This page contains a list of software tools created by the SIIS lab. Please contact siis@cse.psu.edu if you have any questions regarding these tools.

JLift

JLift is a static analysis tool for finding information-flow errors in Java programs. It is an extension of the Jif compiler to operate on Java programs. It is similar to CQual/JQual, except that it also detects implicit flows arising from conditionals and exceptions. It has been used to successfully catalogue information-flow errors in a number of server programs.

JLift is in a state of active development. Dave King is the maintainer of JLift. For more information see the JLift page.

JPmail

JPmail is a secure email client which uses the security-typed language Jif to get information-flow control guarantees. JPmail was developed in Jif and utilizes some tools we built to handle high-level security policy, cryptography, declassification and distributed policy. For more information, see the JPmail page. For downloads, see the JPmail downloads page.

Jifclipse

Jifclipse is an IDE for the security-typed language Jif built on the Eclipse extensible development platform. Jifclipse provides a Jif programmer with additional tools to view hidden information generated by a Jif compilation, to suggest fixes for errors, and to get more specific information behind an error message. For more information see the Jifclipse page.

Jif signature generator

The Jif language allows programmers to check that their programs are information-flow secure. This requires that every source and sink in the program be labeled, including library functions. Signatures are used to specify the security behavior of library functions. Generating these signatures by hand can be tedious. siggen automatically generates signature files based on what external classes and methods a Java or Jif program uses. For more information see the Jif signature generator page.

TARP

TARP, Ticket-based Address Resolution Protocol, adds security to address resolution in IP networks. TARP was designed to implement security at a minimal cost while maintaining interoperability with ARP.

For more information about TARP please refer to the following paper: http://www.acsac.org/2005/abstracts/184.html.

Download the current version of TARP.

bgpaddrmap

This is a tool to enable examining the hierarchy of address delegation in the Internet. Given a series of address blocks and the ASes originating their advertisement, bgpaddr can estimate the address delegation chain from IANA to the originator. A text report is generated, as well as a graph file in dot format suitable for rendering with graphviz.

Download the current version of bgpaddrmap.

View the documentation.

Download the latest IANA assignment for /8 blocks.

Download the latest ignore file, containing addresses and ASes that should not be processed by bgpaddrmap (e.g., private IP address space, IP and AS bogons, etc.)

Aquinas

Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service's privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. Aquinas protects a user's privacy from these risks by exploiting mutually oblivious, competing communication channels. It creates virtual channels over online services (e.g., Google's Gmail, Microsoft's Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, Aquinas creates a wired "spread-spectrum" mechanism for protecting the privacy of web-based communication.

Download the current version of Aquinas. You can even download the source code.

Alternatively, you can try Aquinas directly from our site.