Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

SymCerts - Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation

IEEE via YouTube

Overview

Explore a 21-minute conference talk presented at the 2017 IEEE Symposium on Security & Privacy that introduces SymCerts, a novel approach using symbolic execution to expose noncompliance in X.509 certificate validation implementations. Learn how this technique addresses the limitations of black-box fuzzing by providing better coverage and uncovering severe flaws in small footprint SSL/TLS libraries. Discover the challenges of applying symbolic execution to SSL/TLS libraries and how SymCerts, along with domain-specific optimizations, overcome the path explosion problem. Examine the process of extracting path constraints to identify missing checks and cross-validate constraints from different libraries to expose subtle noncompliance issues. Gain insights into the analysis of 9 small footprint X.509 implementations, which revealed 48 instances of noncompliance, and understand how these findings have contributed to improving the security of newer library versions.

Syllabus

SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of SymCerts - Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.