Within the NESSoS project, a variety of analysis and development tools for different aspects of service security engineering are used. In order to increase the speed of the development as well as the level of security of service-oriented software and systems we embed these tools into the NESSoS tool workbench which serves also as tool integration platform for of service-oriented software. On the NESSoS tool workbench, tools are services that can be published and discovered; they provide arbitrary functionality and can be used as-is, or combined defining new services. Each tool provides a set of functions which can be invoked using a text editor or graphic editor.
Technically, the Service Development Environment (SDE) serves as NESSoS tool workbench.
Please note that the SDE is open-source, but no longer maintained by LMU.
Currently, the following NESSoS-related tools are integrated into the NESSoS Workbench:
- AbsInt: Verification tool for safety-critical software in embedded systems.
- Arachni: Vulnerability scanner, which helps penetration testers and administrators to evaluate the security of web applications.
- Avantssar-atse (CL-ATSE): Constraint Logic based Attack Searcher for security protocols and services.
- Avantssar Orchestrator: Tool for automatic orchestration ofWeb Services taking into account their security policies. In short, it generates a service called mediator that is able to satisfy requests of a given client with the help of given community of available services.
- CoSeRMaS: CoSeRMaS provides a framework which can handle the systematic documentation, analysis, reporting and even manage the fulfillment status of requirements.
The integration of CoSeRMaS was supported by Innsbruck.
- CORAS Tool: CORAS is a model-driven approach to risk analysis that consists of three tightly integrated building blocks, namely the CORAS method, the CORAS language and the CORAS tool.
- EOS (Eye OCL Software): Java component for performing efficient evaluation of OCL expressions on medium-large size scenarios.
- Jalapa: Jalapa is a tools suite for the development of Java applications secured with local policies.
- MagicUWE: CASE tool that was created to support the development of web applications. It focuses on the modelling phase and uses the UML-based Web Engineering (UWE) methodology.
- Nessus: Vulnerability scanner, which audits configurations, patches and web applications.
- Nexpose: Vulnerability scanner, which proactively scans an environment for misconfigurations, vulnerabilities, and malware and provides guidance for mitigating risks.
- Nikto: Vulnerability scanner, which performs tests against web servers for multiple items, including potentially dangerous files, checks for outdated versions, and version specific problems.
- PRRS: The Platform for Runtime Re-configurability of Security (PRRS) is a tool that provides run-time management of Security and Dependability (S&D) solutions and monitoring of the system context.
- SATMC: SATMC is a SAT-based Model-Checker for Security Protocols and Security-sensitive Applications.
Porting of SATMC generously provided by UNIGE.
- Srijan: Srijan is a toolkit that enables application development for wireless sensor networks (WSNs) in a graphical manner using data-driven macroprogramming.
- STS-Tool: STS-ml is the Socio-Technical Security modelling language for the specification of security and trustworthiness requirements of systems operating in a cross-organizational environment.
- SunPDP: Sun's open source implementation of the OASIS XACML standard, written in Java.
- Tamarin: The Tamarin prover is a security protocol verification tool that supports both falsification and unbounded verification of security protocols.
- UML4PF: Tool to support requirements analysis and architectural design based on Michael Jackson’s problem frame approach.
- UWE2XACML: Transformator that converts UWE access control models to XACML policies.
- VeriFast: Verifier for single-threaded and multithreaded C and Java programs annotated with preconditions and postconditions written in separation logic.
- WS-TAXI: Using WS-TAXI, which is a combination of tools, allows to test a web service efficiently and automatically.
- XACML Traces Creator: It gets as input a set of XACML requests and corresponding responses from a PDP component and derives traces sets, i.e. the classification of requests according to the PDP responses.
- XACML2FACPL: Transformator that converts XACML policy files to FACPL.
- X-CREATE: Tool to test XACML policy evaluation engines and access control policies by systematic generation of a test suite of requests
An overview of all NESSOS-related tools, techniques and methods can be found in the NESSOS Common Body of Knowledge (CBK).
A plug-in for searching the CBK from within the SDE is available: [eclipse update site]