Planning-Based Security Testing of the SSL/TLS Protocol

Josip Bozic, Kristoffer Kleine, Dimitris E. Simos, Franz Wotawa

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

With a growing amount of transferred data in an
interconnected world, the insurance of a secure communication
between two peers becomes a critical task in the software
industry. A leak of critical data can cause tremendous costs
in a financial, social but also political manner. For this sake,
cryptographic protocols are implemented and regulate the data
transfer, thus ensuring the safety of transferred data between
two peers. The widespread security protocol SSL/TLS provides
the mechanisms for this request, however, not without drawbacks
since several security leaks have been identified up to now. Since
vulnerabilities act as a starting point for a potential malicious
action, the identification of such leaks is of highest priority.
In this paper a novel testing approach is presented, which
adapts planning for security testing of cryptographic protocols.
The whole approach is implemented in one testing framework.
Its purpose is to automatically test for known vulnerabilities
in protocol implementations but to trigger other unintended
behavior as well so eventually new security flaws can be identified.
Additionally, the planning specification can be extended further
so new testing possibilities can be generated. New test cases can
be generated dynamically according to changing conditions.
Originalspracheenglisch
TitelIEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)
PublikationsstatusVeröffentlicht - 2017

    Fingerprint

Dieses zitieren

Bozic, J., Kleine, K., Simos, D. E., & Wotawa, F. (2017). Planning-Based Security Testing of the SSL/TLS Protocol. in IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)