Projects

grsecurity

grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model

RSBAC

* Free Open Source (GPL) Linux kernel security solution * Independent of governments and big companies * Several well-known and new security models, like MAC, ACL and RC * Detailed control over individual user and program network accesses * ... [More] Virtual User Management, in kernel and fully access controlled * On-access virus scanning with the Dazuko interface * Any combination of security models possible * Easily extensible: write your own model for runtime registration * Support for latest kernels and stable for production use [Less]

Extrapol

A security static analysis tool for C aiming to answer the question: "what does this program do?"

srbac

Srbac is a module designed for the Yii framework http://www.yiiframework.com/ It is designed to make easier the use of Yii authManager components that implements the use of Role Based Access Control (R.B.A.C.). The authManager that srbac supports is the CdbAuthManger which uses a database to ... [More] store the authorization data. Srbac offers a graphical interface for the most of RBAC actions (create / edit / delete authorization items, assigning authorization items to users etc.) and also a wizard for automatic creation of operations and tasks from your controllers/actions. Srbac 1.0.x branch supports only Yii 1.0.x versions. Srbac 1.1.x branch supports only Yii 1.1.x versions. [Less]

Open PERMIS

PERMIS is an all-purpose authorisation decision-making engine with deployment packages for Apache and Globus Toolkit. OpenPERMIS is its offspring based on freely available libraries only.

Bastille Framework

Bastille Framework (Previously known as SCMS) is a PHP MVC based secure content management system. It is designed from the ground up to withstand common Web application vulnerabilities such as SQL injection, XSS, CSRF, session fixation/hijacking, and many others. It is designed for PHP 5.0-5.2.x ... [More] and MySQL 4.1+, and it can optionally support PostgreSQL as a database backend. [Less]

Procilege

Procilege is a purpose-specific computation unit for privilege analysis. The Procilege transparently provides applications both access control and privilege regulation. Procilege implements a calculus named Privilege Calculus, where the problems of separation of duty are reduced to the composition ... [More] of the compositions and mergenece of privielge, and those are resolved in algebra way. In addition, it provides a privielge content management that stores privilege definitions in unit, keeping the consistent privilege definition across the privilege content. Both Privilege Calculus and the Privilege Content Management are designed so that the administrative extensibility and administrative scalability are easy grounded in complex enviroment. [Less]

openpasl

Openpasl seeks to deliver a set of clean, simple, and loosely-coupled libraries that don't require developers to build their applications around some bloated, all things to all people, framework. Openpasl is not an MVC framework. Some day openpasl may include several MVC models that can be ... [More] used for quickly building out applications targeted at the web GTK or other presentation layers. However, this is not an explicit goal. There are common needs for applications and there are patterns of repeated tasks. The goal of openpasl is to take on some of the common architectural pieces and get them out of the way so that you can focus on the overall architecture of your application and the business logic behind it. openpasl is unstableThe current set of proposed layers to target: Database: Database "abstraction". The goal is to create a lightweight packaging system for custom/raw database drivers, with the option to use PEAR::MDB2 as a generic, portable driver. It would be encouraged to use the native PHP driver for your db backend. Simple interfaces will allow developers to wrap PHP raw driver calls within a driver class. Authentication: Implement basic layers for authentication with additional driver support (ldap, radius, mysql, saml, etc). Authorization: Implement robust RBAC library to support very granular management of permissions. Workflow: Implement generic workflow engine(s) to support the rapid deployment of transactional processes. Web: Basic web libraries to support the deployment of web services with support of various protocols (Initially SOAP and REST). Basic libraries to support dynamic page creation, HTML templates, XML, schema, XSL template controls, code templates, etc. Threading: While it is possible to do some pretty robust threading in PHP, it's also a massively huge pain in the ass - with pitfalls at every corner. Openpasl will simplify this effort into a nice package. IPC: Inter-process communication, like threading, is almost a science of its own in PHP. Openpasl seeks to abstract much of the craziness away and provide a nice clean API for IPC through shared memory and sockets. Interpreters: Interpret a language (such as JavaScript) to be ran inside of PHP in a self-contained environment. Why openpasl? Well, not all PHP applications target the web browser directly. Perhaps you're writing a socket server and threading is important to you, perhaps you're writing a data portability layer, a web service, etc. Openpasl will not force you to use any architectural style for good or for worse. Openpasl will not pollute the global scope. Openpasl gets out of the way to allow you to make the decisions you need for your application and provides you the means to perform tasks that you're really not interested in becoming an expert on (ie threading and IPC in PHP). Openpasl wants to grow! Any additional library support is welcome. The one requirement. Keep it lean. Keep it light. Use proper assignment of responsibility. Keep things loosely-coupled. PHP version?If you're pulling from the repository openpasl runs on PHP 5.3 [Less]

distributedrbac

A master thesis about conceiving and implementing a Distributed RBAC system

e-User

e-User is a PHP/MySQL application designed to take care of the access-control aspects of a user-centred website. It provides simple tools to ensure, for instance, that a page will be viewed only by authenticated users, or by users with a given role.