SAT-based Model-Checker for Security Protocols and Security-sensitive Applications
Web Site: http://st.fbk.eu/technologies/satmc
SAT-based Model-Checker for Security Protocols and Security-sensitive Applications
Web Site: http://st.fbk.eu/technologies/satmc
ASASP is a tool for the automated safety analysis of administrative access control policies in (extensions of) the Role-Based Access Control (RBAC) model. The goal of the tool is to establish if untrusted users can get permissions to access sensitive resources. ASASP is capable of performing an analysis that is parametric in the number of users, i.e. it certifies safety with respect to a finite but unknown number of users. ASASP is also capable of taking into account attribute-based assignments of roles to users and temporal constraints on the RBAC policies.
Official web-site: http://st.fbk.eu/technologies/asasp.
Content-based Information Protection and Release (CPR) is a tool for the analysis and enforcement of access control policies in NATO operations.
This tool provides a flexible access control mechanism for APIs. This is an important security mechanism to guarantee the enforcement of authorization constraints on resources while invoking their API functions. We have developed an extension of the Spring Security framework, the standard for securing services and apps built in the popular (open source) Spring framework, for the specification and enforcement of Attribute-Based Access Control (ABAC) policies.
Official web-site: http://st.fbk.eu/technologies/secses.
The Security Threat Identification And TEsting (STIATE) toolkit supports development teams toward security assessment of their under-development applications focusing on subtle security logic flaws that may go undetected by using current industrial technology.
Web Site: http://st.fbk.eu/stiate
SecurePG is a Java-based tool that allows policy administrators to generate, verify and enforce abstract Access Control (AC) policies in two of the most widely used Cloud Service Providers: Amazon AWS and OpenStack.
Official web-site: https://sites.google.com/view/securepg/home.