{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:17:30Z","timestamp":1750220250515,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":19,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,4,14]],"date-time":"2022-04-14T00:00:00Z","timestamp":1649894400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,4,14]]},"DOI":"10.1145\/3508398.3511505","type":"proceedings-article","created":{"date-parts":[[2022,4,16]],"date-time":"2022-04-16T04:13:31Z","timestamp":1650082411000},"page":"119-124","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["A Modular and Extensible Framework for Securing TLS"],"prefix":"10.1145","author":[{"given":"Matteo","family":"Rizzi","sequence":"first","affiliation":[{"name":"Fondazione Bruno Kessler &amp; University of Trento, Trento, Italy"}]},{"given":"Salvatore","family":"Manfredi","sequence":"additional","affiliation":[{"name":"Fondazione Bruno Kessler &amp; University of Genoa, Trento, Italy"}]},{"given":"Giada","family":"Sciarretta","sequence":"additional","affiliation":[{"name":"Fondazione Bruno Kessler, Trento, Italy"}]},{"given":"Silvio","family":"Ranise","sequence":"additional","affiliation":[{"name":"Fondazione Bruno Kessler &amp; University of Trento, Trento, Italy"}]}],"member":"320","published-online":{"date-parts":[[2022,4,15]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"IKE and SSH. In 23rd Annual Network and Distributed System Security Symposium, NDSS. https:\/\/doi.org\/10","author":"Bhargavan Karthikeyan","year":"2016","unstructured":", Karthikeyan Bhargavan and Ga\u00eb tan Leurent . 2016 . Transcript Collision Attacks: Breaking Authentication in TLS , IKE and SSH. In 23rd Annual Network and Distributed System Security Symposium, NDSS. https:\/\/doi.org\/10 .14722\/ndss.2016.23418 10.14722\/ndss.2016.23418 , Karthikeyan Bhargavan and Ga\u00eb tan Leurent. 2016. Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH. In 23rd Annual Network and Distributed System Security Symposium, NDSS. https:\/\/doi.org\/10.14722\/ndss.2016.23418"},{"key":"e_1_3_2_2_2_1","volume-title":"ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Brinkmann Marcus","year":"2021","unstructured":"Marcus Brinkmann , Christian Dresen , Robert Merget , Damian Poddebniak , Jens M\u00fcller , Juraj Somorovsky , J\u00f6rg Schwenk , and Sebastian Schinzel . 2021 . ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication. In 30th USENIX Security Symposium (USENIX Security 21) . USENIX Association, 4293--4310. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/brinkmann Marcus Brinkmann, Christian Dresen, Robert Merget, Damian Poddebniak, Jens M\u00fcller, Juraj Somorovsky, J\u00f6rg Schwenk, and Sebastian Schinzel. 2021. ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 4293--4310. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/brinkmann"},{"key":"e_1_3_2_2_3_1","unstructured":"Datanyze. 2021. OpenSSL Market Share and Competitor Report https:\/\/www.datanyze.com\/market-share\/other-it-infrastructure-software .  Datanyze. 2021. OpenSSL Market Share and Competitor Report https:\/\/www.datanyze.com\/market-share\/other-it-infrastructure-software ."},{"key":"e_1_3_2_2_4_1","unstructured":"Anthony Desnos. 2020. Github: androguard https:\/\/github.com\/androguard\/androguard .  Anthony Desnos. 2020. Github: androguard https:\/\/github.com\/androguard\/androguard ."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"e_1_3_2_2_6_1","unstructured":"Google. 2021. HSTS List https:\/\/www.chromium.org\/hsts .  Google. 2021. HSTS List https:\/\/www.chromium.org\/hsts ."},{"volume-title":"HTTP Strict Transport Security (HSTS) http:\/\/www.rfc-editor","author":"Hodges Jeff","key":"e_1_3_2_2_7_1","unstructured":"Jeff Hodges , Collin Jackson , and Adam Barth . 2012. HTTP Strict Transport Security (HSTS) http:\/\/www.rfc-editor .org\/rfc\/rfc6797.txt . Internet Requests for Comments . Jeff Hodges, Collin Jackson, and Adam Barth. 2012. HTTP Strict Transport Security (HSTS) http:\/\/www.rfc-editor.org\/rfc\/rfc6797.txt . Internet Requests for Comments."},{"key":"e_1_3_2_2_8_1","unstructured":"Hubert Kario. 2021. SSL and TLS protocol test suite and fuzzer: tlsfuzzer https:\/\/github.com\/tlsfuzzer\/tlsfuzzer .  Hubert Kario. 2021. SSL and TLS protocol test suite and fuzzer: tlsfuzzer https:\/\/github.com\/tlsfuzzer\/tlsfuzzer ."},{"key":"e_1_3_2_2_9_1","volume-title":"Do Security Reports Meet Usability? -- Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations. https:\/\/doi.org\/10","author":"Manfredi Salvatore","year":"2021","unstructured":"Salvatore Manfredi , Mariano Ceccato , Silvio Ranise , and Giada Sciarretta . 2021 a . Do Security Reports Meet Usability? -- Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations. https:\/\/doi.org\/10 .1145\/3465481.3469187 10.1145\/3465481.3469187 Salvatore Manfredi, Mariano Ceccato, Silvio Ranise, and Giada Sciarretta. 2021 a. Do Security Reports Meet Usability? -- Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations. https:\/\/doi.org\/10.1145\/3465481.3469187"},{"volume-title":"Cyber-Physical Security for Critical Infrastructures Protection","author":"Manfredi Salvatore","key":"e_1_3_2_2_10_1","unstructured":"Salvatore Manfredi , Silvio Ranise , Giada Sciarretta , and Alessandro Tomasi . 2021 b. TLSAssistant Goes FINSEC - A Security Platform Integration Extending Threat Intelligence Language . In Cyber-Physical Security for Critical Infrastructures Protection . Springer International Publishing , Cham , 16--30. https:\/\/doi.org\/10.1007\/978--3-030--69781--5_2 10.1007\/978--3-030--69781--5_2 Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, and Alessandro Tomasi. 2021 b. TLSAssistant Goes FINSEC - A Security Platform Integration Extending Threat Intelligence Language. In Cyber-Physical Security for Critical Infrastructures Protection. Springer International Publishing, Cham, 16--30. https:\/\/doi.org\/10.1007\/978--3-030--69781--5_2"},{"key":"e_1_3_2_2_11_1","unstructured":"Bodo M\u00f6 ller Thai Duong and Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting The SSL 3.0 Fallback http:\/\/www.bmoeller.de\/pdf\/ssl-poodle.pdf .  Bodo M\u00f6 ller Thai Duong and Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting The SSL 3.0 Fallback http:\/\/www.bmoeller.de\/pdf\/ssl-poodle.pdf ."},{"key":"e_1_3_2_2_12_1","unstructured":"Mozilla. 2019. HSTS List https:\/\/wiki.mozilla.org\/SecurityEngineering\/HTTP_Strict_Transport_Security_%28HSTS%29_Preload_List .  Mozilla. 2019. HSTS List https:\/\/wiki.mozilla.org\/SecurityEngineering\/HTTP_Strict_Transport_Security_%28HSTS%29_Preload_List ."},{"key":"e_1_3_2_2_13_1","unstructured":"Mozilla Security. 2020. Server Side TLS https:\/\/wiki.mozilla.org\/index.php?title=Security\/Server_Side_TLS .  Mozilla Security. 2020. Server Side TLS https:\/\/wiki.mozilla.org\/index.php?title=Security\/Server_Side_TLS ."},{"key":"e_1_3_2_2_14_1","unstructured":"A structured language for cyber threat intelligence . https:\/\/oasis-open.github.io\/cti-documentation\/stix\/intro .  A structured language for cyber threat intelligence . https:\/\/oasis-open.github.io\/cti-documentation\/stix\/intro ."},{"key":"e_1_3_2_2_15_1","unstructured":"OpenSSL. 2021. Changelog https:\/\/www.openssl.org\/news\/changelog.html .  OpenSSL. 2021. Changelog https:\/\/www.openssl.org\/news\/changelog.html ."},{"key":"e_1_3_2_2_16_1","unstructured":"Bruce Schneier. 1999. Attack Trees. https:\/\/www.schneier.com\/academic\/archives\/1999\/12\/attack_trees.html .  Bruce Schneier. 1999. Attack Trees. https:\/\/www.schneier.com\/academic\/archives\/1999\/12\/attack_trees.html ."},{"key":"e_1_3_2_2_17_1","unstructured":"Security and Trust Research Unit. 2022. TLSAssistant. https:\/\/github.com\/stfbk\/tlsassistant .  Security and Trust Research Unit. 2022. TLSAssistant. https:\/\/github.com\/stfbk\/tlsassistant ."},{"volume-title":"Github: Secure, Unified, Powerful and Extensible Rust Android Analyzer. https:\/\/github.com\/SUPERAndroidAnalyzer\/super .","year":"2018","key":"e_1_3_2_2_18_1","unstructured":", SUPERAndroidAnalyzer. 2018 . Github: Secure, Unified, Powerful and Extensible Rust Android Analyzer. https:\/\/github.com\/SUPERAndroidAnalyzer\/super . , SUPERAndroidAnalyzer. 2018. Github: Secure, Unified, Powerful and Extensible Rust Android Analyzer. https:\/\/github.com\/SUPERAndroidAnalyzer\/super ."},{"key":"e_1_3_2_2_19_1","unstructured":"Dirk Wetter. 2021. \/bin\/bash based SSL\/TLS tester: testssl.sh https:\/\/testssl.sh .  Dirk Wetter. 2021. \/bin\/bash based SSL\/TLS tester: testssl.sh https:\/\/testssl.sh ."}],"event":{"name":"CODASPY '22: Twelveth ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Baltimore MD USA","acronym":"CODASPY '22"},"container-title":["Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3508398.3511505","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3508398.3511505","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:39Z","timestamp":1750188639000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3508398.3511505"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,14]]},"references-count":19,"alternative-id":["10.1145\/3508398.3511505","10.1145\/3508398"],"URL":"https:\/\/doi.org\/10.1145\/3508398.3511505","relation":{},"subject":[],"published":{"date-parts":[[2022,4,14]]},"assertion":[{"value":"2022-04-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}