Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning

Yadav, Tarun; Sadhukhan, Koustav

doi:10.1007/978-981-13-5826-5_27

Cited by 4 publications

(4 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…de Ruiter and Poll [2015] report that łnew security flaws were found (in GnuTLS, the Java Secure Socket Extension, and OpenSSL)ž using protocol state fuzzing. This kind of issue can be discovered even without access to the source code, as demonstrated on Windows SChannel [Yadav and Sadhukhan 2019].…”

Section: Tls State Machinesmentioning

confidence: 99%

“…Many popular implementations of security-critical network protocols such as TLS are prone to łstate-machine vulnerabilitiesž [Beurdouche et al 2015;de Ruiter and Poll 2015;Yadav and Sadhukhan 2019] that occur due to human error in translating the desired interaction flow into a state type and state-transition function. This section will review the key programming task during which these errors occur and lead to our proposed alternative: a compiler that translates code with I/O operations into a self-contained state type and a step function that accepts inputs and returns outputs.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Certifying derivation of state machines from coroutines

Ikebuchi

Erbsen

Chlipala

2022

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

One of the biggest implementation challenges in security-critical network protocols is nested state machines. In practice today, state machines are either implemented manually at a low level, risking bugs easily missed in audits; or are written using higher-level abstractions like threads, depending on runtime systems that may sacrifice performance or compatibility with the ABIs of important platforms (e.g., resource-constrained IoT systems). We present a compiler-based technique allowing the best of both worlds, coding protocols in a natural high-level form, using freer monads to represent nested coroutines , which are then compiled automatically to lower-level code with explicit state. In fact, our compiler is implemented as a tactic in the Coq proof assistant, structuring compilation as search for an equivalence proof for source and target programs. As such, it is straightforwardly (and soundly) extensible with new hints, for instance regarding new data structures that may be used for efficient lookup of coroutines. As a case study, we implemented a core of TLS sufficient for use with popular Web browsers, and our experiments show that the extracted Haskell code achieves reasonable performance.

show abstract

Section: Tls State Machinesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Certifying derivation of state machines from coroutines

Ikebuchi

Erbsen

Chlipala

2022

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…For standardized verification of the protocol implementation [2,3], Chaki et al [4] combined software model detection with standard protocol security models to automatically analyze the authentication and confidentiality of the protocol in the C language. For the protocol state machine [5,6], Ruiter et al [7] modeled a state machine for implementing the TLS protocol based on the active learning method. They also manually analyzed the generated state machine to find logical vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

Coverage-guided differential testing of TLS implementations based on syntax mutation

Pan¹,

Lin²,

Yu-bo³

et al. 2022

PLoS ONE

View full text Add to dashboard Cite

Transport layer security (TLS) protocol is the most widely used security protocol in modern network communications. However, protocol vulnerabilities caused by the design of the network protocol or its implementation by programmers emerge one after another. Meanwhile, various versions of TLS protocol implementations exhibit different behavioral characteristics. Researchers are attempting to find the differences in protocol implementations based on differential testing, which is conducive to discovering the vulnerabilities. This paper provides a solution to find the differences more efficiently by targeting the TLS protocol handshake process. The differences of different implementations during the fuzzing process, such as code coverage and response data, are taken to guide the mutation of test cases, and the seeds are mutated based on the TLS protocol syntax. In addition, the definition of duplicate discrepancies is theoretically explored to investigate the root cause of the discrepancies and to reduce the number of duplicate cases that are caused by the same reason. Besides, the necessary conditions for excluding duplicate cases are further analyzed to develop the deduplication strategy. The proposed method is developed based on open-source tools, i.e., NEZHA and TLS-diff. Three types of widely used TLS protocol implementations, i.e., OpenSSL, BoringSSL, and LibreSSL, are taken for experimental testing. The experimental results show that the proposed method can effectively improve the ability to find differences between different implementations. Under the same test scale or the same time, the amount of discrepancies increases by about 20% compared to TLS-diff, indicating the effectiveness of the deduplication strategy.

show abstract

“…Computer security isn't quite new, but it has reawakened attention in recent years as a result of the failure of networkbased security measures such as firewalls. Unfortunately, today's software has design bugs as well as implementation defects, posing an intolerable security risk [7]. Any application, no matter how harmless it appears, might include security flaws.…”

Section: Introductionmentioning

confidence: 99%

Computer Security Practices in Senior High Schools in the Keta Municipality

Tetteh¹,

Essah

Opoku

et al. 2021

CJAST

View full text Add to dashboard Cite

Aims: To examine security practices in Senior High Schools in Keta Municicpality. Study design: Descriptive Survey Design. Place and duration of study: The study was undertaken in the Keta Municipality of Volta Region. Methodology: The researcher adopted quantitative research design. The target population for the study was made up of eight (8) senior high schools with four thousand two hundred (4200) senior high school students, teachers, administrators and account clerks in the Municipality. The total number of samples for the study was hundred (100) respondents. This comprises forty (40) teachers, forty (40) students, ten (10) ICT teachers, five (5) administrators and five (5) account clerks all from the five selected schools. The research instrument used for the data collection was questionnaire. The usage of a data analysis application known as the International Business Machine, Statistical Package for Social Sciences, assisted the data analysis (IBM SPSS). Results: The results revealed that 35(87.5%) of students agreed to the fact that they used computer with permission, 32(64%) of teachers emphasized that there were security passwords on computers in their schools, and 27(82.5%) of students indicated that there are codes of conduct guiding computer usage in their schools. However, 20(40%) of teachers emphasized that intrusion detective system was not used on computers in their schools to detect network attack and that 7(70%) of administrators and account clerks attested to the fact that Antivirus is installed on computers in my school Conclusion: Many schools in the Keta Municipality do not have enough computers let alone sustainable power generation in the schools and this has affected effective teaching and learning and quality education delivering.

show abstract

Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning

Cited by 4 publications

References 4 publications

Certifying derivation of state machines from coroutines

Certifying derivation of state machines from coroutines

Coverage-guided differential testing of TLS implementations based on syntax mutation

Computer Security Practices in Senior High Schools in the Keta Municipality

Contact Info

Product

Resources

About