Planning-Based Security Testing of the SSL/TLS Protocol

Josip Bozic, Kristoffer Kleine, Dimitris E. Simos, Franz Wotawa

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


With a growing amount of transferred data in an
interconnected world, the insurance of a secure communication
between two peers becomes a critical task in the software
industry. A leak of critical data can cause tremendous costs
in a financial, social but also political manner. For this sake,
cryptographic protocols are implemented and regulate the data
transfer, thus ensuring the safety of transferred data between
two peers. The widespread security protocol SSL/TLS provides
the mechanisms for this request, however, not without drawbacks
since several security leaks have been identified up to now. Since
vulnerabilities act as a starting point for a potential malicious
action, the identification of such leaks is of highest priority.
In this paper a novel testing approach is presented, which
adapts planning for security testing of cryptographic protocols.
The whole approach is implemented in one testing framework.
Its purpose is to automatically test for known vulnerabilities
in protocol implementations but to trigger other unintended
behavior as well so eventually new security flaws can be identified.
Additionally, the planning specification can be extended further
so new testing possibilities can be generated. New test cases can
be generated dynamically according to changing conditions.
Original languageEnglish
Title of host publicationIEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)
Publication statusPublished - 2017


Dive into the research topics of 'Planning-Based Security Testing of the SSL/TLS Protocol'. Together they form a unique fingerprint.

Cite this