You are here



SAT-based Model-Checker for Security Protocols and Security-sensitive Applications

Web Site:

ASASP is a tool for the automated safety analysis of administrative access control policies in (extensions of) the Role-Based Access Control (RBAC) model.  The goal of the tool is to establish if untrusted users can get permissions to access sensitive resources.  ASASP is capable of performing an analysis that is parametric in the number of users, i.e. it certifies safety with respect to a finite but unknown number of users.  ASASP is also capable of taking into account attribute-based assignments of roles to users and temporal constraints on the RBAC policies.

Official web-site:


Content-based Information Protection and Release (CPR) is a tool for the analysis and enforcement of access control policies in NATO operations. 

The successful operation of NATO missions requires selective and secure sharing of information among coalition partners and external organizations, while avoiding the disclosure of sensitive information to untrusted users. To resolve the conflct between condentiality and availability, NATO is developing a new information sharing infrastructure, called Content-based Protection and Release.  CPR is the tool at the core of the NATO information infrastructure that takes in input an access control policy, performs some secuirty analysis checks (that range from answering certain authorization queries to checking if a certain security constraints is a consequence of the policies to subsumption checks between two policies), and then translates it to XACML so that (an extensions of) the available implementations of XACML architectures can enforce the policy.

This tool provides a flexible access control mechanism for APIs. This is an important security mechanism to guarantee the enforcement of authorization constraints on resources while invoking their API functions. We have developed an extension of the Spring Security framework, the standard for securing services and apps built in the popular (open source) Spring framework, for the specification and enforcement of Attribute-Based Access Control (ABAC) policies.

Official web-site:

The Security Threat Identification And TEsting (STIATE) toolkit supports development teams toward security assessment of their under-development applications focusing on subtle security logic flaws that may go undetected by using current industrial technology.

Web Site: