- SBR: Stony Brook Binary Randomizer A fine-grained binary
code randomizer incorporating a variety of randomizations compatible with
x86_64 binaries on Linux.
- E*: A domain-specific language for APT detection and analysis. A source-code tarball is available.
- Lifting assembly to intermediate language: An architecture-neutral approach: There are two packages available, both representing novel approaches that reverse the logic implemented in code generators of modern compilers. This means that our approach can support all major architectures supported by these compilers without significant efforts for architecture-specific modeling.
- LISC: A learning-based approach for lifting assembly to architecture-neutral intermediate language (GCC RTL). It has been used to lift multiple instructions sets, including x86 and ARM with all their extensions.
- EISSEC: A symbolic-execution based approach for lifting assembly to architecture-neutral intermediate language (GCC RTL).
- PSI: Platform for Static binary Instrumentation. Based on (and supercedes) BinCFI, Control Flow Integrity for COTS Binaries.
Strong code integrity. Built over the foundation of coarse-grained
CFI provided by PSI. It can efend against all injected native code attacks,
regardless of their sophistication.
- Host Integrity protection. Provides systematic protection from stealthy/sophisticated malware without unduly impacting usability of benign software. Works by preventing untrusted code/data from ever influencing any security-critical application or data.
- Portable Integrity
Protection System (PIP). A userland integrity protection system that provides
strong protection from untrusted code/malware, while preserving usability of
integrity protection (SRFD). This system implements information-flow
based integrity protection within the kernel. A key benefit of this
implementation over userland implementation is that it supports dynamic
downgrading of process integrities, while avoiding the problem of
- Light-weight Bounds Checker. A fast technique for detecting bounds errors in C-programs that is 100% compatible with existing C-code.
- XSSFilt. Browser-resident XSS Filter to block reflected XSS attacks. Works with Firefox.
- jCSRF. Automatic CSRF protection for Web 2.0 applications
- VNetLab. A virtual network laboratory for carrying out security experiments.
- Comprehensive Address Space Randomizer. A source-to-source transformer for C programs that randomizes (a) the absolute locations of objects in memory, and (b) the relative distances between objects. It provides protection from a wide range of attacks that target buffer overflows and related memory errors.
- Address-obfuscated servers. An earlier version of the above project that randomizes only absolute addresses. It does not use any source code transformations.
- TaintPolicy. A source-code transformer that instruments C programs to enable efficient fine-grained (byte-level) dynamic taint tracking for attack detection based on taint-enhanced security policies.
- Memory Safe C Compiler. A tool for runtime detection of all memory errors in C programs with reasonable runtime overheads.
- Alcatraz. A tool for isolating execution of untrusted software.
- Etrace. An extensible system call interposition framework.
- RPMShield. A tool that safeguards a system during the installation of poorly designed or malicious packages. Intuitive, high-level policies are enforced on the package installation process in order to protect against actions that may compromise system security, or potentially interfere existing packages.