Bitcoin's APIs in Open-Source Projects: Security Usability Evaluation

Tschannen, Philipp and Ahmed, Ali ORCID: 0000-0002-7370-3044 (2020) Bitcoin's APIs in Open-Source Projects: Security Usability Evaluation. ELECTRONICS, 9 (7). p. 1077.

Text
electronics-09-01077-v2.pdf - Published version
Download (684kB) | Preview

Official URL: http://dx.doi.org/10.3390/electronics9071077

Abstract

<jats:p>Given the current state of software development, it does not seem that we are nowhere near vulnerability-free software applications, due to many reasons, and software developers are one of them. Insecure coding practices, the complexity of the task in hand, and usability issues, amongst other reasons, make it hard on software developers to maintain secure code. When it comes to cryptographic currencies, the need for assuring security is inevitable. For example, Bitcoin is a peer-to-peer software system that is primarily used as digital money. There exist many software libraries supporting various programming languages that allow access to the Bitcoin system via an Application Programming Interface (API). APIs that are inappropriately used would lead to security vulnerabilities, which are hard to discover, resulting in many zero-day exploits. Making APIs usable is, therefore, an essential aspect related to the quality and robustness of the software. This paper surveys the general academic literature concerning API usability and usable security. Furthermore, it evaluates the API usability of Libbitcoin, a well-known C++ implementation of the Bitcoin system, and assesses how the findings of this evaluation could affect the applications that use Libbitcoin. For that purpose, the paper proposes two static analysis tools to further investigate the use of Libbitcoin APIs in open-source projects from a security usability perspective. The findings of this research have improved Libbitcoin in many places, as will be shown in this paper.</jats:p>

Item Type:	Article
Uncontrolled Keywords:	API usability, Bitcoin, security, privacy, open-source, Libbitcoin APIs, software developers
Divisions:	Faculty of Science and Engineering > School of Electrical Engineering, Electronics and Computer Science
Depositing User:	Symplectic Admin
Date Deposited:	22 Jul 2021 07:02
Last Modified:	17 Mar 2024 11:36
DOI:	10.3390/electronics9071077
Related URLs:	Author Publisher
URI:	https://livrepository.liverpool.ac.uk/id/eprint/3130905