X.509 certificates are used in TLS connections to verify the identity of clients and servers. To this end, clients and servers have to check whether a certificate is valid and correctly signed. This makes X.509 certificates an important target for further testing. As for TLS, we already built a framework for combinatorial testing of X.509 certificates, called X.509 Anvil. Your task will be to extend this framework. A possible direction:
More Extension Support. Currently supported extensions are: KeyUsage, BasicConstraints, SubjectKeyIdentifier, and AuthorityKeyIdentifier. These are implemented in X.509 Attacker and have existing tests in our X.509 Anvil. Your task is it to implement more extensions in X.509 Attacker and create test cases for them in our framework (based on MUST statements from the RFC). Interesting extensions for this would, for example, be the ExtendedKeyUsage and the SubjectAlternativeNames. Afterwards, TLS client / server implementations should be tested for their (in)correct handling of the test cases.
What to bring:
- Programming Knowledge (Java)
- Interest in TLS/X.509
- Willingness to get used to Java Frameworks
What to gain:
- TLS-Anvil has been published on a Tier 1 conference for IT security and is part of an industry collaboration so you will be working on current research topics with a real world impact
