Journal of Xidian University ›› 2019, Vol. 46 ›› Issue (3): 20-25.doi: 10.19665/j.issn1001-2400.2019.03.004

Previous Articles     Next Articles

RFCcertDT: a testing tool for certificate validation in SSL/TLS

CHEN Chu   

  1. School of Computer Science and Technology, Xidian Univ., Xi’an 710071, China
  • Received:2019-03-01 Online:2019-06-20 Published:2019-06-19

Abstract:

To solve the problems such as low efficiency of existing tools which are used to check certificate validation modules in the implementation of Secure Sockets Layer or Transport Layer Security protocol, a novel tool named RFCcertDT for differential testing of certificate validation modules is designed and developed. First, rules of certificates are automatically extracted, updated, classified and expressed based on the Request for Comments specified by the Internet Engineering Task Force, and certificates which act as test cases are generated based on the dynamic symbolic execution technique. Second, the generated certificates and the token-ring testing are used to conduct differential testing of a single or multiple certificate validation modules and generate bug reports. Experimental results show that the RFCcertDT is more efficient than existing tools. In summary, the RFCcertDT tests certificate validation modules with high efficiency and is helpful to reinforcing the software security of the Secure Sockets Layer or Transport Layer Security protocol.

Key words: secure sockets layer, transport layer security, request for comments, certificate validation, differential testing, dynamic symbolic execution

CLC Number: 

  • TP311.5

Baidu
map