Software from Scott Stoller's Research Group

ReBAC Policies used with Decision-Tree ReBAC Mining Algorithms. The ReBAC policies used in the experiments with DTRM, DTRM-, DTRMU, and DTRMU- described in our SACMAT 2020 paper and arXiv preprint 2008.08444. Version 1.0, released 6 September 2020.

Decision-Tree ReBAC Mining Algorithms. Implementations of the DTRM and DTRM- algorithms for mining Relationship-Based Access Control (ReBAC) policies, and the DTRMU and DTRMU- algorithms for mining ReBAC policies from incomplete attribute data (a.k.a. attribute data with unknown or missing values). The former algorithms are described in our SACMAT 2020 paper. The latter algorithms are described in arXiv preprint 2008.08444. Version 1.0, released 6 September 2020.

Efficient and Extensible Policy Mining for Relationship-Based Access Control: an implementation of our Simplified Evolutionary Aglorithm (SEA) and Simplified Evolutionary Algorithm with Feature Selection (FS-SEA1 and FS-SEA*) for Relationship-Based Access Control (ReBAC) policy mining. These algorithms are described in our SACMAT 2019 paper. Version 1.1 (includes bug fixes) released 4 April 2019.

Synchronized Execution for DistAlgo: synchronized execution, also called N-version execution, for DistAlgo. Described in our DBSec 2019 paper. March 2019.

Access Tracker: track accesses to built-in types int, string, and tuple in Python and DistAlgo programs. Described in our DBSec 2019 paper. March 2019.

Bytecode Tracer: bytecode-level tracing for Python and DistAlgo. Described in our DBSec 2019 paper. March 2019.

ReBAC Miner: an implementation of the algorithms for mining Relationship-Based Access Control (ReBAC) policies described in our Computers & Security paper. Version 1.1 (includes bug fixes) released 4 April 2019.

ReBAC policies: the six ReBAC policies used in the experiments described in our Computers & Security paper. One sample object model is included for each policy. Updated 28 June 2018.

FACADE: an implementation of our Fast Access Control Algorithm with Distributed Evaluation (FACADE), described in our DBSec 2017 paper, "Fast Distributed Evaluation of Stateful Attribute-Based Access Control Policies". Also contains our implementation of the distributed coordinator algorithm in: Decat, Lagaisse, and Joosen, Scalable and secure concurrent evaluation of history-based access control policies, ACSAC 2015. Updated 21 March 2017.

Temporal Role Miner: an implementation of the TRBAC policy mining algorithms described in our paper Mining Hierarchical Temporal Roles with Multiple Metrics. Updated 21 August 2017.

Policy Evaluation for RPPM2: an implementation of the policy evaluation algorithm described in our DBSec 2015 paper. Updated 2 July 2015.

Mining ABAC Policies From Logs: an implementation of the policy mining algorithms described in our DBSec 2014 paper and CoRR 1403.5715 (an extended version of our DBSec 2014 paper). Updated 4 April 2014.

Mining ABAC Policies: an implementation of the policy mining algorithms described in our 2015 IEEE TDSC paper. Updated 16 August 2014.

Mining Meaningful Roles: an implementation of the role mining algorithms described in our SACMAT 2012 paper. Updated 17 April 2012.

Abductive Analysis of Administrative Policies in Rule-Based Access Control: an implementation of the policy analysis algorithms described in our 2014 IEEE TDSC paper. Updated 14 January 2014.

Policy Analysis using Logic-programming (PAL) for Security-Enhanced Linux (SELinux): an implementation of the policy analysis described in our WITS 2004 paper.

Nachos-dfs: Nachos-3.4 plus Distributed File System Project. Version 2.1, December 1999. It runs under Linux and Solaris.