• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Open Source Projects

SPARTA ISSO is widely recognized as the world leader in information assurance research and development. With locations across the U.S., SPARTA ISSO is home to over 120 professionals, many of whom hold advanced degrees. Through fundamental and applied research and development, we investigate hard, challenging problems, which have a long horizon and high risk, but also provide high potential value. Through transition of technologies, SPARTA ISSO provides strategic value to our customers and partners. SPARTA ISSO has a proud, 25-year plus history of conducting leading-edge research for the U.S. government in fundamental research topics and areas of strategic interest. In the last two and a half decades, SPARTA ISSO has contracted with the Defense Advanced Research Projects Agency, Army, Navy, Air Force, Defense Information Systems Agency, and other Department of Defense and U.S. government agencies.

Open Source software is an important part of SPARTA ISSO's strategy for making research results widely available for Government, commercial, and other uses. The following links provide software downloads, documentation, information on community activities facilitated by SPARTA ISSO, and current SPARTA ISSO Open Source news.

Generic Software Wrappers for Security and Reliability

The Generic Software Wrappers Toolkit prototype provides software "wrapping" technology to significantly increase the security and reliability of large software systems composed of standard off-the-shelf software components, without resorting to modifying the components themselves.

LOMAC: Low-Watermark Mandatory Access Control

LOMAC is a dynamically-loadable security module for FreeBSD and Linux kernels that uses Low Water-Mark Mandatory Access Control (MAC) to protect the integrity of processes and data. LOMAC is designed to be a form of MAC that typical users can live with, and emphasizes compatibility and ease of use.

NSA Security-Enhanced Linux

NSA Security-Enhanced Linux (SELinux) is an implementation of flexible and fine-grained mandatory access controls for Linux. These controls can be used to confine processes (including superuser processes) to least privilege, to protect the integrity and confidentiality of processes and data, and to support protected subsystems or assured pipelines. SELinux emphasizes flexibility and support for least privilege.

Privman

Privman is a library that makes it easy for programs to use privilege separation, a technique that prevents the leak or misuse of privilege from applications that must run with some elevated permissions. Privman-managed processes can implement fine grained control of root privilege on common Unix-based operating systems. Privman emphasizes compatibility with popular systems and ease of porting.

SEBSD: Security-Enhanced FreeBSD

SEBSD is a TrustedBSD security policy module encapsulating NSA's FLASK architecture and Type Enforcement policy ported from SELinux to FreeBSD. SEBSD offers FreeBSD users access to the benefits of SELinux, including a mature sample TE policy adapted to FreeBSD

SEDarwin: Security-Enhanced Darwin

SEDarwin is a port of the TrustedBSD MAC Framework and security policies from FreeBSD to the open source Darwin operating system, which is the base of Apple's commercial Mac OS X desktop operating system. SEDarwin provides access to a variety of security policies, including integrity and sensitivity MAC policies, and NSA's FLASK architecture and Type Enforcement policy. By running SEDarwin in combination with the Mac OS X desktop environment, strong access controls can be used with a variety of commercial applications, including office suites.

TrustedBSD

TrustedBSD is a set of trusted operating system extensions to the FreeBSD operating system, including support for extensible kernel access control through policy modules. Part of our CBOSS Project, this work provides a flexible, stable, high performance, and secure starting point for new operating system research and embedded network product development.

Java Binary Enhancement Tool (JBET)

The Java Binary Enhancement Tool (JBET) is a general Java program analysis and manipulation tool. Existing class files can be disassembled, reassembled, or edited programmatically through the JBET API. JBET can also be used to create new Java class files from scratch. JBET uses a convenient internal representation of all the contents of Java binary (.class) files, allowing the user to edit the classes easily, in a structured manner.