RFCcertDT:SSL/TLS中证书验证的测试工具

doi:10.19665/j.issn1001-2400.2019.03.004

Abstract

Abstract:

To solve the problems such as low efficiency of existing tools which are used to check certificate validation modules in the implementation of Secure Sockets Layer or Transport Layer Security protocol, a novel tool named RFCcertDT for differential testing of certificate validation modules is designed and developed. First, rules of certificates are automatically extracted, updated, classified and expressed based on the Request for Comments specified by the Internet Engineering Task Force, and certificates which act as test cases are generated based on the dynamic symbolic execution technique. Second, the generated certificates and the token-ring testing are used to conduct differential testing of a single or multiple certificate validation modules and generate bug reports. Experimental results show that the RFCcertDT is more efficient than existing tools. In summary, the RFCcertDT tests certificate validation modules with high efficiency and is helpful to reinforcing the software security of the Secure Sockets Layer or Transport Layer Security protocol.

Key words: secure sockets layer, transport layer security, request for comments, certificate validation, differential testing, dynamic symbolic execution

CLC Number:

TP311.5

CHEN Chu. RFCcertDT: a testing tool for certificate validation in SSL/TLS[J].Journal of Xidian University, 2019, 46(3): 20-25.

Figures/Tables 4

References 17

[1]	FREIER A, KARTON P, KOCHER P . The Secure Sockets Layer (SSL) Protocol Version 3.0: RFC 6101 [S/OL]. [ 2019-02-25]. https://tools.ietf.org/html/rfc6101
[2]	DIERKS T, RESCORLA E . The Transport Layer Security (TLS) Protocol Version 1.2: RFC 5246 [S/OL]. [ 2019-02-25]. https://tools.ietf.org/html/rfc5246
[3]	Information Technology Laboratory. National Vulnerabilty Database CVE-2016-8495 Details [EB/OL]. [2019-02-20]. https://nvd.nist.gov/vuln/detail/CVE-2016-8495
[4]	BRUBAKER C, JANA S, RAY B , et al. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations [C]//Proceedings of the 2014 IEEE Symposium on Security and Privacy. Washington:IEEE Computer Society, 2014: 114-129.
[5]	CHEN Y T, SU Z D . Guided Differential Testing of Certificate Validation in SSL/TLS Implementations [C]// Proceedings of the 2015 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering. New York: ACM, 2015: 793-804.
[6]	CHAU S Y, CHOWDHURY O, HOQUE E , et al. SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations [C]//Proceedings of the 2017 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2017: 503-520.
[7]	PETSIOS T, TANG A, STOLFO S , et al. NEZHA: Efficient Domain-independent Differential Testing [C]// Proceedings of the 2017 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2017: 615-632.
[8]	COOPER D, SANTESSON S, FARRELL S , et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile: RFC 5280 [S/OL]. [2019-02-25]. https://tools.ietf.org/html/rfc5280
[9]	BRADNER S . Key Words for Use in RFCs to Indicate Requirement Levels: RFC 2119[S/OL]. [ 2019-02-25]. https://tools.ietf.org/html/rfc2119
[10]	LEIBA B . Ambiguity of Uppercase vs Lowercase in RFC 2119: RFC 8174 [S/OL]. [2019-02-20]. https://tools.ietf.org/html/rfc8174
[11]	BALDONI R, COPPA E, D’ELIA D C et al. A Survey of Symbolic Execution Techniques[J]. ACM Computing Surveys, 2018,51(3): 50:1-50:39.
[12]	MCKEEMAN W M . Differential Testing for Software[J]. Digital Technical Journal, 1998,10(1):100-107.
[13]	EVANS R B, SAVOIA A . Differential Testing: a New Approach to Change Detection [C]// Proceedings of the 2007 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering. New York: ACM, 2007: 549-552.
[14]	CHEN Y T, SU T, SUN C N , et al. Coverage-directed Differential Testing of JVM Implementations [C]// Proceedings of the 2016 ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2016: 85-99.
[15]	YEE P . Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile: RFC 6818 [S/OL]. [ 2019-02-25]. https://tools.ietf.org/html/rfc6818
[16]	CADAR C, DUNBAR D, ENGLER D R . KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs [C]//Proceedings of the 2008 8th USENIX Conference on Operating Systems Design and Implementation. Berkeley: USENIX Association, 2008: 209-224.
[17]	CHEN C, TIAN C, DUAN Z H , et al. RFC-directed Differential Testing of Certificate Validation in SSL/TLS Implementations [C]//Proceedings of the 2018 International Conference on Software Engineering. New York: ACM, 2018: 859-870.

项目	生成证书和测试总时间/s	发现的差异数量/个
Path δ-diversity (coarse)	50	8
Path δ-diversity (fine)	45	9
Output δ-diversity	51	11
RFCcertDT	35	79

项目	wolfSSL v3.6.6/v3.9.10/个	mbedTLS v2.1.4/v.2.3.0/个	matrixSSL v3.7.2/v3.8.6	时间/s
SymCerts	2	1	5	7 260
RFCcertDT	26	26	11	22

RFCcertDT: a testing tool for certificate validation in SSL/TLS

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 17

Related Articles 15

Metrics

Comments

Recommended 10

[1]	LIU Huayuan,SU Yunfei,LI Ruilin,TANG Chaojing. Structure-statebased graybox Fuzzing technique [J]. Journal of Xidian University, 2021, 48(1): 117-123.
[2]	HU Jianwei,ZHAO Wei,CUI Yanpeng,CUI Junjie. PHP code vulnerability mining technology based on theimproved ASTNN [J]. Journal of Xidian University, 2020, 47(6): 164-173.
[3]	ZHANG Lu,SUN Rong,LIU Jingwei. Cloned piggybacking framework for distributed storage [J]. Journal of Xidian University, 2020, 47(6): 139-147.
[4]	WANG Dekui. Approach to FPGA placement using resource negotiation [J]. Journal of Xidian University, 2019, 46(6): 17-22.
[5]	LIU Xi-yang;LIU Tao;BAI Zhi-wen;WANG Yan;MU Hao-ying. Portable and optimized reversible debugger [J]. J4, 2009, 36(1): 64-68.
[6]	CAO Min;WU Geng-feng. Support for dynamic reconfiguration and high-level programming of CORBA-based distributed applications [J]. J4, 2004, 31(6): 974-978.
[7]	Authors. title [J]. J4, 2003, 30(5): 594-598.
[8]	Authors. title [J]. J4, 2002, 29(1): 133-138.
[9]	Authors. title [J]. J4, 2001, 28(5): 616-621.
[10]	Authors. title [J]. J4, 2000, 27(1): 25-31.
[11]	Authors. title [J]. J4, 1999, 26(2): 0-0.
[12]	Authors. title [J]. J4, 1998, 25(6): 0-0.
[13]	Authors. title [J]. J4, 1998, 25(6): 0-0.
[14]	Authors. title [J]. J4, 1998, 25(6): 0-0.
[15]	Authors. title [J]. J4, 1998, 25(6): 0-0.