Security & Trust

Automating Compliance for Improving TLS Security Postures

An Assessment of Public Administration Endpoints

This page contains complementary material related to the following paper:
  • Title: Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints
  • Authors: Riccardo Germenia, Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta, Alessandro Tomasi, Silvio Ranise
  • DOI: 10.5220/0012764700003767
  • Acceptance News: Link

Abstract

System administrators tasked with configuring TLS servers must make numerous decisions - e.g., selecting the appropriate ciphers, signature algorithms, and TLS extensions - and it may not be obvious, even to security experts, which decisions may expose to attacks. To address this issue, raise awareness, and establish a security threshold, numerous cybersecurity agencies around the world issue technical guidelines for the use and configuration of TLS. In this paper we carry out an assessment of the TLS security posture of European and US based endpoints in relation to their respective national cybersecurity guidelines. Our results show that compliance levels are insufficient, as only a fraction of these recommendations are successfully implemented. We attempt to identify potential causes by presenting a series of observations that may underlie the lack of compliance. The analysis is conducted by employing a TLS analyzer we developed to automate the compliance analysis and the application of the suggested changes, assisting system administrators during this important yet complex task. Our tool and the dataset containing the machine-readable requirements for automating conformity assessment are publicly available, thus making the process auditable and the assets extensible.

Complementary Material

Dataset: The auditable dataset of technical requirements extracted from national security guidelines, is available here.

Replication package: All experimental material is available here.

Involved People

Riccardo Germenia

Riccardo Germenia

Salvatore Manfredi

Salvatore Manfredi

Silvio Ranise

Silvio Ranise

Matteo Rizzi

Matteo Rizzi

Giada Sciarretta

Giada Sciarretta

Alessandro Tomasi

Alessandro Tomasi