Abstract: A method includes receiving multiple security framework requirements, mapping the security framework requirements to a predicate, mapping the predicate to a system-specific implementation, evaluating, using a runtime system, the target system by analyzing a multitude of build files using the system-specific implementation, and presenting a report indicating whether the security framework requirements are satisfied.

Abstract: A method for detecting a security vulnerability in code may include obtaining (i) a permitted information flow graph for a permitted query and (ii) a target information flow graph for a target query in the code, determining, by traversing the permitted information flow graph, a permitted information flow including permitted disclosed columns, permitted accessed columns, and a permitted predicate, determining, by traversing the target information flow graph, a target information flow including target disclosed columns, target accessed columns, and a target predicate, comparing the permitted information flow and the target information flow to obtain a comparison result, and determining, based on the comparison result, that the target query includes the security vulnerability.

Abstract: A method may include detecting a first sub-flow, by executing a local defect analysis on code starting at a sink instruction, to a load instruction performing reading a first value using a first variable. The first sub-flow may include a first label of a first defect. The method may further include detecting a second sub-flow, by executing the local defect analysis on the code starting at a store instruction, to a load instruction performing writing a second value using a second variable. The second sub-flow may include a second label of a second defect. The method may further include determining that the first variable and the second variable are potential aliases by determining that the first label matches the second label, and obtaining, based on determining that the first variable and the second variable are potential aliases, a nonlocal flow by connecting the first sub-flow and the second sub-flow.

Abstract: A method for generating a query filter list includes obtaining set of training queries, each training query comprising a predicate and one or more accessed columns returned from evaluating the predicate, and transforming the set of training queries into a structure. The structure relates, for an accessed column and a training query, the predicate and a correlation value to the accessed column. The method further includes normalizing the structure into a normalized structure. The normalized structure grouping entries in the structure according to accessed column. The method further includes generating a generalized query from the normalized structure, and adding the generalized query to the query filter list.

Abstract: A method may include determining that a source variable receives a source value from a source function, determining that a source statement writes, using the source variable, the source value to a column in a table, and obtaining, for a first sink statement, a first set of influenced variables influenced by the source variable. The method may further include obtaining, for a second sink statement, a second set of influenced variables influenced by the first set of influenced variables, and adding nodes to a trace graph. The method may further include determining that the first sink statement reads the source value into a sink variable including an identifier of the column, generating a modified set of influenced variables by adding the sink variable to the set of influenced variables, and reporting a defect at the first sink statement, and a defect trace using the trace graph.

Abstract: A method may including obtaining, for an application, an application dependency including called components, and obtaining, using the called components, a component compatibility graph including a set of nodes and a set of edges each connecting a pair of nodes in the set of nodes. The pair of nodes may include a calling node and a called node. Each node may correspond to a component. The method may further include generating, from the component compatibility graph, a set of constraints including a set of edge variables corresponding to the set of edges, selecting, using the set of constraints, an edge subset of the set of edges, and recommending, for the application, an upgrade solution including installing a called component corresponding to a called node connected by an edge in the edge subset.

Abstract: A method for detecting a security vulnerability in code may include obtaining (i) a permitted information flow graph for a permitted query and (ii) a target information flow graph for a target query in the code, determining, by traversing the permitted information flow graph, a permitted information flow including permitted disclosed columns, permitted accessed columns, and a permitted predicate, determining, by traversing the target information flow graph, a target information flow including target disclosed columns, target accessed columns, and a target predicate, comparing the permitted information flow and the target information flow to obtain a comparison result, and determining, based on the comparison result, that the target query includes the security vulnerability.

Abstract: A method may including obtaining, for an application, an application dependency including called components, and obtaining, using the called components, a component compatibility graph including a set of nodes and a set of edges each connecting a pair of nodes in the set of nodes. The pair of nodes may include a calling node and a called node. Each node may correspond to a component. The method may further include generating, from the component compatibility graph, a set of constraints including a set of edge variables corresponding to the set of edges, selecting, using the set of constraints, an edge subset of the set of edges, and recommending, for the application, an upgrade solution including installing a called component corresponding to a called node connected by an edge in the edge subset.

Abstract: A method may include detecting a first sub-flow, by executing a local defect analysis on code starting at a sink instruction, to a load instruction performing reading a first value using a first variable. The first sub-flow may include a first label of a first defect. The method may further include detecting a second sub-flow, by executing the local defect analysis on the code starting at a store instruction, to a load instruction performing writing a second value using a second variable. The second sub-flow may include a second label of a second defect. The method may further include determining that the first variable and the second variable are potential aliases by determining that the first label matches the second label, and obtaining, based on determining that the first variable and the second variable are potential aliases, a nonlocal flow by connecting the first sub-flow and the second sub-flow.

Abstract: A method for analyzing software with pointer analysis may include obtaining a software program, and determining a first independent program slice of the software program describing a first code segment of the software program. The method may further include determining, using a first pointer analysis objective, a first result from performing a first pointer analysis on the first independent program slice, and determining, using the first result, a first dependent program slice of the software program. The method may further include determining, using a second pointer analysis objective, a second result from performing a second pointer analysis on the first dependent program slice. The method may further include generating a report, using these results, indicating whether the software program satisfies a predetermined criterion.

Abstract: A method for detecting a defect may include extracting, from application code and using a framework support specification corresponding to a framework, a framework interaction between the application code and the framework. The framework interaction specifies an object used by the application code and managed by the framework. The method may further include performing, using the framework interaction, a dynamic analysis of the application code to obtain a heap snapshot, performing, using the heap snapshot and the framework interaction, a static analysis of the application code, and detecting, by the static analysis, the defect.

Abstract: A method for detecting malicious code may include generating, from deserialization examples, a finite automaton including states. The states may include labeled states corresponding to the deserialization examples. A state may correspond to a path from a start state to the state. The method may further include while traversing the states, generating a state mapping including, for the state, a tracked subset of the states, determining that the path corresponds to a path type, inferring, using the path type and the state mapping, a regular expression for the state, and determining, for a new deserialization example and using the regular expression, a polarity indicating whether it is safe to deserialize the new deserialization example.

Abstract: In a secure multi-party computation (sMPC) system, a super mask is constructed using a set of masks corresponding to a set of data contributors. Each data contributor uses a corresponding different mask to obfuscate the data of the data contributor. a first scaled masked data is formed by applying a first scale factor to first masked data of the first data contributor, the scale factor being computed specifically for the first data contributor from the super mask. A union is constructed of all scaled masked data from all data contributors, including the first scaled masked data. A machine learning (ML) model is trained using the union as training data, where the union continues to keep obfuscated the differently masked data from the different data contributors. The training produces a trained ML model usable in the sMPC with the set of data contributors.

Abstract: A source host device masks the hardware address of a hosted container from a network device to mitigate the use of resources in the network device. A virtual switch on the source host receives a frame from a hosted container. The frame includes a source hardware address of the hardware address corresponding to the hosted container. The frame also includes a source network address of the network address corresponding to the hosted container. The virtual switch replaces the source hardware address of the frame with the hardware address associated with the source host, and send the frame to the network device. The frame sent to the network device includes the host hardware address as the source hardware address and the container network address as the source network address.

Abstract: Textual masking for multiparty computation is provided. The method comprises receiving masked input data from a number of contributors, wherein the input data from each contributor has a unique contributor mask value. A unique analyst mask factor is received for each contributor, computed by an analyst as a difference between a uniform analyst mask value and the contributor mask value. An API call is received from the analyst to aggregate the input data from the contributors. The respective analyst mask factors are added to the input data from the contributors, and the data is aggregated and shuffled. Computational results received from the analyst based on the aggregated input data are published. In response to API calls from the contributors, the analyst mask factors are removed from the computational results, wherein computational results received by each contributor are masked only by the respective contributor mask value.

Abstract: A method may include determining that a source variable receives a source value from a source function, determining that a source statement writes, using the source variable, the source value to a column in a table, and obtaining, for a first sink statement, a first set of influenced variables influenced by the source variable. The method may further include obtaining, for a second sink statement, a second set of influenced variables influenced by the first set of influenced variables, and adding nodes to a trace graph. The method may further include determining that the first sink statement reads the source value into a sink variable including an identifier of the column, generating a modified set of influenced variables by adding the sink variable to the set of influenced variables, and reporting a defect at the first sink statement, and a defect trace using the trace graph.

Abstract: A method may include generating, by performing a full analysis of code and for each component of the code, summaries including: (i) a forward summary including a forward flow and (ii) a backward summary including a backward flow, obtaining a modification to a modified component, determining that one of the summaries for the modified component is invalid, and in response to determining that a summary for the modified component is invalid: obtaining the forward flow from the forward summary of the modified component, obtaining the backward flow from the backward summary of the modified component, generating a local flow by performing an incremental analysis of the modified component using the forward flow of the modified component and the backward flow of the modified component, and detecting a defect in the code using the forward flow of the modified component, the local flow, and the backward flow of the modified component.

Abstract: A method may include determining that a source variable in code receives a source value from a source function specified by a target analysis, determining that a source statement in the code writes, using the source variable, the source value to a column in a table, obtaining, for a sink statement in the code, a set of influenced variables influenced by the source variable, determining that the sink statement reads the source value into a sink variable including an identifier of the column, generating a modified set of influenced variables by adding the sink variable to the set of influenced variables, and reporting a defect at the sink statement.

Abstract: A method may include receiving a network schema including switches, links connecting the switches, and a topology that maps the switches to the links. The switches may include ports. The method may further include receiving a software defined networking (SDN) policy including a function that modifies a state of a packet entering a switch, converting the topology to a graph including nodes corresponding to the switches, while searching the graph, determining, according to the function, whether a port of a switch corresponding to a node is reachable by the packet entering the switch, and in response to searching the graph, verifying a property of the SDN policy.

Abstract: A source host device masks the hardware address of a hosted container from a network device to mitigate the use of resources in the network device. A virtual switch on the source host receives a frame from a hosted container. The frame includes a source hardware address of the hardware address corresponding to the hosted container. The frame also includes a source network address of the network address corresponding to the hosted container. The virtual switch replaces the source hardware address of the frame with the hardware address associated with the source host, and send the frame to the network device. The frame sent to the network device includes the host hardware address as the source hardware address and the container network address as the source network address.