Software Supply Chain
Network Security
- Jäger: Jaeger system prototype implementation
- NetViews: least privilege connectivity in an enterprise network
- MSNetViews: multi-site NetViews
- VisibleV8: patches to Chromium’s V8 engine to extract trace logs of javascript APIs
Linux
iOS Analysis
- SandBlaster: reverse (decompile) binary Apple sandbox profiles
- iExtractor: automate data extraction from iOS firmware files
Code Analysis
- FV8: forced execution JavaScript engine for detecting evasive techniques
- VisibleV8 : custom variant of the V8 JavaScript engine
Android OS Analysis
- ACMiner: find inconsistent enforcment of Android permissions
- ARF: find improper re-delegation of Android permissions
- FReD: find improper re-delegation of Android file access
Android App Analysis
- PolicyLint / PoliCheck: process Android app privacy policies
- AARDroid: identify non compliances with industry regulations of Android payment SDKs
- Cardpliance: detect PCI DSS noncompliance in android apps
- UiRef: resolve the semantics of user input
- Whyper: predict permissions from app desciptions [Note: Google deleted the original Google site and the dataset]
Android Enhancements