research-article

RFC-directed differential testing of certificate validation in SSL/TLS implementations

Authors:
Chu Chen

Xidian University, Xi'an, P.R. China

Xidian University, Xi'an, P.R. China
View Profile

,
Cong Tian

Xidian University, Xi'an, P.R. China

Xidian University, Xi'an, P.R. China
View Profile

,
Zhenhua Duan

Xidian University, Xi'an, P.R. China

Xidian University, Xi'an, P.R. China
View Profile

,
Liang Zhao

Xidian University, Xi'an, P.R. China

Xidian University, Xi'an, P.R. China
View Profile

ICSE '18: Proceedings of the 40th International Conference on Software EngineeringMay 2018Pages 859–870https://doi.org/10.1145/3180155.3180226

Published:27 May 2018Publication History

ICSE '18: Proceedings of the 40th International Conference on Software Engineering

Pages 859–870

ABSTRACT

Certificate validation in Secure Socket Layer or Transport Layer Security protocol (SSL/TLS) is critical to Internet security. Thus, it is significant to check whether certificate validation in SSL/TLS is correctly implemented. With this motivation, we propose a novel differential testing approach which is directed by the standard Request For Comments (RFC). First, rules of certificates are extracted automatically from RFCs. Second, low-level test cases are generated through dynamic symbolic execution. Third, high-level test cases, i.e. certificates, are assembled automatically. Finally, with the assembled certificates being test cases, certificate validations in SSL/TLS implementations are tested to reveal latent vulnerabilities or bugs. Our approach named RFCcert has the following advantages: (1) certificates of RFCcert are discrepancy-targeted since they are assembled according to standards instead of genetics; (2) with the obtained certificates, RFCcert not only reveals the invalidity of traditional differential testing but also is able to conduct testing that traditional differential testing cannot do; and (3) the supporting tool of RFCcert has been implemented and extensive experiments show that the approach is effective in finding bugs of SSL/TLS implementations.

References

A. Aliprandi, M. Mauro, and L. De Cola. 2016. Controlling and Imaging Biomimetic Self-assembly. Nature Chemistry 8, 1 (2016), 10--15.Google ScholarCross Ref
R. Barnes, M. Thomson, A. Pironti, and A. Langley. 2015. Deprecating Secure Sockets Layer Version 3.0. (June 2015). https://tools.ietf.org/html/rfc7568Google Scholar
A. Bauer, J. Jürjens, and Y. Yu. 2011. Run-Time Security Traceability for Evolving Systems. Comput. J. 54, 1 (January 2011), 58--87. Google ScholarDigital Library
K. Bhargavan, A. Delignat-Lavaud, A. Pironti, A. Langley, and M. Ray. 2015. Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension. (September 2015). https://tools.ietf.org/html/rfc7627Google Scholar
C. Boyapati, S. Khurshid, and D. Marinov. 2002. Korat: Automated Testing Based on Java Predicates. In Proceedings of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '02). ACM, New York, NY, USA, 123--133. Google ScholarDigital Library
S. Bradner. 1997. Key Words for Use in RFCs to Indicate Requirement Levels. (March 1997). https://tools.ietf.org/html/rfc2119 Google ScholarDigital Library
M. Brown and R. Housley. 2010. Transport Layer Security (TLS) Authorization Extensions. (May 2010). https://tools.ietf.org/html/rfc5878Google Scholar
C. Brubaker, S. Jana, B. Ray, S. Khurshid, and V. Shmatikov. 2014. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP '14). IEEE Computer Society, Washington, DC, USA, 114--129. Google ScholarDigital Library
C. Cadar, D. Dunbar, and D. Engler. 2008. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI'08). USENIX Association, Berkeley, CA, USA, 209--224. http://dl.acm.org/citation.cfm?id=1855741.1855756 Google ScholarDigital Library
A. Casini, M. Storch, G. S. Baldwin, and T. Ellis. 2015. Bricks and Blueprints: Methods and Standards for DNA Assembly. Nature Reviews Molecular Cell Biology 16, 9 (2015), 568--576.Google ScholarCross Ref
Y. Chen and Z. Su. 2015. Guided Differential Testing of Certificate Validation in SSL/TLS Implementations. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015). ACM, New York, NY, USA, 793--804. Google ScholarDigital Library
V. Chipounov, V. Kuznetsov, and G. Candea. 2011. S2E: A Platform for In-vivo Multi-path Analysis of Software Systems. In Proceedings of the Sixteenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XVI). ACM, New York, NY, USA, 265--278. Google ScholarDigital Library
V. Chipounov, V. Kuznetsov, and G. Candea. 2012. The S2E Platform: Design, Implementation, and Applications. ACM Trans. Comput. Syst. 30, 1, Article 2 (Feb. 2012), 49 pages. Google ScholarDigital Library
S. Chokhani and W. Ford. 1999. Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. (March 1999). https://tools.ietf.org/html/rfc2527 Google ScholarDigital Library
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. (May 2008). https://tools.ietf.org/html/rfc5280Google Scholar
J. R. Crandall, R. Ensafi, S. Forrest, J. Ladau, and B. Shebaro. 2008. The Ecology of Malware. In Proceedings of the 2008 Workshop on New Security Paradigms (NSPW '08). ACM, New York, NY, USA, 99--106. Google ScholarDigital Library
B. Daniel, D. Dig, K. Garcia, and D. Marinov. 2007. Automated Testing of Refactoring Engines. In Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering (ESEC-FSE '07). ACM, New York, NY, USA, 185--194. Google ScholarDigital Library
T. Dierks and E. Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. (August 2008). https://tools.ietf.org/html/rfc5246Google Scholar
R. Fielding, J. Gettys, J. Mogul, H. Frystyk, and T. Berners-Lee. 1997. Hypertext Transfer Protocol - HTTP/1.1. (January 1997). https://tools.ietf.org/html/rfc2068 Google ScholarDigital Library
R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. 1999. Hypertext Transfer Protocol - HTTP/1.1. (June 1999). https://tools.ietf.org/html/rfc2616 Google ScholarDigital Library
OpenSSL Software Foundation. 2016. OpenSSL. (2016). Retrieved October 12, 2016 from https://www.openssl.orgGoogle Scholar
A. Freier, P. Karton, and P. Kocher. 2011. The Secure Sockets Layer (SSL) Protocol Version 3.0. (August 2011). https://tools.ietf.org/html/rfc6101Google Scholar
M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. 2012. The Most Dangerous Code in the World: Validating SSL Certificates in Non-browser Software. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12). ACM, New York, NY, USA, 38--49. Google ScholarDigital Library
D. Gillmor. 2016. Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS). (August 2016). https://tools.ietf.org/html/rfc7919Google ScholarDigital Library
P. Godefroid, N. Klarlund, and K. Sen. 2005. DART: Directed Automated Random Testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '05). ACM, New York, NY, USA, 213--223. Google ScholarDigital Library
P. Godefroid, M. Y. Levin, and D. Molnar. 2008. Automated Whitebox Fuzz Testing. In Proceedings of the 16th Annual Network & Distributed System Security Symposium. The Internet Society, San Diego, California, USA, 151--166.Google Scholar
P. Godefroid, M. Y. Levin, and D. Molnar. 2012. SAGE: Whitebox Fuzzing for Security Testing. Queue 10, 1, Article 20 (Jan. 2012), 8 pages. Google ScholarDigital Library
Google. 2016. Chrome. (2016). Retrieved October 12, 2016 from https://www.google.com/chrome/Google Scholar
G. Grieco, M. Ceresa, and P. Buiras. 2016. QuickFuzz: An Automatic Random Fuzzer for Common File Formats. In Proceedings of the 9th International Symposium on Haskell (Haskell 2016). ACM, New York, NY, USA, 13--20. Google ScholarDigital Library
R. Hierons, K. Bogdanov, J. Bowen, R. Cleaveland, J. Derrick, J. Dick, M. Gheorghe, M. Harman, K. Kapoor, P. Krause, G. Lüttgen, A. Simons, S. Vilkomir, M. Woodward, and H. Zedan. 2009. Using Formal Specifications to Support Testing. ACM Comput. Surv. 41, 2, Article 9 (Feb. 2009), 76 pages. Google ScholarDigital Library
S. Jana, Y. J. Kang, S. Roth, and B. Ray. 2016. Automatically Detecting Error Handling Bugs Using Error Specifications. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 345--362.Google Scholar
D. Kaminsky, M. L. Patterson, and L. Sassaman. 2010. PKI Layer Cake: New Collision Attacks Against the Global X.509 Infrastructure. In Proceedings of the 14th International Conference on Financial Cryptography and Data Security (FC'10). Springer-Verlag, Berlin, Heidelberg, 289--303. Google ScholarDigital Library
R. Lämmel and W. Schulte. 2006. Controllable Combinatorial Coverage in Grammar-based Testing. In Proceedings of the 18th IFIP TC6/WG6.1 International Conference on Testing of Communicating Systems (TestCom'06). Springer-Verlag, Berlin, Heidelberg, 19--38. Google ScholarDigital Library
A. Langley. 2015. A Transport Layer Security (TLS) ClientHello Padding Extension. (October 2015). https://tools.ietf.org/html/rfc7685Google ScholarDigital Library
A. Langley, W. Chang, N. Mavrogiannopoulos, J. Strombergson, and S. Josefsson. 2016. ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS). (June 2016). https://tools.ietf.org/html/rfc7905Google Scholar
B. Leiba. 2017. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. (May 2017). https://tools.ietf.org/html/rfc8174Google Scholar
ARM Limited. 2016. mbedTLS. (2016). Retrieved October 12, 2016 from https://tls.mbed.orgGoogle Scholar
D. Marinov and S. Khurshid. 2001. TestEra: A Novel Framework for Automated Testing of Java Programs. In Proceedings of the 16th IEEE International Conference on Automated Software Engineering (ASE '01). IEEE Computer Society, Washington, DC, USA, 22--31. http://dl.acm.org/citation.cfm?id=872023.872551 Google ScholarDigital Library
M Marlinspike. 2002. IE SSL Vulnerability. (2002). Retrieved October 1, 2016 from https://www.thoughtcrime.org/ie-ssl-chain.txtGoogle Scholar
M. Marlinspike. 2009. More Tricks for Defeating SSL in Practice. (2009). Retrieved October 1, 2016 from https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdfGoogle Scholar
M. Marlinspike. 2009. New Tricks for Defeating SSL in Practice. (2009). Retrieved October 1, 2016 from https://www.blackhat.com/presentations/bh-usa-09/Marlinspike/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdfGoogle Scholar
M. Marlinspike. 2009. Null Prefix Attacks against SSL/TLS Certificates. (2009). Retrieved October 1, 2016 from https://www.thoughtcrime.org/papers/null-prefix-attackes.pdfGoogle Scholar
P. M. Maurer. 1990. Generating Test Data with Enhanced Context-free Grammars. IEEE Software 7, 4 (July 1990), 50--55. Google ScholarDigital Library
N. Mavrogiannopoulos. 2016. GnuTLS. (2016). Retrieved October 12, 2016 from https://www.gnutls.orgGoogle Scholar
Microsoft. 2016. Internet Explorer. (2016). Retrieved October 12, 2016 from https://www.microsoft.com/en-us/download/internet-explorer.aspxGoogle Scholar
B. Moeller and A. Langley. 2015. TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks. (April 2015). https://tools.ietf.org/html/rfc7507Google Scholar
Mozilla. 2016. Firefox. (2016). Retrieved October 12, 2016 from https://www.mozilla.org/en-US/firefox/all/Google Scholar
Mozilla. 2016. NSS. (2016). Retrieved October 12, 2016 from https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_ReleasesGoogle Scholar
NIST. 2017. CVE-2016-8495. (2017). Retrieved July 26, 2017 from https://nvd.nist.gov/vuln/detail/CVE-2016-8495Google Scholar
C. Pacheco and M. D. Ernst. 2007. Randoop: Feedback-directed Random Testing for Java. In Companion to the 22nd ACM SIGPLAN Conference on Object-oriented Programming Systems and Applications Companion (OOPSLA '07). ACM, New York, NY, USA, 815--816. Google ScholarDigital Library
C. Pacheco, S. K. Lahiri, and T. Ball. 2008. Finding Errors in .Net with Feedback-directed Random Testing. In Proceedings of the 2008 International Symposium on Software Testing and Analysis (ISSTA '08). ACM, New York, NY, USA, 87--96. Google ScholarDigital Library
C. Pacheco, S. K. Lahiri, M. D. Ernst, and T. Ball. 2007. Feedback-Directed Random Test Generation. In Proceedings of the 29th International Conference on Software Engineering (ICSE '07). IEEE Computer Society, Washington, DC, USA, 75--84. Google ScholarDigital Library
A. Popov. 2015. Prohibiting RC4 Cipher Suites. (February 2015). https://tools.ietf.org/html/rfc7465Google Scholar
E. Rescorla. 2000. HTTP Over TLS. (May 2000). https://tools.ietf.org/html/rfc2818 Google ScholarDigital Library
E. Rescorla, M. Ray, S. Dispensa, and N. Oskov. 2010. Transport Layer Security (TLS) Renegotiation Indication Extension. (February 2010). https://tools.ietf.org/html/rfc5746Google Scholar
P. Saint-Andre and J. Hodges. 2011. Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). (March 2011). https://tools.ietf.org/html/rfc6125Google Scholar
Inside Secure. 2016. matrixSSL. (2016). Retrieved October 12, 2016 from http://www.matrixssl.orgGoogle Scholar
K. Sen and G. Agha. 2006. CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-checking Tools. In Proceedings of the 18th International Conference on Computer Aided Verification (CAV'06). Springer-Verlag, Berlin, Heidelberg, 419--423. Google ScholarDigital Library
E. G. Sirer and B. N. Bershad. 1999. Using Production Grammars in Software Testing. In Proceedings of the 2nd Conference on Domain-specific Languages (DSL '99). ACM, New York, NY, USA, 1--13. Google ScholarDigital Library
D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. 2008. BitBlaze: A New Approach to Computer Security via Binary Analysis. In Proceedings of the 4th International Conference on Information Systems Security (ICISS '08). Springer-Verlag, Berlin, Heidelberg, 1--25. Google ScholarDigital Library
M. Sutton, A. Greene, and P. Amini. 2007. Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley Professional, Boston, Massachusetts, USA. Google ScholarDigital Library
S. Turner and T. Polk. 2011. Prohibiting Secure Sockets Layer (SSL) Version 2.0. (March 2011). https://tools.ietf.org/html/rfc6176Google Scholar
wolfSSL Inc. 2016. wolfSSL. (2016). Retrieved October 30, 2016 from https://www.wolfssl.comGoogle Scholar
X. Yang, Y. Chen, E. Eide, and J. Regehr. 2011. Finding and Understanding Bugs in C Compilers. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '11). ACM, New York, NY, USA, 283--294. Google ScholarDigital Library
P. Yee. 2013. Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. (January 2013). https://tools.ietf.org/html/rfc6818Google Scholar

Index Terms

RFC-directed differential testing of certificate validation in SSL/TLS implementations
1. Security and privacy
  1. Network security
    1. Security protocols
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Coverage-directed Differential Testing of X.509 Certificate Validation in SSL/TLS Implementations
Secure Sockets Layer (SSL) and Transport Security (TLS) are two secure protocols for creating secure connections over the Internet. X.509 certificate validation is important for security and needs to be performed before an SSL/TLS connection is ...
Read More
SADT: syntax-aware differential testing of certificate validation in SSL/TLS implementations
ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

The security assurance of SSL/TLS critically depends on the correct validation of X.509 certificates. Therefore, it is important to check whether a certificate is correctly validated by the SSL/TLS implementations. Although differential testing has been ...
Read More
Differential Testing of Certificate Validation in SSL/TLS Implementations: An RFC-guided Approach

Certificate validation in Secure Sockets Layer or Transport Layer Security protocol (SSL/TLS) is critical to Internet security. Thus, it is significant to check whether certificate validation in SSL/TLS implementations is correctly implemented. With ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ICSE '18: Proceedings of the 40th International Conference on Software Engineering
May 2018
1307 pages
ISBN:9781450356381
DOI:10.1145/3180155
Conference Chair:
Michel Chaudron
Chalmers University of Technology, University of Gothenburg, Sweden
,
General Chair:
Ivica Crnkovic
Chalmers University of Technology, University of Gothenburg, Sweden
,
Program Chairs:
Marsha Chechik
University of Toronto, Canada
,
Mark Harman
Facebook and University College London, United Kingdom
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 27 May 2018
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
SSL/TLS
certificate validation
differential testing
dynamic symbolic execution
request for comments
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate276of1,856submissions,15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 16
  Total Citations
  View Citations
- 375
  Total Downloads
- Downloads (Last 12 months)40
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

RFC-directed differential testing of certificate validation in SSL/TLS implementations

ICSE '18: Proceedings of the 40th International Conference on Software Engineering

ABSTRACT

References

Cited By

Index Terms

Recommendations

Coverage-directed Differential Testing of X.509 Certificate Validation in SSL/TLS Implementations

SADT: syntax-aware differential testing of certificate validation in SSL/TLS implementations

Differential Testing of Certificate Validation in SSL/TLS Implementations: An RFC-guided Approach