Vetting SSL Usage in Applications with SSLINT

Vetting SSL Usage in Applications with SSLINT^[1]

作者：Boyuan He (Zhejiang University)

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols have become the security backbone of the Web and Internet today. Many systems including mobile and desktop applications are protected by SSL/TLS protocols against network attacks. However, many vulnerabilities caused by incorrect use of SSL/TLS APIs have been uncovered in recent years. Such vulnerabilities, many of which are caused due to poor API design and inexperience of application developers, often lead to confidential data leakage or man-in-the-middle attacks.

Finding such vulnerabilities statically is made challenging due to the data and control dependences interleaved in the API usage of different SSL libraries. Previous research, including [2], on finding SSL vulnerabilities in client-server applications, mostly relied on a black-box testing approach. Such an approach is not suitable for large-scale vulnerability detection, as it involves activities such as installation, configuration and testing, some of which involve a human-in-the-loop.

In this paper, to guarantee code quality and logic correctness of SSL/TLS applications, we design and implement SSLINT, a scalable, automated, static analysis system for detecting incorrect use of SSL/TLS APIs. The basic idea behind SSLINT is the use of graph mining for automated analysis. By representing both the CORRECT API USE and SSL/TLS applications as program dependence graphs (PDGs), SSLINT converts the problem of checking correct API use into a graph query problem. These representations allow for the correct use patterns to precisely capture temporal sequencing of API calls, data flows between arguments and returns of a procedure, data flows between various program objects, and path constraints. Using these representations we develop rich models of correct API usage patterns, which are subsequently used by a graph matching procedure for vulnerability detection.

SSLINT is capable of performing automatic logic verification with high efficiency and good accuracy. To demonstrate this, we apply SSLINT to one of the most popular Linux distributions – Ubuntu. We identified 27 previously unknown SSL/TLS vulnerabilities in 381 Ubuntu applications, most of which are also distributed with other Linux distributions. Examples of the vulnerabilities identified by SSLINT in Ubuntu 12.04 source list repository are:

1. Xfce4-Mailwatch-Plugin (mail client):it supports POP3S and IMAPS with broken SSL implementation, and accepts any SSL/TLS certificates and an MITM attack can lead to leakage of user credentials and emails as well as integrity violations for email messages.
2. Mailfilter (mail client): it supports POP3S with broken SSL implementation and is vulnerable to MITM attacks.
3. Exim (mail server/MTA): it supports SMTPS with broken SSL implementation and is vulnerable to MITM attacks.
4. Enhanced Programmable ircII client (EPIC) and Scrollz IRC Client – both are vulnerable to MITM attacks and may cause privacy leakage.

We reported our findings to developers of the software and received 14 confirmations, out of which, four have already fixed the vulnerability. For those we have not received a confirmation from, we perform a dynamic auditing to verify the found vulnerabilities, and the result shows that all of them are vulnerable to a MITM attack.

参考文献：

[1]  Boyuan He, Vaibhav Rastogi, Yinzhi Cao, Yan Chen, V. N. Venkatakrishnan, Runqing Yang, and Zhenrui Zhang. “Vetting SSL usage in applications with SSLint.” In Proceedings of IEEE Symposium on Security and Privacy, 2015.

[2] M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov, “The most dangerous code in the world: validating SSL certificates in non-browser software,” in Proceedings of the 2012 ACM conference on Computer and Communications Security.

作者简介：

Boyuan He is a PhD student in Zhejiang University, studying computer security. His research interests are in program analysis, vulnerability discovery and detection, and APT detection. His SSL API security validation research has been published on IEEE Symposium on Security and Privacy, 2015.