SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementions
The security guarantee of SSL/TLS critically depends on the correct validation of X.509 certificate. Therefore, it is important to check whether certificate validation in SSL/TLS is implemented correctly. Differential testing has been used successfully to find semantic bugs in this domain. However, existing differential testing tools suffer from three limitations: (1) inputs are not guaranteed to be syntactically correct. (2) the diversity of inputs is not enough. (3) requiring a large number inputs for finding each semantic bug.
This paper tackles these problems by introducing SADT, a novel syntax-aware differential testing framework for testing certificate validation code. Our core insight is to mutate input by tree-based mutation to ensure generated inputs are syntactically correct, and diversify inputs by share interesting inputs among all tested SSL/TLS implementations. The generated certificates are then employed to reveal discrepancies (potential bugs) among certificate validation in all SSL/TLS implementations.
We have implemented the new syntax-aware differential testing framework, named SADT, and evaluated it against other differential testing frameworks (such as NEZHA and RFCcert) and the fuzzer AFL. In our experiment, SADT yields 64 unique discrepancies when 6 SSL/TLS implementations are tested while NEZHA, RFCcert and AFL yield 31, 15 and 2 unique discrepancies respectively. In adition, we have been reporting bugs found by SADT to the software developers. Until now, 13 bugs have been confirmed or fixed, 10 of which were previously unknown bugs among all projects.
Wed 23 Sep Times are displayed in time zone: (UTC) Coordinated Universal Time
01:10 - 02:10: Software Security and Trust (1) Research Papers / NIER track / Tool Demonstrations at Platypus Chair(s): Christoph CsallnerUniversity of Texas at Arlington | |||
01:10 - 01:30 Talk | Continuous ComplianceExperience Research Papers Martin KelloggUniversity of Washington, Seattle, Martin SchäfAmazon Web Services, Serdar TasiranAmazon Web Services, Michael D. ErnstUniversity of Washington, USA | ||
01:30 - 01:50 Talk | SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementions Research Papers Lili QuanCollege of Intelligence and Computing,Tianjin University, Qianyu GuoCollege of Intelligence and Computing, Tianjin University, Hongxu ChenResearch Associate, xiexiaofei , Li XiaohongTianJin University, Yang LiuNanyang Technological University, Singapore, Jing HuTianjin Key Laboratory of Advanced Networking (TANK), College of Intelligence and Computing,Tianjin University | ||
01:50 - 02:00 Talk | A Hybrid Analysis to Detect Java Serialisation Vulnerabilities NIER track | ||
02:00 - 02:10 Talk | EXPRESS: An Energy-Efficient and Secure Framework for Mobile Edge Computing and Blockchain based Smart Systems Tool Demonstrations |