The CyberSEA has developed a variety of software tools.

  • Compass: A one-stop-shop toolkit to support system architects, developers, evaluators, and researchers to design secure software systems. Compass is designed based on a service-oriented architecture to house heterogeneous secure system design tools.
    • Merak: A web-based threat analysis tool that estimates a software system’s asset threat landscape by leveraging external security data sources such as National Vulnerability Database, MITRE’s ATT&CK, and the Canadian Centre for Cyber Security Alerts and Advisories.
    • Polaris: A web-based system modelling and analysis tool to design, analyze, and manage the structural security posture of a software system.
  • Security Metrics Soundness Evaluation Tool: A spreadsheet tool designed as a series of Yes/No questions to evaluate the definition, sufficiency, progression, and reproducibility properties of a security metric under consideration. Based on the responses, the tool provides a conclusion on the soundness of a security metric.
  • Implicit Interactions Analysis Tool: Automates the methods and approaches for identifying and analyzing the existence of implicit interactions in system designs and specifications. The tool supports system designers and integrators in identifying and analyzing implicit interactions in critical systems that have been specified using the Communicating Concurrent Kleene Algebra (C2KA) modelling framework. It identifies the set of implicit interactions given the C2KA specification of a system and the specification of the set of intended interactions. It also computes the severity, exploitability, and the set of attack scenarios for the identified set of implicit interactions.