SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementations

Lili Quan; Qianyu Guo; Hongxu Chen; Xiaofei Xie; Xiaohong Li; Yang Liu; Jing Hu

doi:10.1145/3324884.3416552

SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementations

Lili Quan, Qianyu Guo, Hongxu Chen, Xiaofei Xie, Xiaohong Li, Yang Liu, Jing Hu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Citations (Scopus)

Abstract

The security assurance of SSL/TLS critically depends on the correct validation of X.509 certificates. Therefore, it is important to check whether a certificate is correctly validated by the SSL/TLS implementations. Although differential testing has been proven to be effective in finding semantic bugs, it still suffers from the following limitations: (1) The syntax of test cases cannot be correctly guaranteed. (2) Current test cases are not diverse enough to cover more implementation behaviours. This paper tackles these problems by introducing SADT, a novel syntax-aware differential testing framework for evaluating the certificate validation process in SSL/TLS implementations. We first propose a tree-based mutation strategy to ensure that the generated certificates are syntactically correct, and then diversify the certificates by sharing interesting test cases among all target SSL/TLS implementations. Such generated certificates are more likely to trigger discrepancies among SSL/TLS implementations, which may indicate some potential bugs. To evaluate the effectiveness of our approach, we applied SADT on testing 6 widely used SSL/TLS implementations, compared with the state-of-the-art fuzzing technique (i.e., AFL) and two differential testing techniques (i.e., NEZHA and RFCcert). The results show that SADT outperforms other techniques in generating discrepancies. In total, 64 unique discrepancies were discovered by SADT, and 13 of them have been confirmed as bugs or fixed by the developers.

Original language	English
Title of host publication	Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	524-535
Number of pages	12
ISBN (Electronic)	9781450367684
DOIs	https://doi.org/10.1145/3324884.3416552
Publication status	Published - Sept 2020
Externally published	Yes
Event	35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020 - Virtual, Melbourne, Australia Duration: Sept 22 2020 → Sept 25 2020

Publication series

Name	Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020

Conference

Conference	35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020
Country/Territory	Australia
City	Virtual, Melbourne
Period	9/22/20 → 9/25/20

All Science Journal Classification (ASJC) codes

Artificial Intelligence
Software
Safety, Risk, Reliability and Quality

Access to Document

10.1145/3324884.3416552

Cite this

Quan, L., Guo, Q., Chen, H., Xie, X., Li, X., Liu, Y., & Hu, J. (2020). SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementations. In Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020 (pp. 524-535). Article 9286011 (Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1145/3324884.3416552

SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementations. / Quan, Lili; Guo, Qianyu; Chen, Hongxu et al.
Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020. Institute of Electrical and Electronics Engineers Inc., 2020. p. 524-535 9286011 (Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Quan, L, Guo, Q, Chen, H, Xie, X, Li, X, Liu, Y & Hu, J 2020, SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementations. in Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020., 9286011, Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020, Institute of Electrical and Electronics Engineers Inc., pp. 524-535, 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020, Virtual, Melbourne, Australia, 9/22/20. https://doi.org/10.1145/3324884.3416552

Quan L, Guo Q, Chen H, Xie X, Li X, Liu Y et al. SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementations. In Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020. Institute of Electrical and Electronics Engineers Inc. 2020. p. 524-535. 9286011. (Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020). doi: 10.1145/3324884.3416552

Quan, Lili ; Guo, Qianyu ; Chen, Hongxu et al. / SADT : Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementations. Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020. Institute of Electrical and Electronics Engineers Inc., 2020. pp. 524-535 (Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020).

@inproceedings{43ff0506fa1e4de49c5cb8125bfea4ed,

title = "SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementations",

abstract = "The security assurance of SSL/TLS critically depends on the correct validation of X.509 certificates. Therefore, it is important to check whether a certificate is correctly validated by the SSL/TLS implementations. Although differential testing has been proven to be effective in finding semantic bugs, it still suffers from the following limitations: (1) The syntax of test cases cannot be correctly guaranteed. (2) Current test cases are not diverse enough to cover more implementation behaviours. This paper tackles these problems by introducing SADT, a novel syntax-aware differential testing framework for evaluating the certificate validation process in SSL/TLS implementations. We first propose a tree-based mutation strategy to ensure that the generated certificates are syntactically correct, and then diversify the certificates by sharing interesting test cases among all target SSL/TLS implementations. Such generated certificates are more likely to trigger discrepancies among SSL/TLS implementations, which may indicate some potential bugs. To evaluate the effectiveness of our approach, we applied SADT on testing 6 widely used SSL/TLS implementations, compared with the state-of-the-art fuzzing technique (i.e., AFL) and two differential testing techniques (i.e., NEZHA and RFCcert). The results show that SADT outperforms other techniques in generating discrepancies. In total, 64 unique discrepancies were discovered by SADT, and 13 of them have been confirmed as bugs or fixed by the developers.",

author = "Lili Quan and Qianyu Guo and Hongxu Chen and Xiaofei Xie and Xiaohong Li and Yang Liu and Jing Hu",

note = "Funding Information: We thank the anonymous reviewers for their comprehensive feedback. This work was partly supported by the National Science Foundation of China (No. 61872262, 61572349). It was also sponsored by the Singapore Ministry of Education Academic Research Fund Tier 1 (Award No. 2018-T1-002-069), the National Research Foundation, Prime Ministers Office, Singapore under its National Cybersecurity R&D Program (Award No. NRF2018NCR-NCR005-0001), the Singapore National Research Foundation under NCR Award Number NSOE003-0001 and NRF Investigatorship NRFI06-2020-0022. Publisher Copyright: {\textcopyright} 2020 ACM.; 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020 ; Conference date: 22-09-2020 Through 25-09-2020",

year = "2020",

month = sep,

doi = "10.1145/3324884.3416552",

language = "English",

series = "Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "524--535",

booktitle = "Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020",

address = "United States",

}

TY - GEN

T1 - SADT

T2 - 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020

AU - Quan, Lili

AU - Guo, Qianyu

AU - Chen, Hongxu

AU - Xie, Xiaofei

AU - Li, Xiaohong

AU - Liu, Yang

AU - Hu, Jing

N1 - Funding Information: We thank the anonymous reviewers for their comprehensive feedback. This work was partly supported by the National Science Foundation of China (No. 61872262, 61572349). It was also sponsored by the Singapore Ministry of Education Academic Research Fund Tier 1 (Award No. 2018-T1-002-069), the National Research Foundation, Prime Ministers Office, Singapore under its National Cybersecurity R&D Program (Award No. NRF2018NCR-NCR005-0001), the Singapore National Research Foundation under NCR Award Number NSOE003-0001 and NRF Investigatorship NRFI06-2020-0022. Publisher Copyright: © 2020 ACM.

PY - 2020/9

Y1 - 2020/9

N2 - The security assurance of SSL/TLS critically depends on the correct validation of X.509 certificates. Therefore, it is important to check whether a certificate is correctly validated by the SSL/TLS implementations. Although differential testing has been proven to be effective in finding semantic bugs, it still suffers from the following limitations: (1) The syntax of test cases cannot be correctly guaranteed. (2) Current test cases are not diverse enough to cover more implementation behaviours. This paper tackles these problems by introducing SADT, a novel syntax-aware differential testing framework for evaluating the certificate validation process in SSL/TLS implementations. We first propose a tree-based mutation strategy to ensure that the generated certificates are syntactically correct, and then diversify the certificates by sharing interesting test cases among all target SSL/TLS implementations. Such generated certificates are more likely to trigger discrepancies among SSL/TLS implementations, which may indicate some potential bugs. To evaluate the effectiveness of our approach, we applied SADT on testing 6 widely used SSL/TLS implementations, compared with the state-of-the-art fuzzing technique (i.e., AFL) and two differential testing techniques (i.e., NEZHA and RFCcert). The results show that SADT outperforms other techniques in generating discrepancies. In total, 64 unique discrepancies were discovered by SADT, and 13 of them have been confirmed as bugs or fixed by the developers.

AB - The security assurance of SSL/TLS critically depends on the correct validation of X.509 certificates. Therefore, it is important to check whether a certificate is correctly validated by the SSL/TLS implementations. Although differential testing has been proven to be effective in finding semantic bugs, it still suffers from the following limitations: (1) The syntax of test cases cannot be correctly guaranteed. (2) Current test cases are not diverse enough to cover more implementation behaviours. This paper tackles these problems by introducing SADT, a novel syntax-aware differential testing framework for evaluating the certificate validation process in SSL/TLS implementations. We first propose a tree-based mutation strategy to ensure that the generated certificates are syntactically correct, and then diversify the certificates by sharing interesting test cases among all target SSL/TLS implementations. Such generated certificates are more likely to trigger discrepancies among SSL/TLS implementations, which may indicate some potential bugs. To evaluate the effectiveness of our approach, we applied SADT on testing 6 widely used SSL/TLS implementations, compared with the state-of-the-art fuzzing technique (i.e., AFL) and two differential testing techniques (i.e., NEZHA and RFCcert). The results show that SADT outperforms other techniques in generating discrepancies. In total, 64 unique discrepancies were discovered by SADT, and 13 of them have been confirmed as bugs or fixed by the developers.

UR - http://www.scopus.com/inward/record.url?scp=85099226176&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85099226176&partnerID=8YFLogxK

U2 - 10.1145/3324884.3416552

DO - 10.1145/3324884.3416552

M3 - Conference contribution

AN - SCOPUS:85099226176

T3 - Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020

SP - 524

EP - 535

BT - Proceedings - 2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 22 September 2020 through 25 September 2020

ER -

SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementations

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this