，说明究竟是什么语言和库功能使程序员或多或少有可能编写易受攻击的代码。此外，现有的指导几乎没有什么是基于经验的。该项目将就两个问题制定基于经验的指导。首先，ISO/IEC C编程语言标准化工作组目前正在评估为该语言增加并发性的多项建议，该项目将产生数据，为他们的决策过程提供信息。其次，通过评估使用可变性的影响，该项目将提供可能影响未来编程语言和库设计方式的数据。该项目包括三个部分。第一阶段是分析使用正在考虑的C并发API草案版本的代码中的缺陷，以及有关并发相关缺陷的类似Java数据库。在第二和第三阶段，拥有2到5年经验的程序员将被要求使用竞争对手的界面设计来完成任务。第一组实验将评估相互竞争的C和C++并行语言扩展，以确定哪些语言和库功能更有可能产生安全代码。具体地说，调查人员将使用不同的库来衡量程序员产生没有安全相关缺陷的并发代码的能力，例如“数据竞争”和“检查到使用时间”错误。然后，调查人员将在这项工作的基础上，在使用不变性来减少并发代码中漏洞的可能性时，评估安全性和可用性之间的权衡。通过这两项实验，该项目将通过开发一种方法来推动网络安全科学，以经验地评估库和语言设计如何影响训练有素的专业程序员在实施过程中无意中引入安全漏洞的频率。