skip to main content
10.1145/3532105.3535042acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
demonstration

Demo: TLSAssistant v2: A Modular and Extensible Framework for Securing TLS

Published: 08 June 2022 Publication History

Abstract

To grasp the security implications of the various TLS configuration options, system administrators and app developers must be familiar with a wide range of concepts, including cryptography. To assist users in this task, we propose TLSAssistant- a modular and extensible framework designed to streamline the discovery and mitigation of potential vulnerabilities in TLS deployments. This demo will focus on two of the four available analysis types.

References

[1]
AgID - Agenzia per l'Italia digitale. 2022. Il catalogo del software open source a disposizione della Pubblica Amministrazione. https://developers.italia.it/it/software.
[2]
Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. 2012. Why Eve and Mallory Love Android: An Analysis of Android SSL (in)Security. In Proceedings of the 2012 ACM Conference on Computer and Communications Security. 50--61. https://doi.org/10.1145/2382196.2382205
[3]
Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, and Edgar Weippl. 2017. "I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPS https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/krombholz. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1339--1356.
[4]
Salvatore Manfredi, Mariano Ceccato, Silvio Ranise, and Giada Sciarretta. 2021. Do Security Reports Meet Usability? -- Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations. https://doi.org/10.1145/3465481.3469187
[5]
Bodo Möller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting The SSL 3.0 Fallback http://www.bmoeller.de/pdf/ssl-poodle.pdf.
[6]
Security and Trust Research Unit. 2022. TLSAssistant. https://github.com/stfbk/tlsassistant.
[7]
Security and Trust Research Unit. 2022. TLSAssistant. https://st.fbk.eu/tools/TLSAssistant.

Index Terms

  1. Demo: TLSAssistant v2: A Modular and Extensible Framework for Securing TLS

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies
      June 2022
      282 pages
      ISBN:9781450393577
      DOI:10.1145/3532105
      Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 08 June 2022

      Check for updates

      Author Tags

      1. TLS misconfiguration
      2. assisted mitigations
      3. vulnerability detection

      Qualifiers

      • Demonstration

      Conference

      SACMAT '22
      Sponsor:

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 57
        Total Downloads
      • Downloads (Last 12 months)7
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 20 Feb 2025

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media