Comprehensive Address Space Randomizer
(Project Homepage)
|
A source-to-source transformer for C programs that
randomizes (a) the absolute locations of objects in
memory, and (b) the relative distances between
objects. It provides protection from a wide range of
attacks that target buffer overflows and related memory
errors.
|
Address-obfuscated servers
(Project Homepage)
|
An earlier version of the above project that randomizes
only absolute addresses. It does not use any source code
transformations.
|
Memory Safe C Compiler
(Project Homepage)
|
A tool for runtime detection of all memory
errors in C programs with reasonable runtime
overheads.
|
Alcatraz
(Project Homepage)
|
A tool for isolated execution of untrusted
software. Alcatraz is ideal for:
-
Running untrusted code (e.g., downloaded/mobile code)
without worrying about damages to your system
-
Trying out new (versions of) software before installing
them on your system
|
Tracer
(Project Hompage)
|
An extensible system call interposition framework.
|
RPMShield
(Project Homepage)
|
A tool that safeguards a system during the installation of
poorly designed or malicious packages. Intuitive,
high-level policies are enforced on the package
installation process in order to protect against actions
that may compromise system security, or potentially
interfere existing packages.
|
