Skip to content

A dataset containing TLS requirements to assess a webserver's compliance with national cybersecurity agencies

License

Notifications You must be signed in to change notification settings

stfbk/tls-compliance-dataset

Repository files navigation

TLS Compliance Dataset

License: CC BY 4.0

The content of this repository is the result of the gathering, translation, standardization and structuring of a set of technical requirements extracted from five cybersecurity agencies' guidelines.

The examined guidelines are:

The result of this process is a dataset that can be audited, inspected and peer reviewed.

Glossary

  • Configurable element - each element whose availability can be set by the system administrator (e.g., specific protocol versions);
  • Guideline - a document issued by a national cybersecurity agency that contains technical requirement for various configurable elements;
  • Level - the requirement level that every guideline assigns to each configurable element;
  • Profile - a use case defined by a guideline (e.g., customer-facing and government-facing service);
  • Variant - subset of elements that can have alternative configurations levels (e.g., prioritization of ephemeral keys use);
  • Condition - an additional requirement that restricts the use of a configurable element (e.g., "use element up to year 2030").

Dataset Structure

The dataset is composed of multiple .md files that are used to store different sets of configurable elements. Each file contains a table with the following structure:

Configurable Element (Guideline1, Profile1) (Guideline1, Profile1) ... (Guidelinen, Profilen) (Guidelinen, Profilen)
Element1 Level1,1 Condition1,1 ... Level1,n Condition1,n
Element2 Level2,1 Condition2,1 ... Level2,n Condition2,n
... ... ... ... ... ...
Elementn Leveln,1 Conditionn,1 ... Leveln,n Conditionn,n

Additional Information

For additional information on how to add a new guideline or a new table to the dataset, please refer to the Standard Compliance Module.

Configurable Elements

Each file lists the requirements level of

Reproducibility

To enable reproducibility of the dataset, the repository also contains a set of scripts that can be used to generate a SQLite database that maps the dataset.

  • schema_creator.py: reads the dataset and by using Prisma Client Python creates an empty SQLite database with the tables needed to store the dataset. The database will be stored in a file called requirements.db (in the root directory of the repository);
  • database_filler.py: reads the dataset and fills all the tables of requirements.db with the data contained in the dataset.

How to contribute

Please refer to the Wiki page.

Related Projects

This dataset is the result of a study aimed to design a methodology to assess the compliance level of new and existing webservers. More detail about the methodology and the process behind its creation can be found in the paper Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints:

@conference{secrypt24,
	author={Riccardo Germenia. and Salvatore Manfredi. and Matteo Rizzi. and Giada Sciarretta. and Alessandro Tomasi. and Silvio Ranise.},
	title={Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints},
	booktitle={Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT},
	year={2024},
	pages={450-458},
	publisher={SciTePress},
	organization={INSTICC},
	doi={10.5220/0012764700003767},
	isbn={978-989-758-709-2},
	issn={2184-7711},
}

The content of this dataset is an integral part of TLSAssistant, an open-source modular framework capable of identifying a wide range of TLS vulnerabilities and assessing compliance with multiple guidelines. Its actionable report can assist the user in correctly and easily fixing their configurations.