ABSTRACT
Certificate validation in Secure Socket Layer or Transport Layer Security protocol (SSL/TLS) is critical to Internet security. Thus, it is significant to check whether certificate validation in SSL/TLS is correctly implemented. With this motivation, we propose a novel differential testing approach which is directed by the standard Request For Comments (RFC). First, rules of certificates are extracted automatically from RFCs. Second, low-level test cases are generated through dynamic symbolic execution. Third, high-level test cases, i.e. certificates, are assembled automatically. Finally, with the assembled certificates being test cases, certificate validations in SSL/TLS implementations are tested to reveal latent vulnerabilities or bugs. Our approach named RFCcert has the following advantages: (1) certificates of RFCcert are discrepancy-targeted since they are assembled according to standards instead of genetics; (2) with the obtained certificates, RFCcert not only reveals the invalidity of traditional differential testing but also is able to conduct testing that traditional differential testing cannot do; and (3) the supporting tool of RFCcert has been implemented and extensive experiments show that the approach is effective in finding bugs of SSL/TLS implementations.
- A. Aliprandi, M. Mauro, and L. De Cola. 2016. Controlling and Imaging Biomimetic Self-assembly. Nature Chemistry 8, 1 (2016), 10--15.Google ScholarCross Ref
- R. Barnes, M. Thomson, A. Pironti, and A. Langley. 2015. Deprecating Secure Sockets Layer Version 3.0. (June 2015). https://tools.ietf.org/html/rfc7568Google Scholar
- A. Bauer, J. Jürjens, and Y. Yu. 2011. Run-Time Security Traceability for Evolving Systems. Comput. J. 54, 1 (January 2011), 58--87. Google ScholarDigital Library
- K. Bhargavan, A. Delignat-Lavaud, A. Pironti, A. Langley, and M. Ray. 2015. Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension. (September 2015). https://tools.ietf.org/html/rfc7627Google Scholar
- C. Boyapati, S. Khurshid, and D. Marinov. 2002. Korat: Automated Testing Based on Java Predicates. In Proceedings of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '02). ACM, New York, NY, USA, 123--133. Google ScholarDigital Library
- S. Bradner. 1997. Key Words for Use in RFCs to Indicate Requirement Levels. (March 1997). https://tools.ietf.org/html/rfc2119 Google ScholarDigital Library
- M. Brown and R. Housley. 2010. Transport Layer Security (TLS) Authorization Extensions. (May 2010). https://tools.ietf.org/html/rfc5878Google Scholar
- C. Brubaker, S. Jana, B. Ray, S. Khurshid, and V. Shmatikov. 2014. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP '14). IEEE Computer Society, Washington, DC, USA, 114--129. Google ScholarDigital Library
- C. Cadar, D. Dunbar, and D. Engler. 2008. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI'08). USENIX Association, Berkeley, CA, USA, 209--224. http://dl.acm.org/citation.cfm?id=1855741.1855756 Google ScholarDigital Library
- A. Casini, M. Storch, G. S. Baldwin, and T. Ellis. 2015. Bricks and Blueprints: Methods and Standards for DNA Assembly. Nature Reviews Molecular Cell Biology 16, 9 (2015), 568--576.Google ScholarCross Ref
- Y. Chen and Z. Su. 2015. Guided Differential Testing of Certificate Validation in SSL/TLS Implementations. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015). ACM, New York, NY, USA, 793--804. Google ScholarDigital Library
- V. Chipounov, V. Kuznetsov, and G. Candea. 2011. S2E: A Platform for In-vivo Multi-path Analysis of Software Systems. In Proceedings of the Sixteenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XVI). ACM, New York, NY, USA, 265--278. Google ScholarDigital Library
- V. Chipounov, V. Kuznetsov, and G. Candea. 2012. The S2E Platform: Design, Implementation, and Applications. ACM Trans. Comput. Syst. 30, 1, Article 2 (Feb. 2012), 49 pages. Google ScholarDigital Library
- S. Chokhani and W. Ford. 1999. Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. (March 1999). https://tools.ietf.org/html/rfc2527 Google ScholarDigital Library
- D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. (May 2008). https://tools.ietf.org/html/rfc5280Google Scholar
- J. R. Crandall, R. Ensafi, S. Forrest, J. Ladau, and B. Shebaro. 2008. The Ecology of Malware. In Proceedings of the 2008 Workshop on New Security Paradigms (NSPW '08). ACM, New York, NY, USA, 99--106. Google ScholarDigital Library
- B. Daniel, D. Dig, K. Garcia, and D. Marinov. 2007. Automated Testing of Refactoring Engines. In Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering (ESEC-FSE '07). ACM, New York, NY, USA, 185--194. Google ScholarDigital Library
- T. Dierks and E. Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. (August 2008). https://tools.ietf.org/html/rfc5246Google Scholar
- R. Fielding, J. Gettys, J. Mogul, H. Frystyk, and T. Berners-Lee. 1997. Hypertext Transfer Protocol - HTTP/1.1. (January 1997). https://tools.ietf.org/html/rfc2068 Google ScholarDigital Library
- R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. 1999. Hypertext Transfer Protocol - HTTP/1.1. (June 1999). https://tools.ietf.org/html/rfc2616 Google ScholarDigital Library
- OpenSSL Software Foundation. 2016. OpenSSL. (2016). Retrieved October 12, 2016 from https://www.openssl.orgGoogle Scholar
- A. Freier, P. Karton, and P. Kocher. 2011. The Secure Sockets Layer (SSL) Protocol Version 3.0. (August 2011). https://tools.ietf.org/html/rfc6101Google Scholar
- M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. 2012. The Most Dangerous Code in the World: Validating SSL Certificates in Non-browser Software. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12). ACM, New York, NY, USA, 38--49. Google ScholarDigital Library
- D. Gillmor. 2016. Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS). (August 2016). https://tools.ietf.org/html/rfc7919Google ScholarDigital Library
- P. Godefroid, N. Klarlund, and K. Sen. 2005. DART: Directed Automated Random Testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '05). ACM, New York, NY, USA, 213--223. Google ScholarDigital Library
- P. Godefroid, M. Y. Levin, and D. Molnar. 2008. Automated Whitebox Fuzz Testing. In Proceedings of the 16th Annual Network & Distributed System Security Symposium. The Internet Society, San Diego, California, USA, 151--166.Google Scholar
- P. Godefroid, M. Y. Levin, and D. Molnar. 2012. SAGE: Whitebox Fuzzing for Security Testing. Queue 10, 1, Article 20 (Jan. 2012), 8 pages. Google ScholarDigital Library
- Google. 2016. Chrome. (2016). Retrieved October 12, 2016 from https://www.google.com/chrome/Google Scholar
- G. Grieco, M. Ceresa, and P. Buiras. 2016. QuickFuzz: An Automatic Random Fuzzer for Common File Formats. In Proceedings of the 9th International Symposium on Haskell (Haskell 2016). ACM, New York, NY, USA, 13--20. Google ScholarDigital Library
- R. Hierons, K. Bogdanov, J. Bowen, R. Cleaveland, J. Derrick, J. Dick, M. Gheorghe, M. Harman, K. Kapoor, P. Krause, G. Lüttgen, A. Simons, S. Vilkomir, M. Woodward, and H. Zedan. 2009. Using Formal Specifications to Support Testing. ACM Comput. Surv. 41, 2, Article 9 (Feb. 2009), 76 pages. Google ScholarDigital Library
- S. Jana, Y. J. Kang, S. Roth, and B. Ray. 2016. Automatically Detecting Error Handling Bugs Using Error Specifications. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 345--362.Google Scholar
- D. Kaminsky, M. L. Patterson, and L. Sassaman. 2010. PKI Layer Cake: New Collision Attacks Against the Global X.509 Infrastructure. In Proceedings of the 14th International Conference on Financial Cryptography and Data Security (FC'10). Springer-Verlag, Berlin, Heidelberg, 289--303. Google ScholarDigital Library
- R. Lämmel and W. Schulte. 2006. Controllable Combinatorial Coverage in Grammar-based Testing. In Proceedings of the 18th IFIP TC6/WG6.1 International Conference on Testing of Communicating Systems (TestCom'06). Springer-Verlag, Berlin, Heidelberg, 19--38. Google ScholarDigital Library
- A. Langley. 2015. A Transport Layer Security (TLS) ClientHello Padding Extension. (October 2015). https://tools.ietf.org/html/rfc7685Google ScholarDigital Library
- A. Langley, W. Chang, N. Mavrogiannopoulos, J. Strombergson, and S. Josefsson. 2016. ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS). (June 2016). https://tools.ietf.org/html/rfc7905Google Scholar
- B. Leiba. 2017. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. (May 2017). https://tools.ietf.org/html/rfc8174Google Scholar
- ARM Limited. 2016. mbedTLS. (2016). Retrieved October 12, 2016 from https://tls.mbed.orgGoogle Scholar
- D. Marinov and S. Khurshid. 2001. TestEra: A Novel Framework for Automated Testing of Java Programs. In Proceedings of the 16th IEEE International Conference on Automated Software Engineering (ASE '01). IEEE Computer Society, Washington, DC, USA, 22--31. http://dl.acm.org/citation.cfm?id=872023.872551 Google ScholarDigital Library
- M Marlinspike. 2002. IE SSL Vulnerability. (2002). Retrieved October 1, 2016 from https://www.thoughtcrime.org/ie-ssl-chain.txtGoogle Scholar
- M. Marlinspike. 2009. More Tricks for Defeating SSL in Practice. (2009). Retrieved October 1, 2016 from https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdfGoogle Scholar
- M. Marlinspike. 2009. New Tricks for Defeating SSL in Practice. (2009). Retrieved October 1, 2016 from https://www.blackhat.com/presentations/bh-usa-09/Marlinspike/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdfGoogle Scholar
- M. Marlinspike. 2009. Null Prefix Attacks against SSL/TLS Certificates. (2009). Retrieved October 1, 2016 from https://www.thoughtcrime.org/papers/null-prefix-attackes.pdfGoogle Scholar
- P. M. Maurer. 1990. Generating Test Data with Enhanced Context-free Grammars. IEEE Software 7, 4 (July 1990), 50--55. Google ScholarDigital Library
- N. Mavrogiannopoulos. 2016. GnuTLS. (2016). Retrieved October 12, 2016 from https://www.gnutls.orgGoogle Scholar
- Microsoft. 2016. Internet Explorer. (2016). Retrieved October 12, 2016 from https://www.microsoft.com/en-us/download/internet-explorer.aspxGoogle Scholar
- B. Moeller and A. Langley. 2015. TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks. (April 2015). https://tools.ietf.org/html/rfc7507Google Scholar
- Mozilla. 2016. Firefox. (2016). Retrieved October 12, 2016 from https://www.mozilla.org/en-US/firefox/all/Google Scholar
- Mozilla. 2016. NSS. (2016). Retrieved October 12, 2016 from https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_ReleasesGoogle Scholar
- NIST. 2017. CVE-2016-8495. (2017). Retrieved July 26, 2017 from https://nvd.nist.gov/vuln/detail/CVE-2016-8495Google Scholar
- C. Pacheco and M. D. Ernst. 2007. Randoop: Feedback-directed Random Testing for Java. In Companion to the 22nd ACM SIGPLAN Conference on Object-oriented Programming Systems and Applications Companion (OOPSLA '07). ACM, New York, NY, USA, 815--816. Google ScholarDigital Library
- C. Pacheco, S. K. Lahiri, and T. Ball. 2008. Finding Errors in .Net with Feedback-directed Random Testing. In Proceedings of the 2008 International Symposium on Software Testing and Analysis (ISSTA '08). ACM, New York, NY, USA, 87--96. Google ScholarDigital Library
- C. Pacheco, S. K. Lahiri, M. D. Ernst, and T. Ball. 2007. Feedback-Directed Random Test Generation. In Proceedings of the 29th International Conference on Software Engineering (ICSE '07). IEEE Computer Society, Washington, DC, USA, 75--84. Google ScholarDigital Library
- A. Popov. 2015. Prohibiting RC4 Cipher Suites. (February 2015). https://tools.ietf.org/html/rfc7465Google Scholar
- E. Rescorla. 2000. HTTP Over TLS. (May 2000). https://tools.ietf.org/html/rfc2818 Google ScholarDigital Library
- E. Rescorla, M. Ray, S. Dispensa, and N. Oskov. 2010. Transport Layer Security (TLS) Renegotiation Indication Extension. (February 2010). https://tools.ietf.org/html/rfc5746Google Scholar
- P. Saint-Andre and J. Hodges. 2011. Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). (March 2011). https://tools.ietf.org/html/rfc6125Google Scholar
- Inside Secure. 2016. matrixSSL. (2016). Retrieved October 12, 2016 from http://www.matrixssl.orgGoogle Scholar
- K. Sen and G. Agha. 2006. CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-checking Tools. In Proceedings of the 18th International Conference on Computer Aided Verification (CAV'06). Springer-Verlag, Berlin, Heidelberg, 419--423. Google ScholarDigital Library
- E. G. Sirer and B. N. Bershad. 1999. Using Production Grammars in Software Testing. In Proceedings of the 2nd Conference on Domain-specific Languages (DSL '99). ACM, New York, NY, USA, 1--13. Google ScholarDigital Library
- D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. 2008. BitBlaze: A New Approach to Computer Security via Binary Analysis. In Proceedings of the 4th International Conference on Information Systems Security (ICISS '08). Springer-Verlag, Berlin, Heidelberg, 1--25. Google ScholarDigital Library
- M. Sutton, A. Greene, and P. Amini. 2007. Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley Professional, Boston, Massachusetts, USA. Google ScholarDigital Library
- S. Turner and T. Polk. 2011. Prohibiting Secure Sockets Layer (SSL) Version 2.0. (March 2011). https://tools.ietf.org/html/rfc6176Google Scholar
- wolfSSL Inc. 2016. wolfSSL. (2016). Retrieved October 30, 2016 from https://www.wolfssl.comGoogle Scholar
- X. Yang, Y. Chen, E. Eide, and J. Regehr. 2011. Finding and Understanding Bugs in C Compilers. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '11). ACM, New York, NY, USA, 283--294. Google ScholarDigital Library
- P. Yee. 2013. Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. (January 2013). https://tools.ietf.org/html/rfc6818Google Scholar
Index Terms
- RFC-directed differential testing of certificate validation in SSL/TLS implementations
Recommendations
Coverage-directed Differential Testing of X.509 Certificate Validation in SSL/TLS Implementations
Secure Sockets Layer (SSL) and Transport Security (TLS) are two secure protocols for creating secure connections over the Internet. X.509 certificate validation is important for security and needs to be performed before an SSL/TLS connection is ...
SADT: syntax-aware differential testing of certificate validation in SSL/TLS implementations
ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software EngineeringThe security assurance of SSL/TLS critically depends on the correct validation of X.509 certificates. Therefore, it is important to check whether a certificate is correctly validated by the SSL/TLS implementations. Although differential testing has been ...
Differential Testing of Certificate Validation in SSL/TLS Implementations: An RFC-guided Approach
Certificate validation in Secure Sockets Layer or Transport Layer Security protocol (SSL/TLS) is critical to Internet security. Thus, it is significant to check whether certificate validation in SSL/TLS implementations is correctly implemented. With ...
Comments