Secure Systems Lab -- Software

Software Downloads

eAudit system for light-weight, portable and performant provenance data collection system for Linux, based on the eBPF framework.
SAFER: Safe and Efficient Binary Instrumentation A Binary instrumentation system for x86-64 binaries that combines low overheads with safe handling of analysis and instrumentation errors.
SBR: Stony Brook Binary Randomizer A fine-grained binary code randomizer incorporating a variety of randomizations compatible with x86_64 binaries on Linux.
E*: A domain-specific language for APT detection and analysis. A source-code tarball is available.
Lifting assembly to intermediate language: An architecture-neutral approach: There are two packages available, both representing novel approaches that reverse the logic implemented in code generators of modern compilers. This means that our approach can support all major architectures supported by these compilers without significant efforts for architecture-specific modeling.
- LISC: A learning-based approach for lifting assembly to architecture-neutral intermediate language (GCC RTL). It has been used to lift multiple instructions sets, including x86 and ARM with all their extensions.
- EISSEC: A symbolic-execution based approach for lifting assembly to architecture-neutral intermediate language (GCC RTL).
PSI: Platform for Static binary Instrumentation. Based on (and supercedes) BinCFI, Control Flow Integrity for COTS Binaries.
- CFCI: Strong code integrity. Built over the foundation of coarse-grained CFI provided by PSI. It can efend against all injected native code attacks, regardless of their sophistication.
Host Integrity protection. Provides systematic protection from stealthy/sophisticated malware without unduly impacting usability of benign software. Works by preventing untrusted code/data from ever influencing any security-critical application or data.
- Portable Integrity Protection System (PIP). A userland integrity protection system that provides strong protection from untrusted code/malware, while preserving usability of benign software.
- Kernel-based integrity protection (SRFD). This system implements information-flow based integrity protection within the kernel. A key benefit of this implementation over userland implementation is that it supports dynamic downgrading of process integrities, while avoiding the problem of self-revocation.
JaTE: Transparent and Efficient policy enforcement for full JavaScript.
Light-weight Bounds Checker. A fast technique for detecting bounds errors in C-programs that is 100% compatible with existing C-code.
XSSFilt. Browser-resident XSS Filter to block reflected XSS attacks. Works with Firefox.
jCSRF. Automatic CSRF protection for Web 2.0 applications
VNetLab. A virtual network laboratory for carrying out security experiments.
Comprehensive Address Space Randomizer. A source-to-source transformer for C programs that randomizes (a) the absolute locations of objects in memory, and (b) the relative distances between objects. It provides protection from a wide range of attacks that target buffer overflows and related memory errors.
Address-obfuscated servers. An earlier version of the above project that randomizes only absolute addresses. It does not use any source code transformations.
TaintPolicy. A source-code transformer that instruments C programs to enable efficient fine-grained (byte-level) dynamic taint tracking for attack detection based on taint-enhanced security policies.
Memory Safe C Compiler. A tool for runtime detection of all memory errors in C programs with reasonable runtime overheads.
Alcatraz. A tool for isolating execution of untrusted software.
Etrace. An extensible system call interposition framework.
RPMShield. A tool that safeguards a system during the installation of poorly designed or malicious packages. Intuitive, high-level policies are enforced on the package installation process in order to protect against actions that may compromise system security, or potentially interfere existing packages.