Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints

Riccardo Germenia; Riccardo Germenia; Salvatore Manfredi; Matteo Rizzi; Matteo Rizzi; Giada Sciarretta; Alessandro Tomasi; Silvio Ranise; Silvio Ranise

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints

Topics: Network Security; Security and Privacy Policies; Security Protocols; Security Verification and Validation; Web Security and Privacy

In Proceedings of the 21st International Conference on Security and Cryptography SECRYPT - Volume 1, 450-458, 2024 , Dijon, France

Authors: Riccardo Germenia ^{1

;

2} ; Salvatore Manfredi ² ; Matteo Rizzi ^{1

;

2} ; Giada Sciarretta ² ; Alessandro Tomasi ² and Silvio Ranise ^{2

;

3}

Affiliations: ¹ Department of Information Engineering and Computer Science, University of Trento, Via Sommarive 9, Trento, Italy ; ² Center for Cybersecurity, Fondazione Bruno Kessler, Via Sommarive 18, Trento, Italy ; ³ Department of Mathematics, University of Trento, Via Sommarive 14, Trento, Italy

Keyword(s): Compliance Analysis, National Guidelines, Auditable Dataset, TLS Deployments.

Abstract: System administrators tasked with configuring TLS servers must make numerous decisions - e.g., selecting the appropriate ciphers, signature algorithms, and TLS extensions - and it may not be obvious, even to security experts, which decisions may expose them to attacks. To address this issue, raise awareness, and establish a security threshold, numerous cybersecurity agencies around the world issue technical guidelines for the use and configuration of TLS. In this paper we carry out an assessment of the TLS security posture of European and US based endpoints in relation to their respective national cybersecurity guidelines. Our results show that a surprisingly high amount of the analyzed websites have a low compliance level when compared to their respective national guideline. We attempt to identify potential causes by presenting a series of observations that may underlie the lack of compliance. The analysis is conducted by employing a TLS analyzer we developed to automate the complia nce analysis and the application of the suggested changes, assisting system administrators during this important yet complex task. Our tool and the dataset containing the machine-readable requirements for automating conformity assessment are publicly available, thus making the process auditable and the assets extensible. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.223.239.250

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Germenia, R.; Manfredi, S.; Rizzi, M.; Sciarretta, G.; Tomasi, A. and Ranise, S. (2024). Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints. In Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-709-2; ISSN 2184-7711, SciTePress, pages 450-458. DOI: 10.5220/0012764700003767

@conference{secrypt24,
author={Riccardo Germenia. and Salvatore Manfredi. and Matteo Rizzi. and Giada Sciarretta. and Alessandro Tomasi. and Silvio Ranise.},
title={Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT},
year={2024},
pages={450-458},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012764700003767},
isbn={978-989-758-709-2},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT
TI - Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints
SN - 978-989-758-709-2
IS - 2184-7711
AU - Germenia, R.
AU - Manfredi, S.
AU - Rizzi, M.
AU - Sciarretta, G.
AU - Tomasi, A.
AU - Ranise, S.
PY - 2024
SP - 450
EP - 458
DO - 10.5220/0012764700003767
PB - SciTePress