Blare is an experimental policy-based, host-based intrusion detector for Linux. Its main purpose is to serve as a testbed environment for experimenting with a new intrusion detection approach.
Unlike other IDSes such as Snort or Snare, Blare requires neither attack signatures, learned profiles nor knowledge of program behavior. Its main goals are:
Since March 2011, we have worked on applying Blare theoritical model to Android. We built a first information flow policy that identifies sensitive data and containers, and expresses how information can spread and mix inside the system.