Tools

ASASP: Automated Symbolic Analysis of Security Policies [documentation]

A tool for the automated safety analysis of administrative access control policies in (extensions of) the Role-Based Access Control (RBAC) model.

Automated Legal Compliance Checking [documentation]

A tool for automated analysis of security policies in IT designs against the EU DPD regulation.

CPR: Content-based Information Protection and Release [documentation]

A tool for the analysis and enforcement of access control policies in NATO operations.

CryptoAC [documentation, code]

To facilitate the adoption of cloud by organizations, cryptographic access control is the obvious solution to control data sharing among users while preventing partially trusted cloud service providers to access sensitive data. In this context, CryptoAC implements a state of the art role-based cryptographic access control scheme; CryptoAC comes with an easy deployment process, it supports 81 different architectures and it is cloud-independent, i.e., it can be seamlessly deployed in all major cloud service providers.

Micro-Id-Gym [documentation, code]

A framework where users can develop hands-on experiences on how IdM solutions work and increase their awareness related to the underlying security issues.

mIDAssistant [documentation, code]

An Android Studio plugin that guides native mobile app developers with secure integration of Single Sign-On and Access Delegation solutions within their apps.

mIDAssistant_iGov

An Android Studio plugin that guides native mobile app developers with secure integration of OpenID Connect iGov profile (OpenID Connect iGov) solutions within their apps.

MQTT Security Assistant (MQTTSA) [documentation, code]

A tool designed to increase the security awareness of IoT developers by automatically assessing misconfigurations in MQTT-based environments and by providing a report of potential vulnerabilities and mitigation measures at a different level of details - from natural language descriptions to code snippets that can be cut-and-paste in actual deployments.

MuFASA [documentation]

A tool for high-level specification and analysis of MFA protocols, which aims at supporting normal users and security experts (in the design phase of an MFA protocol), providing a high level report regarding possible risks associated to the specified MFA protocol, its resistance to a set of attacker models (defined by NIST), its ease-of-use and its compliance with a set of security requirements derived from European laws.

PILLAR (Privacy risk Identification with LINDDUN and LLM Analysis Report) [documentation, code]

PILLAR is a privacy threat modeling assistant that brings the power of large language models (LLMs) to the established LINDDUN framework. Simply feed PILLAR a natural-language system description, and it will transform it into comprehensive threat models with limited input from users. It provides three variants of LINDDUN threat modeling: SIMPLE, LINDDUN GO (by simulating multi-agent collaboration in a virtual threat modeling workshop), and PRO.

SATMC [documentation]

SAT-based Model-Checker for Security Protocols and Security-sensitive Applications.

SecSES [documentation]

SecurePG [documentation]

A Java-based tool that allows policy administrators to generate, verify and enforce abstract Access Control (AC) policies in two of the most widely used Cloud Service Providers: Amazon AWS and OpenStack.

STIATE Toolkit [documentation]

Supports development teams toward security assessment of their under-development applications focusing on subtle security logic flaws that may go undetected by using current industrial technology.

TLSAssistant [documentation, code]

A fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks.