The most dangerous code in the world: validating SSL certificates in non-browser software

doi:10.1145/2382196.2382204

The most dangerous code in the world: validating SSL certificates in non-browser software

Full Text:

PDF

Get this Article

Authors:	Martin Georgiev	The University of Texas at Austin, Austin, TX, USA
	Subodh Iyengar	Stanford University, Stanford, CA, USA
	Suman Jana	The University of Texas at Austin, Austin, TX, USA
	Rishita Anubhai	Stanford University, Stanford, CA, USA
	Dan Boneh	Stanford University, Stanford, CA, USA
	Vitaly Shmatikov	The University of Texas at Austin, Austin, TX, USA

	2012 Article
Bibliometrics
· Citation Count: 57 · Downloads (cumulative): 1,928 · Downloads (12 Months): 221 · Downloads (6 Weeks): 20

Published in:

	· Proceeding
	CCS '12 Proceedings of the 2012 ACM conference on Computer and communications security
	Pages 38-49 Raleigh, North Carolina, USA — October 16 - 18, 2012 ACM New York, NY, USA ©2012 table of contents ISBN: 978-1-4503-1651-4 doi>10.1145/2382196.2382204

Recent authors with related interests Concepts in this article

Concepts inThe most dangerous code in the world: validating SSL certificates in non-browser software

Public key certificate: In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an identity ¿ information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). more from Wikipedia
Transport Layer Security: Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. more from Wikipedia
GnuTLS: GnuTLS is a free software implementation of the SSL, TLS and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over their network transport layer, as well as interfaces to access X.509, PKCS #12, OpenPGP and other structures. more from Wikipedia
Java Secure Socket Extension: The Java Secure Socket Extension (JSSE) is a set of packages that enable secure Internet communications. It implements a Java technology version of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It includes functionality for data encryption, server authentication, message integrity, and optional client authentication. JSSE was an optional package for Java versions 1.2 and 1.3, but was integrated into 1.4. more from Wikipedia
Payment gateway: A payment gateway is an e-commerce application service provider service that authorizes payments for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. It is the equivalent of a physical point of sale terminal located in most retail outlets. more from Wikipedia
OpenSSL: OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available. Versions are available for most Unix-like operating systems, OpenVMS and Microsoft Windows. IBM provides a port for the System i (OS/400). OpenSSL is based on SSLeay by Eric A. more from Wikipedia
Apache Axis: Apache Axis is an open source, XML based Web service framework. It consists of a Java and a C++ implementation of the SOAP server, and various utilities and APIs for generating and deploying Web service applications. Using Apache Axis, developers can create interoperable, distributed computing applications. Axis is developed under the auspices of the Apache Software Foundation. more from Wikipedia

Tools and Resources

Buy this Article
Recommend the ACM DL
to your organization
Request Permissions
TOC Service:
- Email
- RSS
Save to Binder
Export Formats:
- BibTeX
- EndNote
- ACM Ref
Upcoming Conference:
- CCS '17

Author Tags