Hammurabi is a research project focused on improving certificate validation in the Web PKI.

News

• 2022-11-09: Hammurabi wins Best Paper Honorable Mention at CCS 2022.

About

In the Web PKI, TLS clients (browsers, mobile apps, etc.) verify the identity of a server by validating its X.509 certificate during the TLS handshake. Unfortunately, there is no single, authoritative set of rules that dictate whether a certificate is valid or not; rules are drawn from various RFCs and (for web browsers) the CA/Browser Forum Baseline Requirements. Furthermore, specialized clients like web browsers often have their own additional, bespoke validation rules.

To make matters worse, the high-level validation rules or policies that describe what constitutes a valid certificate are entangled with low-level validation mechanisms such as certificate parsing, verifying cryptographic signatures, and checking revocation.

This entanglement makes it hard to:

• understand the policy a client implements, and therefore which certificates it will accept
• compare different validation policies
• reuse complex validation policies in multiple clients, which may reduce validation bugs

With Hammurabi, certificate validation policies are expressed as high-level logic (Prolog) programs. Clients pass candidate certificates to the Hammurabi engine, which performs basic certificate checks (e.g., signature verification) before executing a validation policy over the certificate chain. Hammurabi returns the validation result to the client.

To demonstrate the feasibility of expressing validation policies in Hammurabi, we extracted the certificate validation rules found in both Google Chrome and Mozilla Firefox into Prolog programs. In the paper, we show that our translations produce the same result as the actual browsers for millions of certificates.

Hammurabi not only promotes validation policy analysis, comparison, and reuse, but can also be used to bridge the gap between standards and code: certificate validation standards and bespoke requirements can be codified into executable Hammurabi policies.

BibTeX Citation

@inproceedings{larisch2022hammurabi,
  title={{Hammurabi: A Framework for Pluggable, Logic-Based X.509 Certificate Validation Policies}},
  author={Larisch, James and Aqeel, Waqar and Lum, Michael and Goldschlag, Yaelle and Torshizi, Kasra and Kannan, Leah and Wang, Yujie and Chung, Taejoong and Levin, Dave and Maggs, Bruce M. and Mislove, Alan and Parno, Bryan and Wilson, Christo},
  booktitle={Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security},
  month={November},
  year={2022}
}

        

Authors

• James Larisch - Harvard University
• Waqar Aqeel - Duke University
• Michael Lum - University of Maryland
• Yaelle Goldschlag - University of Maryland
• Kasra Torshizi - University of Maryland
• Leah Kannan - University of Maryland
• Yujie Wang - University of Maryland
• Prof. Taejoong Chung - Virginia Tech
• Prof. Dave Levin - University of Maryland
• Prof. Bruce M. Maggs- Duke University and Emerald Innovations
• Prof. Alan Mislove - Northeastern University
• Prof. Bryan Parno - Carnegie Mellon University
• Prof. Christo Wilson - Northeastern University