Options
2016
Conference Paper
Titel
Idea: Usable platforms for secure programming - mining unix for insight and guidelines
Abstract
Just as security mechanisms for end users need to be usable, programming platforms and APIs need to be usable for programmers. To date the security community has assembled large catalogs of dos and donts for programmers, but rather little guidance for the design of APIs that make secure programming easy and natural. Unix with its setuid mechanism lets us study usable security issues of programming platforms. Setuid allows certain programs to run with higher privileges than the user or process controlling them. Operating across a privilege boundary entails security obligations for the program. Obligations are known and documented, yet developers often fail to fulfill them. Using concepts and vocabulary from usable security and usability of notations theory, we can explain how the Unix platform provokes vulnerabilities in such programs. This analysis is a first step towards developing platform design guidelines to address human factors issues in secure programming.