* ICSE 2018 *
Sun 27 May - Sun 3 June 2018 Gothenburg, Sweden
Fri 1 Jun 2018 11:00 - 11:20 at Congress Hall - Testing III Chair(s): Myra Cohen

Certificate validation in Secure Socket Layer or Transport Layer Security protocol (SSL/TLS) is critical to Internet security. Thus, it is significant to check whether certificate validation in SSL/TLS is correctly implemented. With this motivation, we propose a novel differential testing approach which is directed by the standard Request For Comments (RFC). First, rules of certificates are extracted automatically from RFCs. Second, low-level test cases are generated through dynamic symbolic execution. Third, high-level test cases, i.e. certificates, are assembled automatically. Finally, with the assembled certificates being test cases, certificate validations in SSL/TLS implementations are tested to reveal latent vulnerabilities or bugs. Our approach named RFCcert has the following advantages: (1) certificates of RFCcert are discrepancy-targeted since they are assembled according to standards instead of genetics; (2) with the obtained certificates, RFCcert not only reveals the invalidity of traditional differential testing but also is able to conduct testing that traditional differential testing cannot do; and (3) the supporting tool of RFCcert has been implemented and extensive experiments show that the approach is effective in finding bugs of SSL/TLS implementations.

RFC-Directed Differential Testing of Certificate Validation in SSL/TLS implementations (beamerRFCcert.pdf)2.10MiB

Fri 1 Jun

icse-2018-Technical-Papers
11:00 - 12:30: Technical Papers - Testing III at Congress Hall
Chair(s): Myra CohenUniversity of Nebraska-Lincoln
icse-2018-Technical-Papers152784360000011:00 - 11:20
Talk
DOI File Attached
icse-2018-Technical-Papers152784480000011:20 - 11:40
Research paper
Hengbiao Yu, Zhenbang ChenCollege of Computer, National University of Defense Technology, Ji Wang, Zhendong SuUniversity of California, Davis, Wei Dong
Pre-print
icse-2018-Journal-first-papers152784600000011:40 - 12:00
Talk
icse-2018-Journal-first-papers152784720000012:00 - 12:20
Talk
Narayan RamasubbuUniversity of Pittsburgh, USA , Chris KemererUniversity of Pittsburgh
icse-2018-Technical-Papers152784840000012:20 - 12:30
Talk