Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

HVLearn - Automated Black-Box Analysis of Hostname Verification in SSL-TLS Implementations

IEEE via YouTube

Overview

Explore an automated black-box analysis technique for hostname verification in SSL/TLS implementations through this IEEE conference talk. Dive into the HVLearn framework, which utilizes automata learning algorithms to test and analyze various SSL/TLS libraries and applications. Understand the importance of hostname verification in certificate validation, the challenges involved in testing complex implementations, and how HVLearn leverages certificate templates and Deterministic Finite Automaton (DFA) models to identify discrepancies and potential vulnerabilities. Learn about the framework's effectiveness in achieving higher code coverage compared to existing fuzzing techniques and discover the critical violations of RFC specifications uncovered during testing. Gain insights into topics such as POS host notification, subject autotuned name, terminal learning, testing paths and certificates, model comparison, and international domain name handling in SSL/TLS implementations.

Syllabus

Introduction
Background
POS Host Notification
Subject Autotuned Name
Testing Approach
Terminal Learning
Testing Paths
Testing Certificate
How to Inspect
Model Comparison
Evaluation
Comparison
Resolution
IFC violation
International domain name
Cache sensitive vs insensitive matching

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of HVLearn - Automated Black-Box Analysis of Hostname Verification in SSL-TLS Implementations

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.