Abstract: A profiling service may determine, local to a device, user profile attributes associated with a device user based on interaction of the device user with the device, based on device-local monitoring of device user interactions with the device, and may store the user profile attributes in a memory. The profiling service may be configured as an augmentation to a device operating system of the device. A profile exposure component may manage exposure of information associated with the user profile attributes to applications operating locally on the device, without exposure to the applications or to third parties of information determined as sensitive to the device user.

Abstract: A “Poll Optimizer” provides automated techniques for performing various combinations of both static and runtime optimizations for crowd-sourced queries including, but not limited to, crowd-sourced opinion-based polls. These optimizations have been observed to improve poll performance by reducing factors such as completion times, monetary costs, and error rates of polls. In various implementations, the Poll Optimizer receives an input query representing a crowd-sourced poll that is formatted as a multi-layer structure (e.g., LINQ-based queries natively supported by .NET languages, JQL-based queries supported by JAVA, etc.). The Poll optimizer then iteratively reduces the multi-layer structure of the input query to construct a reformulated query. This reformulated query is then matched to an optimized execution process selected from a plurality of predefined execution processes.

Abstract: A “code splitting tool” provides various techniques for automatically analyzing and rewriting existing browser-based applications to introduce dynamic code loading into those applications thereby improving perceived application responsiveness. Structural elements of application code (including functions, classes, etc.) are broken into small “stubs” with corresponding bodies. Rewritten applications then initially transfer only the portion of the code (including some combination of stubs and bodies) to the client as necessary for initial application execution. Additional stubs and/or bodies are then transferred either on-demand at runtime or in the background. Automated code rewriting proceeds without requiring any application-specific knowledge or changes to existing code prior to code rewriting. Further, the code splitting tool can tailor code rewriting to specific computing devices (computers, PDA's, cell phones, etc.

Abstract: Disclosed herein are systems and methods for detecting script code malware and generating signatures. A plurality of script code samples are received and transformed into a plurality of tokenized samples. The tokenized samples are based on syntactical elements of the plurality of script code samples. One or more clusters of samples are determined based on similarities in different ones of the plurality of tokenized samples, and known malicious code having a threshold similarity to a representative sample of the cluster of samples is identified. Based on the identifying, the cluster of samples is identified as malicious. Based at least on respective ones of the plurality of tokenized samples associated with the cluster of samples, a generalized code signature usable to identify the script code samples in the cluster of samples is generated.

Abstract: Functionality is described herein by which plural environment-sensing applications capture information from an environment in a fine-grained and least-privileged manner. By doing so, the functionality reduces the risk that private information that appears within the environment will be released to unauthorized parties. Among other aspects, the functionality provides an error correction mechanism for reducing the incidence of false positives in the detection of objects, an offloading technique for delegating computationally intensive recognition tasks to a remote computing framework, and a visualization module by which a user may inspect the access rights to be granted (or already granted) to each application.

Abstract: The claimed subject matter includes techniques for processing gestures. An example method includes receiving a gesture from an application. The gesture includes one or more primitives from a language that is domain-specific to gestures. The method also further includes receiving skeletal data from a motion detection system. The method also includes comparing the skeletal data with the gesture from the application in a runtime module. The method also further includes sending a gesture event to the application.

Abstract: The subject disclosure is directed towards automated, static analysis-based program code processing that detects unprotected resource accesses by applications, that is, those that do not provide proper opt-in consent dialogs (prompts). In one aspect, consent prompt code is automatically inserted into the program code to protect such unprotected access points. Also described are program representation graph construction and processing, a dominator node-based approach to determine placement points for inserting consent prompt code, and a backward search-based approach for inserting consent prompt code.

Abstract: Various technologies described herein pertain to automation of crowd-sourced polling. At least one query can be received. The at least one query includes a request. A poll can be automatically generated based upon the at least one query, where the poll corresponds to the request. The poll can be submitted to a crowdsourcing backend, where instances of the poll are administered on the crowdsourcing backend. Moreover, crowd-sourced responses to the instances of the poll can be retrieved from the crowdsourcing backend. The crowd-sourced responses to the instances of the poll can respectively include crowd-sourced responses to the request. The crowd-sourced responses to the request can be converted to a random variable. An operation can be performed upon the random variable. The operation can include one or more of a statistical analysis (e.g., hypothesis testing), bias correction, an arithmetic operation, expected value computation, standard deviation computation, etc.

Abstract: Various embodiments are disclosed that relate to the automated identification of one or more computer program functions for potentially placing on a remote computing device in a split-computational computing environment. For example, one disclosed embodiment provides, on a computing device, a method of determining a factorable portion of code to locate remotely from other portions of the code of a program to hinder unauthorized use and/or distribution of the program. The method includes, on a computing device, receiving an input of a representation of the code of the program, performing analysis on the representation of the code, the analysis comprising one or more of static analysis and dynamic analysis, and based upon the analysis of the code, outputting a list of one or more functions determined from the analysis to be candidates for locating remotely.

Abstract: The subject disclosure is directed towards automated, static analysis-based program code processing that detects unprotected resource accesses by applications, that is, those that do not provide proper opt-in consent dialogs (prompts). In one aspect, consent prompt code is automatically inserted into the program code to protect such unprotected access points. Also described are program representation graph construction and processing, a dominator node-based approach to determine placement points for inserting consent prompt code, and a backward search-based approach for inserting consent prompt code.

Abstract: The subject disclosure is directed towards crowd-based approach to boosting the correctness of a computer program. Results from candidate programs obtained from a first crowd and which may be blended with one another into synthesized programs are sent to a second crowd for evaluation. Based upon the results, a training set evolves and programs are filtered based upon fitness. The process of blending and fitness evaluation with an evolved training set may be iteratively repeated to find a most fit program.

Abstract: Generation of a dependency graph for code that includes code portions such as resources or functions or both. For some or all of the nodes, the dependency is calculated by determining that the given node, a depending node, depends on an affecting node. The dependency is recorded so as to be associated with the node. Furthermore, the dependency calculation method is recorded so as to be associated with the dependency. The code may perhaps include portions within two different domains, in which the mechanism for calculating dependencies may differ. In some cases, the dependency graph may be constructed in stages, and perhaps additional properties may be associated with the node, and metadata of the properties may also be recorded.

Abstract: An “AR Privacy API” provides an API that allows applications and web browsers to use various content rendering abstractions to protect user privacy in a wide range of web-based immersive augmented reality (AR) scenarios. The AR Privacy API extends the traditional concept of “web pages” to immersive “web rooms” wherein any desired combination of existing or new 2D and 3D content is rendered within a user's room or other space. Advantageously, the AR Privacy API and associated rendering abstractions are useable by a wide variety of applications and web content for enhancing the user's room or other space with web-based immersive AR content. Further, the AR Privacy API is implemented using any existing or new web page coding platform, including, but not limited to HTML, XML, CSS, JavaScript, etc., thereby enabling existing web content and coding techniques to be smoothly integrated into a wide range of web room AR scenarios.

Abstract: Techniques for execution of multiple execution paths are described. In one or more embodiments, an execution of a portion of executable code is conditioned upon a particular environment-specific value. For example, the execution of the executable code can cause one type of output if the value of the variable equals a particular value, and can cause a different type of output if the value of the variable equals a different value. Techniques discussed herein can enable the executable code to be executed such that multiple outputs are produced, e.g., by executing the code according to the different values for the variable. In implementations, the multiple outputs can be analyzed for various attributes, such as presence of malware, implementation and coding errors, and so on.

Abstract: An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths.

Abstract: Functionality is described herein by which plural environment-sensing applications capture information from an environment in a fine-grained and least-privileged manner. By doing so, the functionality reduces the risk that private information that appears within the environment will be released to unauthorized parties. Among other aspects, the functionality provides an error correction mechanism for reducing the incidence of false positives in the detection of objects, an offloading technique for delegating computationally intensive recognition tasks to a remote computing framework, and a visualization module by which a user may inspect the access rights to be granted (or already granted) to each application.

Abstract: An environment is described which enables the generation, analysis, and use of secure browser extensions. Each browser extension includes an extension body and a policy expressed in a logic-based specification language. The policy specifies the access control and dataflow privileges associated with the extension body in a fine-grained manner by leveraging the structure and content of resources that are accessible to the browser extension. A suite of analysis tools for testing the safety of the browser extension includes a visualization module identifies features of a resource that are accessible to the policy. A static analysis module uses a static analysis technique to determine whether the extension body satisfies the policy. The environment also includes a conversion module for converting the browser extension, once deemed safe, into a form for use by a particular type of browser. The browser can execute that extension without performing runtime safety checks.

Abstract: The subject disclosure is directed towards automated, static analysis-based program code processing that detects unprotected resource accesses by applications, that is, those that do not provide proper opt-in consent dialogs (prompts). In one aspect, consent prompt code is automatically inserted into the program code to protect such unprotected access points. Also described are program representation graph construction and processing, a dominator node-based approach to determine placement points for inserting consent prompt code, and a backward search-based approach for inserting consent prompt code.

Abstract: An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path.

Abstract: An exemplary method includes providing an application that includes client-side code and server-side code, instrumenting the client-side code and the server-side code to generate timestamps, distributing the instrumented client-side code and the instrumented server-side code and monitoring timestamps generated during execution of the application. In such a method, where timestamps generated by the client-side code and timestamps generated by the server-side code occur along a common timeline, a developer can monitor performance of the distributed application. Other exemplary methods, systems, etc., are also disclosed.