Open source projects
JIT Groups
JIT Groups is an open source application that lets you implement secure, self-service access management for Google Cloud using groups.
- Language: Java, JavaScript
- Technologies: Quarkus, Google App Engine, Cloud Run.
Just-in-Time Access
Just-in-Time Access (or JIT Access for short) is the precursor to JIT Groups. It’s a web application that lets you temporarily elevate your access to Google Cloud projects. JIT Access supports self-approval and multi-party approval and can be used for managing privileged or break-glass access.
- Language: Java, JavaScript
- Technologies: Quarkus, Google App Engine, Cloud Run.
IAP Desktop
IAP Desktop is a zero-trust Remote Desktop and SSH client for Windows that automatically tunnels all connections over Identity-Aware Proxy so that you can access Google Cloud VMs from anywhere, even if they don’t have a public IP address.
Blog posts about IAP Desktop »
- Language: C#
- Technologies: .NET, Windows
Token service
The token service is an open-source example implementation of a token broker that extends workload identity federation by supporting additional authentication flows
- Language: Java
- Technologies: Quarkus, Cloud Run.
License Tracker
License Tracker lets you track VM and sole-tenant node usage for the purpose of (BYOL) license reporting. The tool continuously analyzes Compute Engine audit logs and feeds a BigQuery dataset and dashboard.
- Language: C#
- Technologies: Google Cloud Run, BigQuery
Workload Authenticator for Windows
Workload Authenticator for Windows is a plugin for Google Cloud client libraries, or any application that uses the client libraries. It lets applications use existing Active Directory (Kerberos/NTLM) credentials to authenticate to Google Cloud, removing the need for service account keys.
- Language: C#
- Technology: Workload identity federation, AD FS
Automated domain join
Automated domain join lets you join Google Cloud VMs to an Active Directory domain on first startup. It’s a Cloud Run-based solution that works for both Managed Active Directory and self-managed Active Directory and uses an approach that’s similar to offline domain-joins, but in a fully serverless way.
- Language: Python, C
- Technologies: Google Cloud Run, LDAP, Kerberos, Active Directory
Retired open-source projects
NTrace
NTrace was a dynamic function boundary tracing toolkit for Windows NT-based systems on x86. It worked on Windows Windows Server 2003, and Windows Vista and was capable of tracing both user and kernel mode components as demonstrated in these two videos.
NTrace used a novel and patented approach of instrumenting binary code on the fly by leveraging the Microsoft hotpatching facility. This allowed NTrace to be both robust and fast: On x86, NTrace outperformed DTrace by a factor of almost three.
I developed NTrace as part of my Master’s thesis and later published a paper at the WCRE conference.
- Language: C, x86 Assembly
- Technologies: WDM, Win32, Windows
Cfix
Cfix was a unit testing framework for C and C++. The framework provided a runner (cfix32.exe, cfix64.exe) that let you explore and run tests in DLLs or EXE files. Cfix followed an architecture that’s similar to contemporary testing frameworks for C# or Java, but that was unlike other C/C++ frameworks at the time. Cfix was also the first unit testing framework to support kernel-mode unit tests.
- Language: C, C++
- Technologies: Win32, WDM
Visual Assert
Visual Assert was a Visual C++ Add-In that let you run cfix-based unit tests from within the IDE. The Add-In supported Visual Studio 2005, 2008, and 2010 and provided a user experience for running unit tests that’s similar to what modern Visual Studio versions provide for C# – at a time when Visual C++ did not provide any support for unit testing.
- Language: C++, C#
- Technologies: COM, Visual Studio Extensibility