Note
Includes bibliography.
Member of
Contributors
Publisher
Florida Atlantic University
Date Issued
2017
EDTF Date Created
2017
Description
The SSL/TLS is the main protocol used to provide secure data connection between a
client and a server. The main concern of using this protocol is to avoid the secure
connection from being breached. Computer systems and their applications are becoming
more complex and keeping these secure connections between all the connected components
is a challenge.
To avoid any new security flaws and protocol connections weaknesses, the SSL/TLS
protocol is always releasing newer versions after discovering security bugs and
vulnerabilities in any of its previous version. We have described some of the common
security flaws in the SSL/TLS protocol by identifying them in the literature and then by
analyzing the activities from each of their use cases to find any possible threats. These
threats are realized in the form of misuse cases to understand how an attack happens from
the point of the attacker. This approach implies the development of some security patterns
which will be added as a reference for designing secure systems using the SSL/TLS protocol. We finally evaluate its security level by using misuse patterns and considering
the threat coverage of the models.
client and a server. The main concern of using this protocol is to avoid the secure
connection from being breached. Computer systems and their applications are becoming
more complex and keeping these secure connections between all the connected components
is a challenge.
To avoid any new security flaws and protocol connections weaknesses, the SSL/TLS
protocol is always releasing newer versions after discovering security bugs and
vulnerabilities in any of its previous version. We have described some of the common
security flaws in the SSL/TLS protocol by identifying them in the literature and then by
analyzing the activities from each of their use cases to find any possible threats. These
threats are realized in the form of misuse cases to understand how an attack happens from
the point of the attacker. This approach implies the development of some security patterns
which will be added as a reference for designing secure systems using the SSL/TLS protocol. We finally evaluate its security level by using misuse patterns and considering
the threat coverage of the models.
Language
Type
Form
Extent
90 p.
Subject (Topical)
Identifier
FA00004873
Additional Information
Includes bibliography.
Dissertation (Ph.D.)--Florida Atlantic University, 2017.
FAU Electronic Theses and Dissertations Collection
Date Backup
2017
Date Created Backup
2017
Date Text
2017
Date Created (EDTF)
2017
Date Issued (EDTF)
2017
Extension
FAU
IID
FA00004873
Organizations
Attributed name: Florida Atlantic University
Attributed name: College of Engineering and Computer Science
Person Preferred Name
Alkazimi, Ali
author
Graduate College
Physical Description
application/pdf
90 p.
Title Plain
Misuse Patterns for the SSL/TLS Protocol
Use and Reproduction
Copyright © is held by the author, with permission granted to Florida Atlantic University to digitize, archive and distribute this item for non-profit research and educational purposes. Any reuse of this item in excess of fair use or other copyright exemptions requires permission of the copyright holder.
http://rightsstatements.org/vocab/InC/1.0/
Origin Information
2017
2017
Florida Atlantic University
Boca Raton, Fla.
Physical Location
Florida Atlantic University Libraries
Place
Boca Raton, Fla.
Sub Location
Digital Library
Title
Misuse Patterns for the SSL/TLS Protocol
Other Title Info
Misuse Patterns for the SSL/TLS Protocol