• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE International Conference on Software Maintenance and Evolution >DRLgencert: Deep Learning-Based Automated Testing of Certificate Verification in SSL/TLS Implementations
【24h】

DRLgencert: Deep Learning-Based Automated Testing of Certificate Verification in SSL/TLS Implementations

机译:DRLgencert:SSL / TLS实现中基于深度学习的证书验证自动测试

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are the foundation of network security. The certificate verification in SSL/TLS implementations is vital and may become the "weak link" in the whole network ecosystem. In previous works, some research focused on the automated testing of certificate verification, and the main approaches rely on generating massive certificates through randomly combining parts of seed certificates for fuzzing. Although the generated certificates could meet the semantic constraints, the cost is quite heavy, and the performance is limited due to the randomness. To fill this gap, in this paper, we propose DRLGENCERT, the first framework of applying deep reinforcement learning to the automated testing of certificate verification in SSL/TLS implementations. DRLGENCERT accepts ordinary certificates as input and outputs newly generated certificates which could trigger discrepancies with high efficiency. Benefited by the deep reinforcement learning, when generating certificates, our framework could choose the best next action according to the result of a previous modification, instead of simple random combinations. At the same time, we developed a set of new techniques to support the overall design, like new feature extraction method for X.509 certificates, fine-grained differential testing, and so forth. Also, we implemented a prototype of DRLGENCERT and carried out a series of real-world experiments. The results show DRLGENCERT is quite efficient, and we obtained 84,661 discrepancy-triggering certificates from 181,900 certificate seeds, say around 46.5% effectiveness. Also, we evaluated six popular SSL/TLS implementations, including GnuTLS, MatrixSSL, MbedTLS, NSS, OpenSSL, and wolfSSL. DRLGENCERT successfully discovered 23 serious certificate verification flaws, and most of them were previously unknown.
机译:安全套接字层(SSL)和传输层安全性(TLS)协议是网络安全性的基础。 SSL / TLS实现中的证书验证至关重要,并且可能成为整个网络生态系统中的“薄弱环节”。在以前的工作中,一些研究集中在证书验证的自动测试上,而主要方法依赖于通过随机组合部分种子证书以进行模糊测试来生成大量证书。尽管生成的证书可以满足语义约束,但是代价非常沉重,并且由于随机性,性能受到限制。为了填补这一空白,在本文中,我们提出了DRLGENCERT,这是将深度强化学习应用于SSL / TLS实现中的证书验证自动测试的第一个框架。 DRLGENCERT接受普通证书作为输入,并输出可以高效触发差异的新生成的证书。受益于深入的强化学习,生成证书时,我们的框架可以根据先前修改的结果选择最佳的下一步操作,而不是简单的随机组合。同时,我们开发了一套支持整体设计的新技术,例如用于X.509证书的新特征提取方法,细粒度的差异测试等。此外,我们实现了DRLGENCERT的原型,并进行了一系列实际实验。结果表明DRLGENCERT是非常有效的,并且我们从181,900个证书种子中获得了84,661个触发差异的证书,也就是说效率约为46.5%。此外,我们评估了六种流行的SSL / TLS实现,包括GnuTLS,MatrixSSL,MbedTLS,NSS,OpenSSL和wolfSSL。 DRLGENCERT成功地发现了23个严重的证书验证漏洞,并且其中大多数以前是未知的。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号