crypto_{lib}$: Comparing and selecting cryptography libraries (long version of EICC 2022 publication)
Selecting a library out of numerous candidates can be a laborious and resource-intensive task. We present the $crypto_{lib}$ index, a tool for decision-makers to choose the best fitting cryptography library for a given context. To define our index, 15 library attributes were synthesized from finding...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Journal Article |
| Language: | English |
| Published: |
30-03-2022
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Selecting a library out of numerous candidates can be a laborious and
resource-intensive task. We present the $crypto_{lib}$ index, a tool for
decision-makers to choose the best fitting cryptography library for a given
context. To define our index, 15 library attributes were synthesized from
findings based on a literature review and interviews with decision-makers.
These attributes were afterwards validated and weighted via an online survey.
In order to create the index value for a given library, the individual
attributes are assessed using given evaluation criteria associated with the
respective attribute. As a proof of concept and to give a practical usage
example, the derivation of the $crypto_{lib}$ values for the libraries Bouncy
Castle and Tink are shown in detail. Overall, by tailoring the weighting of the
$crypto_{lib}$ attributes to their current use case, decision-makers are
enabled to systematically select a cryptography library fitting best to their
software project at hand in a guided, repeatable and reliable way. |
|---|---|
| DOI: | 10.48550/arxiv.2203.16370 |