SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementions
The security guarantee of SSL/TLS critically depends on the correct validation of X.509 certificate. Therefore, it is important to check whether certificate validation in SSL/TLS is implemented correctly. Differential testing has been used successfully to find semantic bugs in this domain. However, existing differential testing tools suffer from three limitations: (1) inputs are not guaranteed to be syntactically correct. (2) the diversity of inputs is not enough. (3) requiring a large number inputs for finding each semantic bug.
This paper tackles these problems by introducing SADT, a novel syntax-aware differential testing framework for testing certificate validation code. Our core insight is to mutate input by tree-based mutation to ensure generated inputs are syntactically correct, and diversify inputs by share interesting inputs among all tested SSL/TLS implementations. The generated certificates are then employed to reveal discrepancies (potential bugs) among certificate validation in all SSL/TLS implementations.
We have implemented the new syntax-aware differential testing framework, named SADT, and evaluated it against other differential testing frameworks (such as NEZHA and RFCcert) and the fuzzer AFL. In our experiment, SADT yields 64 unique discrepancies when 6 SSL/TLS implementations are tested while NEZHA, RFCcert and AFL yield 31, 15 and 2 unique discrepancies respectively. In adition, we have been reporting bugs found by SADT to the software developers. Until now, 13 bugs have been confirmed or fixed, 10 of which were previously unknown bugs among all projects.
Wed 23 SepDisplayed time zone: (UTC) Coordinated Universal Time change
01:10 - 02:10
Software Security and Trust (1) NIER track / Tool Demonstrations / Research Papers at Platypus
Chair(s): Christoph Csallner University of Texas at Arlington
Martin Kellogg University of Washington, Seattle, Martin Schäf Amazon Web Services, Serdar Tasiran Amazon Web Services, Michael D. Ernst University of Washington, USA
|SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementions|
Lili Quan College of Intelligence and Computing,Tianjin University, Qianyu Guo College of Intelligence and Computing, Tianjin University, Hongxu Chen Research Associate, xiexiaofei , Xiaohong Li TianJin University, Yang Liu Nanyang Technological University, Singapore, Jing Hu Tianjin Key Laboratory of Advanced Networking (TANK), College of Intelligence and Computing,Tianjin University
|A Hybrid Analysis to Detect Java Serialisation Vulnerabilities|
Shawn Rasheed Massey University, Jens Dietrich Victoria University of Wellington
|EXPRESS: An Energy-Efficient and Secure Framework for Mobile Edge Computing and Blockchain based Smart Systems|