This page contains a list of software tools created by the SIIS lab. Please contact if you have any questions regarding these tools.


Dare is a tool which retargets Android applications running on the Dalvik Virtual Machine to traditional Java Virtual Machine .class files. These .class files can then be processed by existing Java tools, including decompilers. Thus, Android applications can be analyzed using a vast range of techniques developed for traditional Java applications. Dare replaces Ded as a retargeting tool: it is more accurate, more efficient, more powerful and can even handle cases where the input code is unverifiable.

Dare was awarded the Best Artifact Award at the 20th International Symposium on the Foundations of Software Engineering (FSE), recognizing its value as a significant and high-quality tool. For more information, you can read the paper "Retargeting Android Applications to Java Bytecode" by Octeau et al., published in the proceedings of the 20th International Symposium on the Foundations of Software Engineering (FSE). For downloads, see the Dare page.


Smartphone applications are frequently incompletely vetted, poorly isolated, and installed by users without restraint. Smartphone research frequently needs to understand how these applications behave. ded is a project which aims at decompiling Android applications. The ded tool retargets Android applications in .dex format to traditional .class files. These .class files can then be processed by existing Java tools, including decompilers. Thus, Android applications can be analyzed using a vast range of techniques developed for traditional Java applications.

For information regarding obtaining and using ded, please visit

Fortify SCA

As part of the ded project, we developed custom static analysis rules for the (now HP) Fortify Static Code Analyzer (SCA) tool. These rules test for a breadth of security vulnerabilities and dangerous functionality, as described in our USENIX Security paper. The specific rules are explained in more detail in our Technical Report. The final Fortify SCA ruleset used for this paper is available at the following link: fsca_rules-final.xml.


Kirin is a tool for lightweight certification of applications on the Android mobile phone platform. When a new application is installed, Kirin extracts security and configuration policy accompanying the package to infer potential runtime functionality. This functionality is compared against a criteria ruleset containing undesired functionality. If the application fails to meet the criteria, it is not installed. For more information on Kirin, see the paper by Enck et al., "On Lightweight Mobile Phone Application Certifiation," published in the proceedings of the 2009 ACM Conference on Computer and Communications Security (CCS).

Download the source code for Kirin.


JLift is a static analysis tool for finding information-flow errors in Java programs. It is an extension of the Jif compiler to operate on Java programs. It is similar to CQual/JQual, except that it also detects implicit flows arising from conditionals and exceptions. It has been used to successfully catalogue information-flow errors in a number of server programs.

JLift is in a state of active development. Dave King is the maintainer of JLift. For more information see the JLift page.


JPmail is a secure email client which uses the security-typed language Jif to get information-flow control guarantees. JPmail was developed in Jif and utilizes some tools we built to handle high-level security policy, cryptography, declassification and distributed policy. For more information, see the JPmail page. For downloads, see the JPmail downloads page.


Jifclipse is an IDE for the security-typed language Jif built on the Eclipse extensible development platform. Jifclipse provides a Jif programmer with additional tools to view hidden information generated by a Jif compilation, to suggest fixes for errors, and to get more specific information behind an error message. For more information see the Jifclipse page.

Jif signature generator

The Jif language allows programmers to check that their programs are information-flow secure. This requires that every source and sink in the program be labeled, including library functions. Signatures are used to specify the security behavior of library functions. Generating these signatures by hand can be tedious. siggen automatically generates signature files based on what external classes and methods a Java or Jif program uses. For more information see the Jif signature generator page.


TARP, Ticket-based Address Resolution Protocol, adds security to address resolution in IP networks. TARP was designed to implement security at a minimal cost while maintaining interoperability with ARP.

For more information about TARP please refer to the following paper:

Download the current version of TARP.


This is a tool to enable examining the hierarchy of address delegation in the Internet. Given a series of address blocks and the ASes originating their advertisement, bgpaddr can estimate the address delegation chain from IANA to the originator. A text report is generated, as well as a graph file in dot format suitable for rendering with graphviz.

Download the current version of bgpaddrmap.

View the documentation.

Download the latest IANA assignment for /8 blocks.

Download the latest ignore file, containing addresses and ASes that should not be processed by bgpaddrmap (e.g., private IP address space, IP and AS bogons, etc.)


Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service's privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. Aquinas protects a user's privacy from these risks by exploiting mutually oblivious, competing communication channels. It creates virtual channels over online services (e.g., Google's Gmail, Microsoft's Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, Aquinas creates a wired "spread-spectrum" mechanism for protecting the privacy of web-based communication.

Download the current version of Aquinas. You can even download the source code.

Alternatively, you can try Aquinas directly from our site.