Toward Semantic Cryptography APIs
While several mature cryptographic frameworks exist, and have been utilized for building complex applications, developers often use these frameworks incorrectly and introduce security vulnerabilities. This stems from several challenges, including (i) an expectation that framework users understand security attacks and defenses and the subtle impact of various low level parameters, (ii) the need to take into account information external to the system to ensure security (e.g. TLS certificate revocations), and (iii) the frequent need to disable security checks during development and testing, as sometimes these checks remain disabled in production. We propose guidelines for designing cryptography APIs that are semantically meaningful for developers and that can be implemented consistently on top of existing frameworks. We also propose the Regulator design pattern, for incorporating security-critical external information, and build management hooks for isolating security workarounds needed during the development and test phases. Our API is a first step toward striking the right balance between restricting the security decisions that developers make and giving them the flexibility needed for complex applications that use cryptography.
