|![[Search]](/images/search.gif?1209136071)
|![[A-Z Index]](/images/az.gif?1209136071)
|![[Contact]](/images/contact.gif?1209136071)
||![[University of Birmingham]](/images/identifier2.gif?1243330508){kind=small} |
![[Talks@bham]](/images/talkslogosmall.gif?1243330508) |
University of Birmingham > Talks@bham > Computer Security Seminars > Protocol State Fuzzing of TLS Implementations
Protocol State Fuzzing of TLS ImplementationsAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Gurchetan Grewal. We describe a largely automated and systematic analysis of TLS implementations by what we call ‘protocol state fuzzing’: we use state machine learning to infer state machines from protocol implementations, using only blackbox testing, and then inspect the inferred state machines to look for spurious behaviour which might be an indication of flaws in the program logic. For detecting the presence of spurious behaviour the approach is almost fully automatic: we automatically obtain state machines and any spurious behaviour is then trivial to see. Detecting whether the spurious behaviour introduces exploitable security weaknesses does require manual investigation. Still, we take the point of view that any spurious functionality in a security protocol implementation is dangerous and should be removed. We analysed both server- and client-side implementations with a test harness that supports several key exchange algorithms and the option of client certificate authentication. We show that this approach can catch an interesting class of implementation flaws that is apparently common in security protocol implementations: in three of the TLS implementations analysed new security flaws were found (in GnuTLS, the Java Secure Socket Extension, and OpenSSL). This shows that protocol state fuzzing is a useful technique to systematically analyse security protocol implementations. As our analysis of different TLS implementations resulted in different and unique state machines for each one, the technique can also be used for fingerprinting TLS implementations. This talk is part of the Computer Security Seminars series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsFeatured talks http://talks.bham.ac.uk/show/index/1942 Midlands Logic SeminarOther talksTBC Extending the Lax type operator for finite W-algebras Quantum simulations using ultra cold ytterbium Ultrafast, all-optical, and highly efficient imaging of molecular chirality Sylow branching coefficients for symmetric groups Geometry of alternating projections in metric spaces with bounded curvature |
Thursday 24 September 2015, 11:00-12:00