A Modular and Extensible Framework for Securing TLS

Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI:10.1145/3508398.3511505

Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise

引用次数: 0

Abstract

While being both extremely powerful and popular, TLS is a protocol that is hard to securely deploy. On the one hand, system administrators are required to grasp several security concepts to fully understand the impact of each option and avoid misconfigurations. On the other hand, app developers should use cryptographic libraries in a secure way avoiding dangerous default settings or other subtleties (e.g., padding or modes of operations). To help secure TLS, we propose a modular framework, extensible with new features and capable of streamlining the mitigation process of known and newly discovered TLS attacks even for non-expert users.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

一个模块化和可扩展的TLS安全框架

虽然TLS功能强大且广受欢迎，但它是一种难以安全部署的协议。一方面，系统管理员需要掌握几个安全概念，以充分了解每个选项的影响并避免错误配置。另一方面，应用程序开发人员应该以安全的方式使用加密库，避免危险的默认设置或其他微妙之处(例如，填充或操作模式)。为了帮助保护TLS，我们提出了一个模块化框架，可扩展的新功能，能够简化已知和新发现的TLS攻击的缓解过程，即使是非专家用户。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy

自引率

0.00%

发文量

期刊最新文献

Session details: Session 7: Encryption and Privacy RS-PKE: Ranked Searchable Public-Key Encryption for Cloud-Assisted Lightweight Platforms Prediction of Mobile App Privacy Preferences with User Profiles via Federated Learning Building a Commit-level Dataset of Real-world Vulnerabilities Shared Multi-Keyboard and Bilingual Datasets to Support Keystroke Dynamics Research