====== Software from the Security Group in Trento ======

The group has made available a number of software tools that can be also found in the individual [[research_activities|research activities]].

===== Download and Run =====
  * **LastPyMie** (A tool for identifying the differences between build artifacts of PyPI packages and the respective source code repository) is available on [[https://github.com/assuremoss/lastpymile|Github]]. The paper appears on [[https://securitylab.disi.unitn.it/lib/exe/fetch.php?media=research_activities:experiments:esecfse2021.pdf|ESEC/FSE'21]].
  * {{:tissec-analysis-14.r.zip| R-code (zip file)}} to generate the case controlled [[vulnerability_discovery_models|study for vulnerability exploitation]] is available for sharing. The paper appears in [[http://dl.acm.org/citation.cfm?id=2630069|ACM TISSEC]]. The [[datasets|datasets]] are also available.
  * **TestREx** (a Testbed for Repeatable Exploits) is available on [[https://github.com/standash/TestREx|GitHub]]. Instructions on how to use are available on our [[testrex|wiki]]. The paper appears on [[https://www.usenix.org/system/files/conference/cset14/cset14-paper-dashevskyi.pdf|USENIX CSET'14]].
  * **MalwareLab** scripts for experimenting with exploit kits described in our [[malware_analysis]] are available for download {{:malwarelab-experiment-unitn.zip|(ZIP)}}. The paper appears in [[https://www.usenix.org/conference/cset13/workshop-program/presentation/allodi|Usenix CSET 2013]]. An additional archive with historical releases of Mozilla Firefox, Opera Browser, Adobe Flash and Adobe Reader is also available for sharing. You can follow the guidelines [[datasets|here]] to request it.
  * The //Web-service for Autonomic Interactive Authorization// is available as [[http://www.interactiveaccess.org|open source]]. The paper appears in [[http://dx.doi.org/10.1145/1380422.1380424|ACM TAAS]].


===== Ask the Developer =====

  * As a result of our research on [[Securing Access to Cloud Storage]], we have developed a prototype for securing data, as well as access control policies in outsourced environments. To get the source code, please contact [[http://disi.unitn.it/~asghar/|Muhammad Rizwan Asghar]].
  * We released the binaries of the SxC verifier for Java Card (the developer version for PC). It is a result of our work on applying the Security-by-Contract paradigm to Java smart cards (check out [[security-by-contract_for_mobile_and_smart_card|Security-by-Contract for Mobiles and Smart Cards]] for more details). To get the binaries please contact Fabio Massacci or Olga Gadyatskaya[[name.surname@unitn.it]] 
  * UNICORN: modeling and reasoning on the uncertainty of requirements evolutions. It is a result of our research on [[security_requirements_engineering|Security Requirements Engineering]]