• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE International Conference on Software Maintenance and Evolution >DRLgencert: Deep Learning-Based Automated Testing of Certificate Verification in SSL/TLS Implementations
【24h】

DRLgencert: Deep Learning-Based Automated Testing of Certificate Verification in SSL/TLS Implementations

机译:DRLGENCERT:SSL / TLS实施中的基于深度学习的自动化测试

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are the foundation of network security. The certificate verification in SSL/TLS implementations is vital and may become the "weak link" in the whole network ecosystem. In previous works, some research focused on the automated testing of certificate verification, and the main approaches rely on generating massive certificates through randomly combining parts of seed certificates for fuzzing. Although the generated certificates could meet the semantic constraints, the cost is quite heavy, and the performance is limited due to the randomness. To fill this gap, in this paper, we propose DRLGENCERT, the first framework of applying deep reinforcement learning to the automated testing of certificate verification in SSL/TLS implementations. DRLGENCERT accepts ordinary certificates as input and outputs newly generated certificates which could trigger discrepancies with high efficiency. Benefited by the deep reinforcement learning, when generating certificates, our framework could choose the best next action according to the result of a previous modification, instead of simple random combinations. At the same time, we developed a set of new techniques to support the overall design, like new feature extraction method for X.509 certificates, fine-grained differential testing, and so forth. Also, we implemented a prototype of DRLGENCERT and carried out a series of real-world experiments. The results show DRLGENCERT is quite efficient, and we obtained 84,661 discrepancy-triggering certificates from 181,900 certificate seeds, say around 46.5% effectiveness. Also, we evaluated six popular SSL/TLS implementations, including GnuTLS, MatrixSSL, MbedTLS, NSS, OpenSSL, and wolfSSL. DRLGENCERT successfully discovered 23 serious certificate verification flaws, and most of them were previously unknown.
机译:安全套接字层(SSL)和传输层安全性(TLS)协议是网络安全的基础。 SSL / TLS实现中的证书验证至关重要,可能成为整个网络生态系统中的“弱链路”。在以前的作品中,一些研究专注于证书验证的自动化测试,主要方法依赖于通过随机组合用于模糊的种子证书的部分来生成大量证书。虽然生成的证书可以满足语义约束,但成本非常沉重,并且由于随机性,性能受到限制。为了填补这个差距,在本文中,我们提出了Drlgencert,这是一个应用深度加强学习的第一个框架,用于在SSL / TLS实现中自动化测试证书验证。 DRLGENCERT接受普通证书作为输入,并输出新生成的证书,可以触发高效率的差异。受益于深度加强学习,在生成证书时,我们的框架可以根据先前修改的结果选择最佳的下一个操作,而不是简单的随机组合。同时,我们开发了一套新技术来支持整体设计,如新的特征提取方法,如X.509证书,细粒度差动测试等等。此外,我们实施了DRLGENCERT的原型,并进行了一系列现实世界的实验。结果显示DRLGEncert非常有效,我们获得了来自181,900名证书种子的84,661次差异触发证书,达到约46.5%的效率。此外,我们评估了六种流行的SSL / TLS实现,包括GNUTLS,MatrixSL,MBedTLS,NSS,OpenSSL和WOLFSSL。 Drlgencert成功发现了23个严重的证书验证缺陷,其中大多数是先前未知的。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号