ABSTRACT
To grasp the security implications of the various TLS configuration options, system administrators and app developers must be familiar with a wide range of concepts, including cryptography. To assist users in this task, we propose TLSAssistant- a modular and extensible framework designed to streamline the discovery and mitigation of potential vulnerabilities in TLS deployments. This demo will focus on two of the four available analysis types.
- AgID - Agenzia per l'Italia digitale. 2022. Il catalogo del software open source a disposizione della Pubblica Amministrazione. https://developers.italia.it/it/software.Google Scholar
- Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. 2012. Why Eve and Mallory Love Android: An Analysis of Android SSL (in)Security. In Proceedings of the 2012 ACM Conference on Computer and Communications Security. 50--61. https://doi.org/10.1145/2382196.2382205Google ScholarDigital Library
- Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, and Edgar Weippl. 2017. "I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPS https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/krombholz. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1339--1356.Google Scholar
- Salvatore Manfredi, Mariano Ceccato, Silvio Ranise, and Giada Sciarretta. 2021. Do Security Reports Meet Usability? -- Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations. https://doi.org/10.1145/3465481.3469187Google ScholarDigital Library
- Bodo Möller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting The SSL 3.0 Fallback http://www.bmoeller.de/pdf/ssl-poodle.pdf.Google Scholar
- Security and Trust Research Unit. 2022. TLSAssistant. https://github.com/stfbk/tlsassistant.Google Scholar
- Security and Trust Research Unit. 2022. TLSAssistant. https://st.fbk.eu/tools/TLSAssistant.Google Scholar
Index Terms
Demo: TLSAssistant v2: A Modular and Extensible Framework for Securing TLS
Recommendations
Do Security Reports Meet Usability?: Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and SecuritySeveral automated tools have been proposed to detect vulnerabilities. These tools are mainly evaluated in terms of their accuracy in detecting vulnerabilities, but the evaluation of their usability is a commonly neglected topic. Usability of automated ...
A Modular and Extensible Framework for Securing TLS
CODASPY '22: Proceedings of the Twelfth ACM Conference on Data and Application Security and PrivacyWhile being both extremely powerful and popular, TLS is a protocol that is hard to securely deploy. On the one hand, system administrators are required to grasp several security concepts to fully understand the impact of each option and avoid ...
Lost in TLS? No More! Assisted Deployment of Secure TLS Configurations
Data and Applications Security and Privacy XXXIIIAbstractOver the last few years, there has been an almost exponential growth of TLS popularity and usage, especially among applications that deal with sensitive data. However, even with this widespread use, TLS remains for many system administrators a ...
Comments