Security & Trust

Lost in TLS? No more!

Transport Layer Security (TLS) is a suite of cryptographic protocols designed to provide confidentiality, integrity and authentication to the parties communicating via an unsecure channel. With four existing versions and a wide set of customizable elements (e.g., available cipher suites, extensions, certificates), its deployment requires a non-trivial amount of technical knowledge whose lack results in a time-consuming task.

Our focus: help administrators in deploying secure TLS instances.

Related Tools

Related Publications

  • Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
    Demo: TLSAssistant v2 - A Modular and Extensible Framework for Securing TLS
    In: Proceedings of the 27th ACM Symposium on Access Control Models and Technologies (SACMAT 2022) (DOI, news)
  • Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
    Empirical Validation on the Usability of Security Reports for Patching TLS Misconfigurations: User- and Case-Studies on Actionable Mitigations
    In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (DOI)
  • Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
    A Modular and Extensible Framework for Securing TLS
    In: Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy (CODASPY 2022) (DOI, news)
  • Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
    Do Security Reports Meet Usability? - Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations
    In: The 16th International Conference on Availability, Reliability and Security (ARES 2021) (ETACS 2021) (DOI, complementary material, news)
  • Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi
    TLSAssistant goes FINSEC: A Security Platform Integration Extending Threat Intelligence Language
    In: 1st International Workshop on Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP 2020)
  • Salvatore Manfredi, Silvio Ranise, Giada Sciarretta
    Lost in TLS? No More! Assisted Deployment of Secure TLS Configurations
    In: Proceedings of the 33rd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2019), vol. 11559, pp. 201-220 (DOI, news)

Related Theses

  • Riccardo Germenia (Bachelor's Thesis, University of Trento, 2023)
    A Module to Evaluate the Security Compliance of TLS Deployments: Design and Implementation of a Mechanized Methodology
    Supervisors: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi
  • Salvatore Manfredi (PhD Thesis, University of Genoa, 2023)
    Automated Assistance for Actionable Security: Security and Compliance of TLS Configurations (link)
    Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
  • Federico Cucino (Bachelor's Thesis, University of Trento, 2022)
    Miglioramento delle capacità di analisi di TLSAssistant - Automatizzazione delle mitigazioni per NGINX
    Supervisors: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Giada Sciarretta
  • Ivan Valentini (Bachelor's Thesis, University of Trento, 2022)
    Estensione delle capacità di analisi di TLSAssistant - Rilevazione e mitigazione di ALPACA, POODLE e Raccoon
    Supervisors: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Giada Sciarretta
  • Matteo Rizzi (Bachelor's Thesis, University of Trento, 2021)
    TLS Analyzers for Android Apps: State-of-the-art Analysis and Integration in TLSAssistant
    Supervisors: Silvio Ranise | Co-supervisors: Giada Sciarretta, Salvatore Manfredi
    Awards: 3rd place at thesis award "Innovare la sicurezza delle informazioni 2021", sponsored by CLUSIT
  • Salvatore Manfredi (Master's Thesis, University of Trento, 2019)
    Assisting users in securing TLS configurations
    Supervisors: Silvio Ranise | Co-supervisor: Giada Sciarretta