• About CASED
• News & Events
• Research
  • Research Areas
  • Principal Investigators
  • Groups & projects
  • Main Research Topics
  • Publications
  • CASED at conferences
  • Software & Downloads
• Transfer & Innovation
• Education
• Press
• Links

• Contact
• Sitemap
• Imprint
• Newsletter
  E-Mail Address

search

Software and Downloads

• TamiFlex - a tool set for taming reflection
  

  Static program analyses and transformations for Java face many problems when analyzing programs that use reflection or custom class loaders: How can a static analysis know which reflective calls the program will execute? How can the analysis get hold of a class that the program may load from a remote location or even generate on the fly? And if its results are used to transform classes offline, how can it ensure that the transformed classes are re-inserted into a running program that uses custom class loaders?

  TamiFlex is a tool set for taming reflection. TamiFlex consists of two novel Java instrumentation agents. The Play-out Agent logs reflective calls into a log file and gathers all loaded classes, including generated ones. The Play-in Agent re-inserts offline-transformed classes into a running program. On the TamiFlex website we show how researchers can use TamiFlex and the Soot framework for static analysis to construct a sound call graph and points-to sets even for programs that use reflection, custom class loaders, and dynamic class generation.

  Tamiflex webpages

• Clara - a framework for implementation of hybrid typestate analyses
  

  Clara (CompiLe-time Approximation of Runtime Analyses) is a novel research framework for the implementation of hybrid typestate analyses, which use static analyses to partially evaluate runtime monitors for typestate properties.

  Typestate properties allow programmers to use finite-state formalisms such as regular expressions or linear temporal logic to express properties about the current state of a class of objects, the so-called typestate. This can include safety properties such as not writing to a resource that is being read at the same time, but also security properties like not allowing access to secured resources for users that have not properly authenticated in previously. Clara allows for a hybrid approach that allows for verifying typestate properties of Java programs through a combination of compile-time and runtime techniques: A static analysis first try to prove that the program under test cannot possibly violate the stated properties on any execution. In cases in which the analysis fails to conduct this proof completely, Clara will insert a runtime monitor into exactly those portions of the program that the analysis failed to prove safe or secure. Programmers can then test-run the instrumented program to see whether they can find an execution on which the inserted monitor will detect a property violation. In case the monitor does detect such a violation, the monitor can execute code that compensates for the violation on the fly, e.g., can forbid access to the secured resource that an un-authenticated user tried to access. That way, Clara can even be used to implement access-control schemes efficient and in a modular way.
  Clara webpages

• FlexiProvider
  

  The FlexiProvider is a powerful toolkit for the Java Cryptography Architecture (JCA/JCE). It provides cryptographic modules that can be plugged into every application that is built on top of the JCA. The goal of our project is to supply fast and secure implementations of cryptographic algorithms which are easy to use even for developers who are not well-footed in the field of cryptography.

  The FlexiProvider has been developed by the Theoretical Computer Science Research Group of Prof. Dr. Johannes Buchmann at the Departement of Computer Science at Technische Universität Darmstadt, Germany.
  For more information about this project and to download FlexiProvider please click here.

• ArchiSoft
  

  The probative value of electronic signatures has to be preserved over a long period of time. This ensures that the legal requirements for electronic document archiving can be met, e.g. in health care and banking. To meet this need, researcher at the Fraunhofer SIT developed the software ArchiSoft.

  ArchiSoft preserves the quality of digital signatures. If digital signatures are maintained by ArchiSoft, they can be verified for decades, even if cryptographic algorithms or parameters have expired. It provides components both for the long-term conservation of electronic signatures and the subsequent verification of the archived, electronically signed documents.
  For further informations about and access to the online shop please visit the ArchiSoft webpages of Fraunhofer SIT.

• MobileSitter
  

  The MobileSitter enables users to administrate their secret codes like passwords, PINs and TANs safely on mobile end devices (e.g. mobile phones).

  A user can thus access this information at any time and anywhere, at the computer in the office, at home or at the ec-card terminal. With the MobileSitter the user only has to remember one single password – the master password. All other secret codes are stored safely. MobileSitter is a product developed by researchers at the Fraunhofer SIT.
  For further information please visit the MobileSitter webpages.

• Digital Watermarking
  

  Nowadays most media are created digitally and modern multimedia software facilitates media processing enabling everybody to change media and also manipulate them. The Media-Security-Group at the Fraunhofer SIT in Darmstadt therefore uses and develops different technologies in order to protect digital media data, focussing on digital watermarking.

  Watermarks allow to protect data integrity and copy rights or ensure trustworthiness of media. Further applications are innovative added-value services. Companies and agencies that are interested in watermarking technologies find more information and licensing option at the Media-Security-Group webpages