Empirical Studies on the Security and Usability Impact of Immutability

Sam Weber, Michael Coblenz, Brad Myers, Jonathan Aldrich, Joshua Sunshine
2017 2017 IEEE Cybersecurity Development (SecDev)  
Although it is well-known that API design has a large and long-term impact on security, the literature contains few substantial guidelines for practitioners on how to design APIs that improve security. Even fewer of those guidelines have been evaluated empirically. Security professionals have proposed that software engineers choose immutable APIs and architectures to enhance security. Unfortunately, prior empirical research argued that immutablity decreases API usability. This paper brings
more » ... her the results from a number of previous papers that together aim to show that immutability, when carefully designed using usability as a first-class requirement, can have positive effects on both usability and security. We also make observations on study design in this field.
doi:10.1109/secdev.2017.21 dblp:conf/secdev/WeberCMAS17 fatcat:znbrzkcpp5aangwz35e74czla4