D. Simos, Kristoffer Kleine, A. Voyiatzis, D. R. Kuhn, R. Kacker
{"title":"TLS密码套件推荐:组合覆盖度量方法","authors":"D. Simos, Kristoffer Kleine, A. Voyiatzis, D. R. Kuhn, R. Kacker","doi":"10.1109/QRS.2016.18","DOIUrl":null,"url":null,"abstract":"We present a coverage measurement for TLS cipher suites recommendations provided by various regulatory and intelligence organizations such as the IETF, Mozilla, ENISA, German BSI, and USA NSA. These cipher suites are measured and analyzed using a combinatorial approach, which was made feasible via developing the necessary input models. Besides shedding light on the coverage achieved by the proposed recommendations, we discuss implications towards aspects of test quality. One of them relates to the testing of a TLS implementation, where a system designer or tester should expand the TLS cipher suite registry and integrate the information back to the TLS implementation itself such that the (overall) testing effort is reduced.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"TLS Cipher Suites Recommendations: A Combinatorial Coverage Measurement Approach\",\"authors\":\"D. Simos, Kristoffer Kleine, A. Voyiatzis, D. R. Kuhn, R. Kacker\",\"doi\":\"10.1109/QRS.2016.18\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a coverage measurement for TLS cipher suites recommendations provided by various regulatory and intelligence organizations such as the IETF, Mozilla, ENISA, German BSI, and USA NSA. These cipher suites are measured and analyzed using a combinatorial approach, which was made feasible via developing the necessary input models. Besides shedding light on the coverage achieved by the proposed recommendations, we discuss implications towards aspects of test quality. One of them relates to the testing of a TLS implementation, where a system designer or tester should expand the TLS cipher suite registry and integrate the information back to the TLS implementation itself such that the (overall) testing effort is reduced.\",\"PeriodicalId\":412973,\"journal\":{\"name\":\"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS.2016.18\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS.2016.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
TLS Cipher Suites Recommendations: A Combinatorial Coverage Measurement Approach
We present a coverage measurement for TLS cipher suites recommendations provided by various regulatory and intelligence organizations such as the IETF, Mozilla, ENISA, German BSI, and USA NSA. These cipher suites are measured and analyzed using a combinatorial approach, which was made feasible via developing the necessary input models. Besides shedding light on the coverage achieved by the proposed recommendations, we discuss implications towards aspects of test quality. One of them relates to the testing of a TLS implementation, where a system designer or tester should expand the TLS cipher suite registry and integrate the information back to the TLS implementation itself such that the (overall) testing effort is reduced.