Software Tools

Spyglass: An architecture for creating isolated bastian hosts

Spyglass is a web application with associated components that allow a user to create on-demand bastion hosts (also known as middle hosts or jump hosts) for connecting to a remote private network. These bastion hosts utilize Docker to put each administrator in an isolated "container" that is audited by a separate security team. This system gives the security team the ability to easily see the actions an administrator performed on the sensitive cloud infrastructure.

Source code and instructions for Spyglass are available at More technical details are available in the [system paper](link to paper here) If you are interested in citing Spyglass, you may do so by using: "Cable, P., Schear, N., Spyglass: Demand-Provisioned Linux Containers for Private Network Access, Proceedings of the 29th Large Installation System Administration conference (LISA15), Washington DC, 8-13 November 2015"

HEtest - Test harness to evaluate homomorphic encryption schemes

HEtest comprises several tools that aid in the testing and evaluation of homomorphic encryption schemes.

First, HEtest includes a "circuit generator" that creates circuits with a given width, depth, and batch size over a given set of gates. Second, HEtest includes a "test harness" that can drive any software implementing homomorphic encryption and instrument its performance. Finally, HEtest includes a "baseline" that evaluates such circuits without any homomorphic encryption for comparison purposes.

MIT Lincoln Laboratory developed HEtest for use during the testing and evaluation of the IARPA SPAR project, and thus the circuit generation and baseline include some features that are specialized for SPAR submissions. Nevertheless, the tools in HEtest are extensible and can easily be used to test other homomorphic encryption schemes as well.

Visit the HEtest page for information and download.

LNKnet Pattern Classification Software

LNKnet, developed at MIT Lincoln Laboratory, integrates more than 22 neural network, statistical, and machine learning classification, clustering, and feature selection algorithms into a modular software package. Recently, support vector machines and naive Bayesian Classifiers have been added and a version of LNKnet has been developed that runs under the Microsoft Windows operating system using the Cygwin environment.


MatlabMPI: Parallel Programming with MatlabMPI

MatlabMPI is set of Matlab scripts that implement a subset of MPI and allow any Matlab program to be run on a parallel computer. The key innovation of MatlabMPI is that it implements the widely used MPI "look and feel" on top of standard Matlab file i/o, resulting in a "pure" Matlab implementation that is exceedingly small (~300 lines of code). Thus, MatlabMPI will run on any combination of computers that Matlab supports. In addition, because of its small size, it is simple to download and use (and modify if you like).

Visit the MatlabMPI page for information and download

pMatlab: Parallel Matlab Toolbox v2.0.1

pMatlab provides a set of Matlab data structures and functions that implement distributed Matlab arrays. Parallel array programming has proven to be an effective programming style for a wide variety of parallel applications and is consistent with standard Matlab programming style. The primary advantages of distributed array programming are: 1) message passing is done implicitly, and 2) existing Matlab program can be made parallel with modifications to a handful of statements

Visit the pMatlab page for information and download

D4M: Dynamic Distributed Dimensional Data Model

D4M is a breakthrough in computer programming that combines the advantages of five distinct processing technologies (sparse linear algebra, associative arrays, fuzzy algebra, distributed arrays, and triple-store/NoSQL databases such as Hadoop HBase and Apache Accumulo) to provide a database and computation system that addresses the problems associated with Big Data. D4M significantly improves search, retrieval, and analysis for any business or service that relies on accessing and exploiting massive amounts of digital data. Evaluations have shown D4M to simultaneously increase computing performance and to decrease the effort required to build applications by as much as 100x. Improved performance translates into faster, more comprehensive services provided by companies involved in healthcare, Internet search, network security, and more. Less, and simplified, coding reduces development times and costs. Moreover, the D4M layered architecture provides a robust environment that is adaptable to various databases, data types, and platforms.

Visit the D4M page for information and download


Secure Shell

Version of Secure Shell (SSH) source code from modified to facilitate secure use of SSH across gateway machines. These changes to SSH are introduced in "Inoculating SSH Against Address Harvesting Worms," by Stuart Schechter, Jaeyeon Jung, Will Stockwell, and Cynthia McLain, presented at The Internet Society (ISOC) Network and Distributed System Security Symposium (NDSS'06), 2006.

Download patch: openssh-4.2p1-hop.patch
Download source: openssh-4.2p1-hop.tar.gz
View: README.sshhop

NetPoke: Tcpdump File Replay Utility

NetPoke is a utility used to replay packets to a live network that were previously captured with the tcpdump program. It attempts to match the timing of the original traffic, optionally speeding it up or slowing it down, and can also modify the network hardware address in the replayed traffic. NetPoke supports multiple network interfaces allowing replayed packets to be injected into different points on a network based on the source address. NetPoke is no longer being supported by MIT Lincoln Laboratory. Those looking for similar functionality might search for tcpreplay and other tools that provide similar functionality.


top of page