TLS is completely broken in many applications

A number of papers have analyzed vulnerabilities in applications that use TLS libraries. Applications frequently do not properly validate the server’s certificate or configure TLS properly.

The root cause of most of these vulnerabilities is the terrible design of the APIs to the underlying SSL libraries.

The most dangerous code in the world: validating SSL certificates in non-browser software. Martin Georgiev et al., 2012 ACM CCS

Simple TLS + Policy

Secure Socket API
simple developer usability for TLS and administrator control over how TLS is configured on their machines.

TrustBase
simple certificate validation and administrators control over how certificates are validated on their machines.

Patch Broken Systems

TrustBase transparently enforces correct certificate validation and applies system policy for all applications. The Secure Socket API, and its associated system policy, can be enforced on applications that dynamically load a security library such as OpenSSL.

Sponsors

This project is supported by the National Science Foundation under Grant No. 1528022, by the Department of Homeland Security Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD) under contract number HHSP233201600046C, and by Sandia National Laboratories, a multimission laboratory managed and operated by National Technology and Engineering Solutions of Sandia, LLC., a wholly owned subsidiary of Honeywell International, Inc., for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-NA-0003525.

Any opinions, findings, and conclusions or recommendations expressed in this work are those of the author(s) and do not necessarily reflect the views of the sponsors.