TWC: Small: Empirical Evaluation of the Usability and Security Implications of Application Programming Interface Design

TWC：小：应用程序编程接口设计的可用性和安全性影响的实证评估

• 批准号: 1423054
• 负责人: Brad Myers
• 金额: $ 49.91万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-09-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1423054&HistoricalAwards=false
• 关键词: TWC; Small; Empirical; Evaluation; Usability

The objective of this project is to gather empirical evidence on the tradeoffs between security and usability in programming language and library design. Although it is well known that poorly-designed interfaces can lead to increased defect rates and software vulnerabilities, there is currently little specific guidance to designers on what precise language and library features make programmers more or less likely to write vulnerable code. Furthermore, little of the existing guidance is empirically based. The project will develop empirically-based guidance on two issues. First, the ISO/IEC standardization working group for the C programming language is currently evaluating multiple proposals for adding concurrency to the language, and this project will produce data to inform their decision-making process. Second, by evaluating the impact of the use of mutability, the project will provide data that may influence how future programming languages and libraries are designed. The project involves three parts. The first phase is an analysis of flaws in code that uses the draft versions of the C concurrency APIs under consideration as well as comparable Java databases on concurrency-related flaws. In the second and third phases, programmers who have between 2 and 5 years of experience will be asked to complete tasks using competing interface designs. The first set of experiments will evaluate competing C and C++ parallel language extensions to determine which language and library features are more likely to result in secure code. Specifically, the investigators will measure the programmers' ability to produce concurrent code free from security-related defects, such as "data races" and "time-of-check-to-time-of-use" errors using the different libraries. The investigators will then build upon this work to evaluate tradeoffs between security and usability when using immutability to reduce the likelihood of vulnerabilities in concurrent code. Through these two experiments, the project will advance the science of cybersecurity by developing a methodology for empirically evaluating how library and language design affect the frequency with which trained professional programmers inadvertently introduce security vulnerabilities during implementation.

该项目的目标是收集有关编程语言和库设计中安全性和可用性之间权衡的经验证据。尽管众所周知，设计不当的界面会导致缺陷率和软件漏洞增加，但目前几乎没有针对设计人员的具体指导来说明哪些精确的语言和库功能使程序员或多或少可能编写易受攻击的代码。此外，现有的指导几乎没有以经验为基础。该项目将针对两个问题制定基于经验的指导。首先，C 编程语言的 ISO/IEC 标准化工作组目前正在评估多个为该语言添加并发性的提案，该项目将产生数据来为他们的决策过程提供信息。其次，通过评估使用可变性的影响，该项目将提供可能影响未来编程语言和库设计方式的数据。该项目涉及三个部分。第一阶段是使用正在考虑的 C 并发 API 草案版本以及并发相关缺陷的类似 Java 数据库来分析代码中的缺陷。在第二和第三阶段，具有2到5年经验的程序员将被要求使用竞争性的界面设计来完成任务。第一组实验将评估竞争的 C 和 C++ 并行语言扩展，以确定哪些语言和库功能更有可能产生安全代码。具体来说，研究人员将衡量程序员使用不同库生成没有安全相关缺陷的并发代码的能力，例如“数据竞争”和“检查时间到使用时间”错误。然后，研究人员将在这项工作的基础上评估使用不变性来减少并发代码中出现漏洞的可能性时安全性和可用性之间的权衡。通过这两个实验，该项目将通过开发一种方法来推进网络安全科学，该方法用于实证评估库和语言设计如何影响经过培训的专业程序员在实施过程中无意中引入安全漏洞的频率。