You can find information on software tools released by the TU/e SEC group below and at the referenced links.
|SAFAX||SAFAX is an extensible authorization framework offered as a service. SAFAX provides a novel XACML-based architectural framework tailored to the development of extensible authorization services for clouds. The key design principle underlying SAFAX is that all components are loosely coupled services, thus providing the flexibility, extensibility and scalability needed to manage authorizations in cloud environments.||SAFAX|
|TRIPLEX||TRIPLEX is a tool-supported framework for the analysis of data minimisation in privacy-enhancing protocols. TRIPLEX allows users to visually construct scenarios of different actors communicating using any kind of privacy-enhancing protocol. TRIPLEX automatically simulates these scenarios, and provides different analysis tools. The tools, geared towards non-cryptography-experts, allow users to analyse the knowledge that actors learn by executing communication protocols, as well as to verify protocol-independent privacy properties.||TRIPLEX|
|X2S||X2S is a formal framework for the analysis of XACML policies that employs Satisfiability Modulo Theories (SMT) as the underlying reasoning mechanism.||X2S|
|DALTIA||DALTIA is a tool for DAta Leakage deTection analysIs and visuAlization. DALTIA tackles the data leakage problem from different perspectives, namely Profiling, Detection, Quantification, Attack Classification and Visualization.||DALTIA|
|APD||The Anomalous Pattern Discovery Tool (APD) is a tool aimed at providing the user with a set of advanced functionalities to infer and explore deviations occurred in a set of past process executions.|
The data released by the SEC group to the public is referenced below alongside the reference publications. The column *access type* references whether the data is immediately available or requires additional steps to be taken first.
Licensed data is released under an academic and completely free license, and can be accessed by contacting firstname.lastname@example.org from an institutional email address, specifying the nature of the project for which the data is requested.
The license has to be compiled in the highlighted fields and sent back to the same address, signed by you (the recipient scientist), and by a Full Professor or by the Head of Department. Once we receive the signed license we will send back a copy signed on our side alongside the requested dataset(s).
|Data||Description||Reference paper||Access type||Link|
|IMPAAS_DATASETS||Information about the advertised products, namely user profiles, crawled from the listing of an underground market providing Impersonation-as-a-Service products. Two datasets are available; the former contains general information about all products available at scraping time, the latter details a random subset of profiles with information such as which credentials have been stolen from. In addition, a file R with the statistical analysis used for the paper can be available.||M. Campobasso, L. Allodi (ACM CCS 2020) - Preprint version||Licensed||Download license|
|MALMARKET_VULNS||CVEs published in a prominent Russian cybercrime market (as of April 2017). Reports CVE identifiers, prices, vendors, vulnerability characteristics, type of packaging, date of publication, date of disclosure, among other fields. *Note:* the SYM dataset is released here.||L. Allodi (ACM CCS 2017); L. Allodi, F. Massacci (ACM TISSEC 2014)||Licensed||Download license|
|MALMARKET||Unstructured dataset with the dumps of the market forum interactions (in Russian) spawning from the CVE trading reported in MALMARKET_VULNS.||L. Allodi (ACM CCS 2017)||Ad hoc collaborations||Send a short (max 1 page) research proposal to Dr. L. Allodi|
|Cryptx||PCAP files of the Cryptx ransomware||to come||Direct download||Cryptx PCAP (approx. 700MB)|
|Jigsaw||PCAP files of the Jigsaw ransomware||to come||Direct download||Jigsaw PCAP (approx. 1GB)|
|Automotive Controller Area Network (CAN) Bus Intrusion Dataset||CAN bus datasets from three systems: two cars (Opel Astra and Renault Clio) and a CAN bus prototype we built ourselves. For each system, there are files consisting in normal data and attack data. The purpose is meant to evaluate CAN bus Network Intrusion Detection Systems (NIDS). See READMEs in folders for more details. CAN bus NIDS implementations can be obtained upon requests via email. This work has been supported by the APPSTACLE project.||G. Dupont et al. (IEEE ICCVE 2019)||Direct download||Datasets|
|Dmitry Zhdanov||Georgia State University||This dataset will be used to renareh supply and demand dynamics of dark markets over time. Our goal is to verify the economic dynamics model with these data.|
|Daniel Sadoc Menasche||Universidade Federal do Rio de Janeiro - UFRJ||The goal of our project is to contrast findings from different black markets.|
|Pierre Trepagnier||Utilizing traded black market exploits as one of a set of possible predictors indicating host risk of compromise.|