Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Idea: Usable platforms for secure programming - mining unix for insight and guidelines

: Türpe, Sven


Caballero, J.; Bodden, E.; Athanasopoulos, E.:
Engineering secure software and systems. 8th international symposium, ESSoS 2016 : London, UK, April 6-8, 2016. Proceedings
Cham: Springer International Publishing, 2016 (Lecture Notes in Computer Science 9639)
ISBN: 978-3-319-30805-0 (Print)
ISBN: 978-3-319-30806-7 (Online)
International Symposium on Engineering Secure Software and Systems (ESSoS) <8, 2016, London>
Fraunhofer SIT ()

Just as security mechanisms for end users need to be usable, programming platforms and APIs need to be usable for programmers. To date the security community has assembled large catalogs of dos and donts for programmers, but rather little guidance for the design of APIs that make secure programming easy and natural. Unix with its setuid mechanism lets us study usable security issues of programming platforms. Setuid allows certain programs to run with higher privileges than the user or process controlling them. Operating across a privilege boundary entails security obligations for the program. Obligations are known and documented, yet developers often fail to fulfill them. Using concepts and vocabulary from usable security and usability of notations theory, we can explain how the Unix platform provokes vulnerabilities in such programs. This analysis is a first step towards developing platform design guidelines to address human factors issues in secure programming.