Skip to content

A tool/framework for analyzing hostname verification in SSL/TLS implementations using automata learning

License

Notifications You must be signed in to change notification settings

HVLearn/HVLearn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

HVLearn

HVLearn is an open-source tool/framework for analyzing hostname verification in SSL/TLS implementations using automata learning. It is good for finding bugs, vulnerabilities and RFC discrepancies in implementations. The core of this project is written in Java and mainly implemented with LearnLib project. Some parts of the code are written in C, particularly for generating certificate template.

Given a specific pattern of certificate identifier (e.g., common name and subject alternative name fields), HVLearn uses automata learning algorithms to infer a Deterministic Finite Automaton (DFA) that describes the set of all hostnames that match the given certificate identifier. The output inferred DFA can be compared to DFAs from different implementations to find discrepancies or performed an equivalence test against a DFA which is derived from any regular expression as an expected rule.

For more detail about algorithm and evaluation, see our paper:
HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations [PDF]
Suphannee Sivakorn, George Argyros, Kexin Pei, Angelos D. Keromytis and Suman Jana

Want to try? Please refer to our Wiki page for setting up instruction and framework implementation. Look for certificate templates we have used in testing, they are in our CERT_TEMPLATES directory.

HVLearn is developed at Columbia University, New York, NY, USA in 2016-2017.

Useful Resources

Developers/Maintainers

HVLearn is developed and maintained by (alphabetically):

Bugs

Found a bug? Please open a new issue!

Copyright and License

All code and documentation copyright the HVLearn Authors and Network Security Lab at Columbia University, New York, NY, USA. Code released under MIT License and document released under Creative Commons.

About

A tool/framework for analyzing hostname verification in SSL/TLS implementations using automata learning

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published