Abstract
Trusted Platform Modules (TPMs) provide a hardwarebased root of trust and secure storage and help verify their host's integrity. Software developers can interact with a TPM and utilize its functionalities using standardized APIs that various libraries have implemented. We present a qualitative study (n=9) involving task analysis and cognitive interviews that uncovered several usability and security issues with tpm2-tools, one of the widely used TPM library APIs. Towards this end, we implemented a study environment that we will release as open source to support further studies. Our results support two major conclusions: 1) tpm2-tools APIs, as designed, are not designed to be developer-friendly, and 2) One of the major causes for these usability issues is in the TPM specifications. Since other libraries also mirror the specifications and provide no significant usability improvements, our results are likely to indicate similar issues with all current TPM library APIs. We provide recommendations for improving the TPM library APIs documentation and software, and we highlight the need for HCI experts to review TPM specifications to preemptively address usability pitfalls.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 18th Symposium on Usable Privacy and Security, SOUPS 2022 |
| Publisher | USENIX -The Advanced Computing Systems Association |
| Pages | 213-232 |
| Number of pages | 20 |
| ISBN (Electronic) | 978-1-939133-30-4 |
| Publication status | Published - 2022 |
| MoE publication type | A4 Conference publication |
| Event | Symposium on Usable Privacy and Security - Boston, United States Duration: 7 Aug 2022 → 9 Aug 2022 Conference number: 18 |
Conference
| Conference | Symposium on Usable Privacy and Security |
|---|---|
| Abbreviated title | SOUPS |
| Country/Territory | United States |
| City | Boston |
| Period | 07/08/2022 → 09/08/2022 |