A Large-Scale Analysis of How OpenSSL Is Used in Open-Source Software

Author

Scott Jared Heidbrink, Brigham Young UniversityFollow

Abstract

As vulnerabilities become more common the security of applications are coming under increased scrutiny. In regards to Internet security, recent work discovers that many vulnerabilities are caused by TLS library misuse. This misuse is attributed to large and confusing APIs and developer misunderstanding of security generally. Due to these problems there is a desire for simplified TLS libraries and security handling. However, as of yet there is no analysis of how the existing APIs are used, beyond how incorrect usage motivates the need to replace them. We provide an analysis of contemporary usage of OpenSSL across 410 popular secure applications. These insights will inform the security community as it addresses TLS library redesign.

Degree

MS

College and Department

Physical and Mathematical Sciences; Computer Science

Rights

http://lib.byu.edu/about/copyright/

BYU ScholarsArchive Citation

Heidbrink, Scott Jared, "A Large-Scale Analysis of How OpenSSL Is Used in Open-Source Software" (2018). Theses and Dissertations. 6716.
https://scholarsarchive.byu.edu/etd/6716

Date Submitted

2018-03-01

Document Type

Thesis

Handle

http://hdl.lib.byu.edu/1877/etd9743

Keywords

TLS, SSL, API, source code analysis, static code analysis

Language

english