B. Chandrasekar, Bharat Ramesh, V. Prabhu, S. Sajeev, Pratik K. Mohanty, G. Shobha
{"title":"智能数字证书模糊检测工具的研制","authors":"B. Chandrasekar, Bharat Ramesh, V. Prabhu, S. Sajeev, Pratik K. Mohanty, G. Shobha","doi":"10.1145/3058060.3058070","DOIUrl":null,"url":null,"abstract":"Present day software testing demands effective ways to find software vulnerabilities through testing. This is especially true in case of network security that employ digital certificates for authentication. Digital certificates are the de-facto standard for verification of users and an integral part of public key infrastructure used to secure channels of communication within networks. An effective approach to testing digital certificates is to implement protocol based fuzzing. Fuzzing in general terms is the process of inserting high volume of invalid or random inputs into a program with the aim of obtaining unexpected results, thus identifying errors and potential vulnerabilities. This paper aims to introduce a protocol aware, user friendly graphical user interface (GUI) based digital certificate fuzzing tool. The tool aims to provide an effective means of black box testing through the use of mutation based fuzzing and OpenSSL to create digital certificates with user provided test-case specific fields. The fuzzed certificates are used as inputs in order to expose defects in digital certificate validation systems.","PeriodicalId":152599,"journal":{"name":"International Conference on Cryptography, Security and Privacy","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Development of Intelligent Digital Certificate Fuzzer Tool\",\"authors\":\"B. Chandrasekar, Bharat Ramesh, V. Prabhu, S. Sajeev, Pratik K. Mohanty, G. Shobha\",\"doi\":\"10.1145/3058060.3058070\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Present day software testing demands effective ways to find software vulnerabilities through testing. This is especially true in case of network security that employ digital certificates for authentication. Digital certificates are the de-facto standard for verification of users and an integral part of public key infrastructure used to secure channels of communication within networks. An effective approach to testing digital certificates is to implement protocol based fuzzing. Fuzzing in general terms is the process of inserting high volume of invalid or random inputs into a program with the aim of obtaining unexpected results, thus identifying errors and potential vulnerabilities. This paper aims to introduce a protocol aware, user friendly graphical user interface (GUI) based digital certificate fuzzing tool. The tool aims to provide an effective means of black box testing through the use of mutation based fuzzing and OpenSSL to create digital certificates with user provided test-case specific fields. The fuzzed certificates are used as inputs in order to expose defects in digital certificate validation systems.\",\"PeriodicalId\":152599,\"journal\":{\"name\":\"International Conference on Cryptography, Security and Privacy\",\"volume\":\"28 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-03-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Cryptography, Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3058060.3058070\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Cryptography, Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3058060.3058070","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Development of Intelligent Digital Certificate Fuzzer Tool
Present day software testing demands effective ways to find software vulnerabilities through testing. This is especially true in case of network security that employ digital certificates for authentication. Digital certificates are the de-facto standard for verification of users and an integral part of public key infrastructure used to secure channels of communication within networks. An effective approach to testing digital certificates is to implement protocol based fuzzing. Fuzzing in general terms is the process of inserting high volume of invalid or random inputs into a program with the aim of obtaining unexpected results, thus identifying errors and potential vulnerabilities. This paper aims to introduce a protocol aware, user friendly graphical user interface (GUI) based digital certificate fuzzing tool. The tool aims to provide an effective means of black box testing through the use of mutation based fuzzing and OpenSSL to create digital certificates with user provided test-case specific fields. The fuzzed certificates are used as inputs in order to expose defects in digital certificate validation systems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
