Browse/search for people

Mr Nikhil Patnaik

Usable Abstractions for Secure Programming - A Mental Model Approach

Cryptographic application programming interfaces (APIs) are currently widely used to provide security of communication and information flows in contemporary applications. Existing research has highlighted that vulnerabilities arise in software due to misunderstanding about the guarantees provided by API functions or unintentional misconfiguration of relevant security parameters. However, little is understood about developers’ mental models that lead to such issues and the misalignment between these models and the actual functionality the API as intended by developers. The aim of the studentship is to study developers’ mental models of security APIs and to understand any misalignment with correct API usage. Based on these results we will design novel programming abstractions that improve the usability of security APIs.