Abstract: A method for detecting a security vulnerability in code may include obtaining (i) a permitted information flow graph for a permitted query and (ii) a target information flow graph for a target query in the code, determining, by traversing the permitted information flow graph, a permitted information flow including permitted disclosed columns, permitted accessed columns, and a permitted predicate, determining, by traversing the target information flow graph, a target information flow including target disclosed columns, target accessed columns, and a target predicate, comparing the permitted information flow and the target information flow to obtain a comparison result, and determining, based on the comparison result, that the target query includes the security vulnerability.

Abstract: A method for generating a query filter list includes obtaining set of training queries, each training query comprising a predicate and one or more accessed columns returned from evaluating the predicate, and transforming the set of training queries into a structure. The structure relates, for an accessed column and a training query, the predicate and a correlation value to the accessed column. The method further includes normalizing the structure into a normalized structure. The normalized structure grouping entries in the structure according to accessed column. The method further includes generating a generalized query from the normalized structure, and adding the generalized query to the query filter list.

Abstract: A method for detecting a security vulnerability in code may include obtaining (i) a permitted information flow graph for a permitted query and (ii) a target information flow graph for a target query in the code, determining, by traversing the permitted information flow graph, a permitted information flow including permitted disclosed columns, permitted accessed columns, and a permitted predicate, determining, by traversing the target information flow graph, a target information flow including target disclosed columns, target accessed columns, and a target predicate, comparing the permitted information flow and the target information flow to obtain a comparison result, and determining, based on the comparison result, that the target query includes the security vulnerability.

Abstract: A method for detecting malicious code may include generating, from deserialization examples, a finite automaton including states. The states may include labeled states corresponding to the deserialization examples. A state may correspond to a path from a start state to the state. The method may further include while traversing the states, generating a state mapping including, for the state, a tracked subset of the states, determining that the path corresponds to a path type, inferring, using the path type and the state mapping, a regular expression for the state, and determining, for a new deserialization example and using the regular expression, a polarity indicating whether it is safe to deserialize the new deserialization example.

Abstract: A method is provided that allows tracking boundaries of allocated memory blocks while still capturing byte-level properties. This is achieved with a particular shadow memory encoding scheme which captures boundaries and lengths of allocated memory blocks. Analyzing the shadow memory state allows detecting memory safety issues. In particular, for a memory location given by its address a, the proposed invention allows computing the following information: whether a has been allocated, whether a has been initialized, the start (base) address of the memory block a belongs to, the byte-length of the memory block a belongs to, the byte offset of a within its block. Such information allows for detection of specific memory safety issues at runtime.

Abstract: A computer-implemented method for encoding an application memory that a program, executed on a computer, has access to, using a shadow memory corresponding to the application memory, the method comprises: creating and initializing a shadow memory divided into segments, each segment in the application memory being mapped to a corresponding segment in the shadow memory, for each memory block in the application memory that the program allocates, encoding a corresponding shadow memory block, in the shadow memory, by: defining a meta segment preceding the first segment of the memory block in the application memory, and a corresponding shadow meta segment in the shadow memory block, writing in the shadow meta segment a first value indicative of the size of the memory block, writing, in each subsequent segment of the shadow memory block, a second value indicative of the offset between the segment and the first segment of the shadow memory block.

Abstract: A method is provided that allows tracking boundaries of allocated memory blocks while still capturing byte-level properties. This is achieved with a particular shadow memory encoding scheme which captures boundaries and lengths of allocated memory blocks. Analyzing the shadow memory state allows detecting memory safety issues. In particular, for a memory location given by its address a, the proposed invention allows computing the following information: whether a has been allocated, whether a has been initialized, the start (base) address of the memory block a belongs to, the byte-length of the memory block a belongs to, the byte offset of a within its block. Such information allows for detection of specific memory safety issues at runtime.

Abstract: A computer-implemented method for encoding an application memory that a program, executed on a computer, has access to, using a shadow memory corresponding to the application memory, the method comprises: creating and initializing a shadow memory divided into segments, each segment in the application memory being mapped to a corresponding segment in the shadow memory, for each memory block in the application memory that the program allocates, encoding a corresponding shadow memory block, in the shadow memory, by: defining a meta segment preceding the first segment of the memory block in the application memory, and a corresponding shadow meta segment in the shadow memory block, writing in the shadow meta segment a first value indicative of the size of the memory block, writing, in each subsequent segment of the shadow memory block, a second value indicative of the offset between the segment and the first segment of the shadow memory block.