dane verification test suite
play

DANE verification test suite Hamza Boulakhrif Guido Kroon - PowerPoint PPT Presentation

May 19, 2023 •763 likes •940 views

DANE verification test suite Hamza Boulakhrif Guido Kroon Supervisor: Michiel Leenaars (NLnet Foundation) hamza.boulakhrif@os3.nl, guido.kroon@os3.nl Faculty of Physics, Mathematics and Informatics Graduate School of Informatics System and

  1. DANE verification test suite Hamza Boulakhrif Guido Kroon Supervisor: Michiel Leenaars (NLnet Foundation) hamza.boulakhrif@os3.nl, guido.kroon@os3.nl Faculty of Physics, Mathematics and Informatics Graduate School of Informatics System and Network Engineering MSc February 6, 2015 Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 1 / 17

  2. Introduction Classic CA model Trusted Certificate Authorities Pre-configured CA certificate collections DANE DNSSEC chain of trust TLSA RRs PKIX validation (optional) Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 2 / 17

  3. Classic CA model Figure 1: Classic validation. Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 3 / 17

  4. DANE model Figure 2: DANE validation. Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 4 / 17

  5. TLSA RR Basically a customised SRV RR Service, Proto, Name, Class fields Certificate Usage Selector Matching Type Certificate Association Data TLSA RR format _Service._Proto.Name Class TLSA Usage Selector Mtype Data TLSA RR example _443._tcp.dane.internet.nl. IN TLSA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e971 ) Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 5 / 17

  6. Certificate Usages (1) The four different Certificate Usages of DANE. Usage 1 (Server Certificate Constraint) TLSA RR specifies which EE certificate should be used for the domain. Usage 3 (Domain-issued Certificate) TLSA RR specifies the TLS certificate that should be used for the domain, without PKIX validation. Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 6 / 17

  7. Certificate Usages (1) Usage 0 (CA Constraint) TLSA RR specifies which CA will provide TLS certificates for the domain. Usage 2 (Trust Anchor Assertion) TLSA RR specifies which trust anchor will provide TLS certificates for the domain, allowing the use of a CA not included in the CA certificate collection of the application. Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 7 / 17

  8. Research question Can a test suite be devised to allow developers and implementers to validate the reliability and consistency of an implementation of DANE, and its ability to correctly handle unforeseen input or deviations from the official TLSA syntax as per RFC 6698? Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 8 / 17

  9. Scope The scope for this research. Analysis of RFC6698 Extensible test suite Usages Test DANE implementations Not part of scope research: (Re)writing DANE-tools (Re)compiling of DANE-tools Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 9 / 17

  10. Approach The approach for this research. Analysis of DANE RFC 6698 (and RFC 6394) Deployment of environment Build test suite in environment Test DANE implementations Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 10 / 17

  11. Test suite The test suite is built by using: BIND Apache Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 11 / 17

  12. Experiments (1) GnuTLS ldns-dane DNSSEC/TLSA Validator (browser add-on) Figure 4: GNUTLS Danetool Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 12 / 17

  13. Experiments (2) Test cases that are devised by the analysis of the DANE specification. (Non-)existing usages (Non-)existing Selectors (Non-)existing Matching types Combination of Selector and Matching type incorrect (In)correct hash (type) Expired certificates Unsigned DNSSEC chain Wildcard usage Incorrect signed certificates Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 13 / 17

  14. Results GnuTLS No PKIX validation (intentional). ldns-dane Specify CA certificates manually for PKIX validation. DNSSEC/TLSA Validator No PKIX validation, even though it claims to. Figure 5: DNSSEC/TLSA Validator without proper PKIX validation. Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 14 / 17

  15. Conclusion Based on the results, a couple of conclusions can be derived. RFC 6698 Interpretation Test suite Good Bad Grey BIND Test cases Limitations Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 15 / 17

  16. Future work Some noteworthy details, which lie outside of the scope of this project: Think of more test cases Proxy in front of BIND Test cases for all usages (CA Contraint) Source code analysis of DANE implementations Complete DANE support in DANE implementations Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 16 / 17

  17. The End Hamza Boulakhrif, Guido Kroon (UvA) DANE verification test suite February 6, 2015 17 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 17: Wrapup & Questions . Runtime-Verification . Statement-, branch-, term-

Lecture 17: Wrapup & Questions . Runtime-Verification . Statement-, branch-, term-

Topic Area Code Quality Assurance: Content Content Introduction and Vocabulary Formal Program Verification VL 14 Test case, test suite, test execution. Proof System PD . . Positive and negative outcomes. Softwaretechnik /

246 views • 13 slides
CMPE 646: VLSI Design Verification and Test Course: CMPE 646: VLSI Design Verification and Test,

CMPE 646: VLSI Design Verification and Test Course: CMPE 646: VLSI Design Verification and Test,

CMPE 646: VLSI Design Verification and Test Course: CMPE 646: VLSI Design Verification and Test, Fall 2006. 3 credits. Course Instructor: Dr. Jim Plusquellic, Professor of Computer Science & Electrical Engineering Office: ECS 212,

760 views • 3 slides
A Sweet Test Suite DrupalCamp Atlanta | A Sweet Test Suite | Dan Gurin | @dgurin | @CIVICACTIONS

A Sweet Test Suite DrupalCamp Atlanta | A Sweet Test Suite | Dan Gurin | @dgurin | @CIVICACTIONS

A Sweet Test Suite DrupalCamp Atlanta | A Sweet Test Suite | Dan Gurin | @dgurin | @CIVICACTIONS A Sweet Test Sweet Dan Gurin Engineer @CivicActions Drupal Camp Asheville Organizer Twitter @dgurin dangur on github, LinkedIn, www, Slack...

757 views • 52 slides
Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying

Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying

Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying SV-based VIP DV Club Presentation (23 April 2012) NEED FOR VERIFICATION IP Why do we need VIPs? Time To Market Ready-to-integrate models

403 views • 22 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (11/26/07) I E S R C E O V

UMBC A B M A L T F O U M B C I M Y O R T 1 (11/26/07) I E S R C E O V

VLSI Design Verification and Test Simulation CMPE 646 Design Verification Simulation used for 1) design verification : verify the correctness of the design and 2) test verification. Design verification: Specification Critical or

426 views • 15 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (9/7/04) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (9/7/04) I E S R C E O V U

VLSI Design Verification and Test Introduction CMPE 646 VLSI Design Verification and Test Instructor: Professor Jim Plusquellic Text: Michael L. Bushnell and Vishwani D. Agrawal, Essentials of Electronic Test- ing, for Digital, Memory and

176 views • 15 slides
Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite

Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite

Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite 12 spacious Suites Junior Suite: 45m 2 Suite: 65m 2 Apartment Suite: 110m 2 Fine Italian Cuisine Renowned Chef Vito Grippa

498 views • 18 slides
MCCB TESTING EQUIPMENTS LIST OF TEST EQUIPMENT MCCB THERMAL TRIP VERIFICATION TEST BENCH 1.

MCCB TESTING EQUIPMENTS LIST OF TEST EQUIPMENT MCCB THERMAL TRIP VERIFICATION TEST BENCH 1.

SALES PRESENTATION FOR MCCB TESTING EQUIPMENTS LIST OF TEST EQUIPMENT MCCB THERMAL TRIP VERIFICATION TEST BENCH 1. MCCB SHORT CIRCUIT TRIP VERIFICATION TEST BENCH 2. MCCB RESEARCH AND DEVELOPMENT BENCH 3. MCCB TEMPERATURE RISE TEST BENCH

911 views • 51 slides
Introduction to structured Test, diagnosis, and verification VLSI design Cost, defects,

Introduction to structured Test, diagnosis, and verification VLSI design Cost, defects,

Outline Electronics Manufacturing Introduction to structured Test, diagnosis, and verification VLSI design Cost, defects, fault models, and quality of test Test generation Design for Test (DfT) - Part 1 Erik Larsson

473 views • 16 slides
Verification and Validation Ian Sommerville, SW Engineering, 7th/8th edition Ch 22 Why Test? 2

Verification and Validation Ian Sommerville, SW Engineering, 7th/8th edition Ch 22 Why Test? 2

Verification and Validation Ian Sommerville, SW Engineering, 7th/8th edition Ch 22 Why Test? 2 Why Test? 3 Software is Buggy! On average, 1-5 errors per 1KLOC Windows 2000 35M LOC 63,000 known bugs at the time of release

823 views • 49 slides
Verification Futures India 2014 Mike Bartley CEO and Founder Test and Verification Solutions Ltd

Verification Futures India 2014 Mike Bartley CEO and Founder Test and Verification Solutions Ltd

Welcome to Verification Futures India 2014 Mike Bartley CEO and Founder Test and Verification Solutions Ltd 13-May-2014 Hotel Park Plaza, Bangalore Sponsors and Participating Companies Thank you to our Sponsors and Speakers Verification

213 views • 9 slides
A Suite of Hard ACL2 Theorems Arising in Refinement-Based Processor Verification Panagiotis

A Suite of Hard ACL2 Theorems Arising in Refinement-Based Processor Verification Panagiotis

A Suite of Hard ACL2 Theorems Arising in Refinement-Based Processor Verification Panagiotis (Pete) Manolios Sudarshan Srinivasan Georgia Institute of Technology 1 Introduction Hardware verification is an area of strength for ACL2.

422 views • 20 slides
DANE COUNTY JAIL UPDATE STUDY GOING FROM THIS: TO THIS: Presentation to The Dane County Public

DANE COUNTY JAIL UPDATE STUDY GOING FROM THIS: TO THIS: Presentation to The Dane County Public

DANE COUNTY JAIL UPDATE STUDY GOING FROM THIS: TO THIS: Presentation to The Dane County Public Protection & Judiciary Committee INTRODUCTIONS David Way Curtiss Pulitzer Patrick Jablonski Eric Lawson Jan Horsfall OVERVIEW OF THE REPORT

583 views • 57 slides
Dane Bank Consultation 8 th November 2018 The Aim of the Meeting To find out more about Dane

Dane Bank Consultation 8 th November 2018 The Aim of the Meeting To find out more about Dane

Dane Bank Consultation 8 th November 2018 The Aim of the Meeting To find out more about Dane Bank s reasons for considering conversion to Academy Status Opportunity for governors to find out more about how parents and carers feel

562 views • 35 slides
A Robot Framework Test Suite for OpenAFS Michael Meffie, Sine Nomine Associates June 21, 2019 A

A Robot Framework Test Suite for OpenAFS Michael Meffie, Sine Nomine Associates June 21, 2019 A

A Robot Framework Test Suite for OpenAFS Michael Meffie, Sine Nomine Associates June 21, 2019 A Robot Framework Test Suite for OpenAFS 1 of 32 A Robot Framework Test Suite for OpenAFS 2 of 32 Tests suites OpenAFS unit tests c-based

436 views • 32 slides
The EXQUIRES (EXtensible QUantitative Image RESampling) Test Suite: Impact of the Downsampler,

The EXQUIRES (EXtensible QUantitative Image RESampling) Test Suite: Impact of the Downsampler,

The EXQUIRES (EXtensible QUantitative Image RESampling) Test Suite: Impact of the Downsampler, Difference Metric, Test Image, Resampling Ratio and Colour Space on Upsampler Rank Adam Turcotte Department of Mathematics and Computer Science

534 views • 50 slides
Solutions Solutions John Boevers Molly Vich John Morris

Solutions Solutions John Boevers Molly Vich John Morris

Solutions Solutions John Boevers Molly Vich John Morris Wes Wegener Mission Statement Our Mission is to provide innovative and economical solutions to the hay and forage industry that will maximize

573 views • 33 slides
to 31 March 2020 14 May 2020 Resilient performance despite severe disruption from Covid-19 Year

to 31 March 2020 14 May 2020 Resilient performance despite severe disruption from Covid-19 Year

Results for the year to 31 March 2020 14 May 2020 Resilient performance despite severe disruption from Covid-19 Year to 31 March 2020 Group Private Equity Infrastructure Scandlines Cash realisations Total return Total dividend

613 views • 49 slides
BUTCH TAILORS BUTCH Est. 1956 SINCE 1956 THE STORY BUTCH Est. 1956 Born a million

BUTCH TAILORS BUTCH Est. 1956 SINCE 1956 THE STORY BUTCH Est. 1956 Born a million

DRESSED AROUND THE GLOBE X THE SAVILE ROW CUT BUTCH TAILORS BUTCH Est. 1956 SINCE 1956 THE STORY BUTCH Est. 1956 Born a million garments ago. A million means lots of stitches, buttons and hours. In other words, tons of

223 views • 21 slides
Traffic Is Life! Traffic Safety Projects ala enkarde DOU OTOMOTIV, TURKEY About DOGUS

Traffic Is Life! Traffic Safety Projects ala enkarde DOU OTOMOTIV, TURKEY About DOGUS

Traffic Is Life! Traffic Safety Projects ala enkarde DOU OTOMOTIV, TURKEY About DOGUS OTOMOTV We are aware of our responsibilities in every area where our services touch human life Dogus Otomotiv is the member of the Dogus

528 views • 14 slides
The ESVAC project. Main deliverables and results Kari Grave, Jordi Torren & David Mackay

The ESVAC project. Main deliverables and results Kari Grave, Jordi Torren & David Mackay

The ESVAC project. Main deliverables and results Kari Grave, Jordi Torren & David Mackay European Medicines Agency Animal and Public Health An agency of the European Union Outline ESVAC background and mandate Approach

263 views • 25 slides
Models for Railway Track Allocation Thomas Schlechte Joint work with Ralf Borndrfer Martin

Models for Railway Track Allocation Thomas Schlechte Joint work with Ralf Borndrfer Martin

Models for Railway Track Allocation Thomas Schlechte Joint work with Ralf Borndrfer Martin Grtschel 16.11.2007 ATMOS 2007 Sevilla Konrad-Zuse-Zentrum fr Informationstechnik Berlin (ZIB) Thomas Schlechte schlechte@zib.de

710 views • 41 slides
Scheduling Problems and Algorithms in Traffic and Transport MAPSP 2011 Nymburk, 24.06.11 Ralf

Scheduling Problems and Algorithms in Traffic and Transport MAPSP 2011 Nymburk, 24.06.11 Ralf

Scheduling Problems and Algorithms in Traffic and Transport MAPSP 2011 Nymburk, 24.06.11 Ralf Borndrfer Zuse-Institute Berlin Joint work with Ivan Dovica, Martin Grtschel, Olga Heismann, Andreas Lbel, Markus Reuther, Elmar Swarat,

1.38k views • 106 slides
HEALTH SUMMARY OF THE PRESENTATION TO THE HEALTH MARKET INQUIRY Contents FSDoH Private

HEALTH SUMMARY OF THE PRESENTATION TO THE HEALTH MARKET INQUIRY Contents FSDoH Private

FREE STATE DEPARTMENT OF HEALTH SUMMARY OF THE PRESENTATION TO THE HEALTH MARKET INQUIRY Contents FSDoH Private Facilities per District Public-Private-Partnership; Netcare/CHM Remunerative Work Outside Public Service Radiology

707 views • 35 slides

More recommend