SADT: Syntax-aware differential testing of certificate validation in SSL/TLS Implementations

Author

Lili QUAN
Qianyu GUO
Hongxu CHEN
Xiaofei XIE, Singapore Management UniversityFollow
Xiaohong LI
Yang LIU
Jing HU

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

12-2020

Abstract

The security assurance of SSL/TLS critically depends on the correct validation of X.509 certificates. Therefore, it is important to check whether a certificate is correctly validated by the SSL/TLS implementations. Although differential testing has been proven to be effective in finding semantic bugs, it still suffers from the following limitations: (1) The syntax of test cases cannot be correctly guaranteed. (2) Current test cases are not diverse enough to cover more implementation behaviours. This paper tackles these problems by introducing SADT, a novel syntax-aware differential testing framework for evaluating the certificate validation process in SSL/TLS implementations. We first propose a tree-based mutation strategy to ensure that the generated certificates are syntactically correct, and then diversify the certificates by sharing interesting test cases among all target SSL/TLS implementations. Such generated certificates are more likely to trigger discrepancies among SSL/TLS implementations, which may indicate some potential bugs.To evaluate the effectiveness of our approach, we applied SADT on testing 6 widely used SSL/TLS implementations, compared with the state-of-the-art fuzzing technique (i.e., AFL) and two differential testing techniques (i.e., NEZHA and RFCcert). The results show that SADT outperforms other techniques in generating discrepancies. In total, 64 unique discrepancies were discovered by SADT, and 13 of them have been confirmed as bugs or fixed by the developers.

Keywords

Differential testing, Certificate validation, SSL/TLS Implementation

Discipline

OS and Networks | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE): Virtual, 2020 September 21-25

First Page

524

Last Page

535

ISBN

9781450367684

Identifier

10.1145/3324884.3416552

Publisher

Association for Computing Machinery

City or Country

Virtual Conference

Citation

QUAN, Lili; GUO, Qianyu; CHEN, Hongxu; XIE, Xiaofei; LI, Xiaohong; LIU, Yang; and HU, Jing. SADT: Syntax-aware differential testing of certificate validation in SSL/TLS Implementations. (2020). Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE): Virtual, 2020 September 21-25. 524-535.
Available at: https://ink.library.smu.edu.sg/sis_research/7114

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.