Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.

Abstract: Data may be encrypted using a derived block encryption key for each of at least one append blocks of data. A data operation associated with manipulating particular data associated with a user may be received. The particular data may comprise at least one append block of data. In response to the received data operation, for each append block of data of the at least one append block of data, parameters associated with deriving a block encryption key for a given append block of data of the at least one append block of data may be accessed. The parameters may comprise at least a data encryption key associated with the user and a nonce. A block encryption key may be derived for the given append block of data utilizing the parameters. The given append block of data may be encrypted utilizing the block encryption key.

Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope.

Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.

Abstract: Data may be encrypted using a derived block encryption key for each of at least one append blocks of data. A data operation associated with manipulating particular data associated with a user may be received. The particular data may comprise at least one append block of data. In response to the received data operation, for each append block of data of the at least one append block of data, parameters associated with deriving a block encryption key for a given append block of data of the at least one append block of data may be accessed. The parameters may comprise at least a data encryption key associated with the user and a nonce. A block encryption key may be derived for the given append block of data utilizing the parameters. The given append block of data may be encrypted utilizing the block encryption key.

Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.

Abstract: A platform that facilitates software application development, maintenance, and support includes a storage component that receives structured and unstructured data pertaining to at least one application subject to development, maintenance, or support and causes the structured and unstructured data to be stored in a distributed fashion over a plurality of accessible data repositories. The storage component causes the structured and unstructured data to be stored in the data repositories such that the structured and unstructured data is accessible through utilization of a common access format. An executor component executes an analytical process over the structured and unstructured data and generates a first dataset, wherein the storage component causes the first dataset to be stored in at least one of the plurality of accessible data repositories in a format that is accessible by front end analysis applications.

Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.

Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between the principals and the resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.

Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.

Abstract: Techniques for manipulation of user experience state are described. A user experience can include various types of content that a user may consume, such as video content, images, audio content, text documents, and so on. Further, a “composition” can be created using various combinations of user experiences, such as still images inset to video content, a navigable map presented with images of geographical locations associated with the map, and so on. In implementations, techniques enable user experiences included as part of a composition to interact such that behaviors associated with one user experience can affect another user experience, and vice-versa.

Abstract: Techniques for propagating user experience state information are described. A user experience can include various types of content that a user may consume, such as video content, images, audio content, text documents, and so on. Further, a “composition” can be created using various combinations of user experiences, such as still images inset to video content, a navigable map presented with images of geographical locations associated with the map, and so on. In implementations, techniques enable user experiences included as part of a composition to interact such that behaviors associated with one user experience can affect another user experience, and vice-versa.

Abstract: Technologies pertaining to top-down interprocedural analysis of a computer program are described herein. A query is received for processing over a root procedure in the computer program. Responsive to the query being received, the root procedure is explored, and calls to sub-procedures are located. Sub-queries are generated upon encountering the calls to the sub-procedures, and execution of the sub-queries is performed in parallel across multiple computing nodes.

Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.

Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between the principals and the resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.

Abstract: A quantified belief propagation (QBP) algorithm receives as input an existentially quantified boolean formula (QBF) of existentially quantified boolean variables, universally quantified variables, and boolean operators. A tripartite graph is constructed, and includes (i) there-exists nodes that correspond to and represent the existentially quantified variables, (ii) for-all nodes that correspond to and represent the universally quantified variables, and (iii) sub-formula nodes that correspond to and represent sub-formulas of the QBF. A set of boolean values of the existentially quantified variables is found by (i) passing a first message from an arbitrary sub-formula node to an arbitrary for-all node, and (ii) in response, passing a second message from the arbitrary for-all node to the arbitrary sub-formula node.

Abstract: A source code clarification system is described. In various embodiments, the source code clarification system receives clarified source code and transforms the clarified source code into standard source code or object code that implements asynchronous components. The standard software source code can contain expressions for enabling asynchronous communications. The clarified code can be software source code that is expressed in an imperative language and is capable of static analysis. The clarified source code can contain a coordination primitive that encapsulates interactions between asynchronous components. By using the coordination primitives and events, the clarified source code can express interactions between asynchronous components so that the clarified source code is easier for developers to understand and for static analysis tools to analyze.

Abstract: A platform that facilitates software application development, maintenance, and support includes a storage component that receives structured and unstructured data pertaining to at least one application subject to development, maintenance, or support and causes the structured and unstructured data to be stored in a distributed fashion over a plurality of accessible data repositories. The storage component causes the structured and unstructured data to be stored in the data repositories such that the structured and unstructured data is accessible through utilization of a common access format. An executor component executes an analytical process over the structured and unstructured data and generates a first dataset, wherein the storage component causes the first dataset to be stored in at least one of the plurality of accessible data repositories in a format that is accessible by front end analysis applications.

Abstract: A distributed software system of communicating software components can be tested for undesirable behavior. A specification of a component can be substituted in place of the component when testing a model of the distributed software system. Thus, the system can be checked to see if it exhibits undesirable behavior without having code for all components of the system. Also, a component can be checked to see if it is in conformance with its specification. If models built with respective components and substituted specifications indicate that the system does not exhibit undesirable behavior, and the components conform to their specifications, then a system assembled from the components will not exhibit the undesirable behavior. Thus, collaborative testing can be achieved, even if no one entity has access to code for the entire distributed system.

Abstract: Methods are discussed that enhance program analysis. One aspect of the invention includes a method for checking a model of a program. The method includes a control-flow graph having vertices from the model, applying a transfer function to each vertex to form a set of path edges, and analyzing the set of path edges of a vertex. The set of path edges includes valuations that are implicitly represented so as to inhibit an undesired explosion in the valuations that would hinder the act of analyzing.