Visible to the public Understanding Developers' Reasoning about Privacy and Security - July 2014

Submitted by jkatz on Fri, 06/27/2014 - 5:18pm

Public Audience
Our goal is to discover, understand, and quantify challenges that developers face in writing secure and privacy-preserving programs. Several research thrusts will enable this goal.

Qualitative studies of developers will discover cultural and workplace dynamics that encourage or discourage privacy and security by design. And experiments with alternative design schemas will test how to facilitate adoption.

Understanding design settings:
Interviews with, and observations of, application developers will discover factors within design settings (such as work practices, institutional arrangements, or social norms) which encourage developers to value privacy and security design, and adopt techniques to protect privacy and security. We will conduct interviews with professional developers in a diversity of development settings (small and large companies, contractors and independent developers) in Washington DC and Silicon Valley. And we will observe design meetings at companies as well as hackathons. Analyzing field notes and transcripts of interviews will reveal how developers discover and learn about new privacy and security techniques, what encourages developers to adopt new privacy and security practices, and how application developers make choices between privacy, security and other priorities.

Facilitating adoption:
Techniques such as information flow control can offer strong privacy guarantees but have failed to achieve traction among developers. Concepts such as lattices of security labels and scrubbing implicit flow leaks from programs require developers to learn security concepts in order to work correctly on an information flow secure platform (Jif, Flume). We have developed an alternative scheme that requires developers to partition their apps based on functionality (analogous to a model-view-controller pattern) instead of using labels and information-flow secure compilers. We will conduct developer studies using A-B testing to determine the ease of programming using information flow versus our programming model. Similarly, we will study design patterns for security features in applications. For example, privilege separation in applications, key management in a distributed application, mandatory access control policies for app components.  These design patterns will enable even non-security-expert developers to write secure & private applications by default.

PI(s): Katie Shilton, Mohit Tiwari, Elaine Shi, and Charalampos (Babis) Papamanthou

Researchers: Jimmy Brisson

HARD PROBLEM(S) ADDRESSED

Develop models of human behavior that enable the design, modeling, and analysis of systems with specified security properties.

PUBLICATIONS

 

ACCOMPLISHMENT HIGHLIGHTS

 


 

Groups: