Blare

Blare

Blare is a framework for Intrusion Detection Systems (IDS). It provides a model of information flow tracking, and policies can be set up to define legal flows. The nice thing about flow tracking is that policies are only needed on endpoints, which means the global policy can be quite sparse.

This framework has been implemented in several systems that you can discover below.

learn more
Rfblare

Rfblare

Rfblare is a new member of the Blare family, and a reimplementation of Kblare for the Linux kernel v4.7 and onwards, with the objective of correctly tracking information flows even in the presence of race conditions between system calls as well as properly handling flows occurring through memory mappings and shared memory fragments.

learn more

KBlare

KBlare

KBlare tracks flows from the kernel level. It is implemented as a Linux Security Module (LSM) and can detect intrusions in services and applications. It works as a host based and distributed IDS.

learn more

JBlare

JBlare

JBlare is a Java Virtual Machine (JVM) hypervisor, able to track information flows inside Java programs. Being a modified JVM, it runs vanilla java applications. A cooperation mode with KBlare affords both IDS more precision.

learn more

AndroBlare

AndroBlare

AndroBlare is a port of KBlare to Android smartphones. We are now able to detect malwares and attacks targeting Android. Current research focuses on the use of AndroBlare for malware analysis by generating flow graphs.

learn more

News

FOSDEM

2014-02-02

Blare participated to the FOSDEM 2014. We did a lightning talk on Sunday morning.

New website

2013-09-16

We are proud to present a completely revamped website!

The website has been completely redesigned. If you notice anything awry or if you have any comments, please tell us.