检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:陈矗 CHEN Chu(School of Computer Science and Technology, Xidian Univ., Xi an 710071, China)
出 处:《西安电子科技大学学报》2019年第3期20-25,共6页Journal of Xidian University
基 金:国家自然科学基金(61732013)
摘 要:为解决现有工具对安全套接层或传输层安全协议实现中证书验证模块的检测效率低等问题,研发了对证书验证模块进行差异测试的新工具RFCcertDT。首先,RFCcertDT基于因特网工程任务组制定的请求评议进行证书规则的自动提取、更新、分类和表示,基于动态符号执行技术生成证书作为测试用例;然后,使用生成的证书和令牌环式测试实现对单个或多个证书验证模块的差异测试并生成软件错误报告。实验结果表明,RFCcertDT的检测效率优于现有工具。RFCcertDT对证书验证模块实现了高效的检测,有助于加强安全套接层或传输层安全协议的软件安全。To solve the problems such as low efficiency of existing tools which are used to check certificate validation modules in the implementation of Secure Sockets Layer or Transport Layer Security protocol, a novel tool named RFCcertDT for differential testing of certificate validation modules is designed and developed. First, rules of certificates are automatically extracted, updated, classified and expressed based on the Request for Comments specified by the Internet Engineering Task Force, and certificates which act as test cases are generated based on the dynamic symbolic execution technique. Second, the generated certificates and the token-ring testing are used to conduct differential testing of a single or multiple certificate validation modules and generate bug reports. Experimental results show that the RFCcertDT is more efficient than existing tools. In summary, the RFCcertDT tests certificate validation modules with high efficiency and is helpful to reinforcing the software security of the Secure Sockets Layer or Transport Layer Security protocol.
关 键 词:安全套接层协议 传输层安全协议 请求评议 证书验证 差异测试 动态符号执行
分 类 号:TP311.5[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.185