Bewertung der Relevanz von Krypto-APIs auf Basis eines Scoring-Ansatzes

The main results of the work will be presented at the European Interdisciplinary Cybersecurity Conference - EICC 2022.

For detais see our upcoming paper: cryptolib: comparing and selecting cryptography libraries

Abstract

Technological advancement and ongoing digitalization are creating more and more security-critical requirements for software developers. At the same time there is a big and ever-growing amount of cryptographic APIs. Identifying why certain APIs are used more frequently than others is not an easy task. Furthermore, it is difficult to recognize the reasons behind the utilization of an certain API in software development. Which APIs are relevant and important for developers? Which attributes are involved? There are a couple of scientific contributions that analyze APIs or introduce attributes under different points of view at the time of writing. The new attributes, that have been introduced within this thesis, are following the known literature. This thesis evaluates related work for useful attributes and conducts interviews to generate new attributes for the creation of a new Scoring. The Scoring is based on 15 new attributes condensed from 78 attributes from related work and 50 attributes from interviews. The new Scoring is set up with related descriptions and information for valuating APIs. The chosen at- tributes have been evaluated, with regard to their suitability, by conducting a survey. Additionally, the scoring was used on two APIs as an example to show the rating in action. This thesis established suitable attributes for the rating of cryptographic APIs, that have been analyzed and tested. From those, a scoring was developed, that can be used as a decision support for developers. By using the scoring, existing APIs may be indexed and added to a ranking. Thus, from now on, relevant APIs may be identified and compared.