While several mature cryptographic frameworks exist, including including Oracle JSSE, IBM JSSE, BouncyCastle, and OpenSSL, and they have been utilized for building complex applications. However, developers often use these frameworks incorrectly and introduce security vulnerabilities. This stems from several challenges, including (i) an expectation that framework users understand security attacks and defenses and the subtle impact of various low level parameters; (ii) the need to take into account information external to the system to ensure security (e.g. TLS certificate revocations); and (iii) the frequent need to disable security checks during development and testing, as sometimes these checks remain disabled in production. We propose guidelines for designing cryptography APIs that are semantically meaningful for developers and that can be implemented consistently on top of existing frameworks. We also propose the Regulator design pattern, for incorporating security-critical external information, and build management hooks for isolating security workarounds needed during the development and test phases. These guidelines are a step toward striking a balance between restricting the security decisions that developers make and giving them the flexibility needed for complex applications that use cryptography.
[Onward! 2016] S. Indela, M. Kulkarni, K. Nayak, and T. Dumitraș, “Helping Johnny Encrypt: Toward Semantic Interfaces for Cryptographic Frameworks,” in ACM SPLASH Onward! Conference, Amsterdam, NL, 2016.
[SecDev 2016] S. Indela, M. Kulkarni, K. Nayak, and T. Dumitraș, “Toward Semantic Cryptography APIs,” in IEEE SecDev, Boston, MA, 2016.