Abstract: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

Abstract: The subject disclosure relates to systems and methods that secure anti-virus software through virtualization. Anti-virus systems can be maintained separate from user applications and operating system through virtualization. The user applications and operating system run in a guest virtual machine while anti-virus systems are isolated in a secure virtual machine. The virtual machines are partially interdependent such that the anti-virus systems can monitor user applications and operating systems while the anti-virus systems remain free from possible malicious attack originating from a user environment. Further, the anti-virus system is secured against zero-day attacks so that detection and recovery may occur post zero-day.

Abstract: A principal operating system based-browser controls access to resources. The resources are represented semantically in a resource object model. A browser kernel of the browser mediates resources access calls from principals. In some implementations the principals are web entities and the resources are peripheral devices. The resource object model separates device semantics from physical device access. Resource access control policies are maintained by the browser kernel and separated from device access mechanisms.

Abstract: A web browser operating system using a browser kernel places principals having different origins in separate principal instances, where each separate principal instance executes in a separate protection domain. Principal origin may be determined using the combination of protocol, domain name, and port. The browser kernel mediates communications between principal instances, and between the principal instances and the operating system. Within each principal instance, a browser runtime executes as a restricted operating system process (ROSP), while any plugins are executed as a separate ROSP. Renderings from each browser runtime are combined by the browser kernel for presentation to a user.

Abstract: An exemplary computer-implementable method (300) transforms information to reduce or eliminate risk of exploitation of a software service and includes receiving information (304) in response to a request, transforming the information (308) to produce transformed information and sending the transformed information (312). An exemplary firewall server (112) includes server software (144, 148) that allows the firewall server (112) to receive information from a resource (104, 108) via a network and to send information to a client computer (114) and a browser protection component (264, 268) for transforming the information to prevent exploitation of a vulnerability of browser software (154) on the client computer (114). Various other exemplary methods, devices, systems, etc., are also disclosed.

Abstract: An exemplary computer-implementable method (300) transforms or “immunizes” information to reduce or eliminate risk of exploitation of a known vulnerabilty of a software service and includes receiving information (304) in response to a request, transforming the information (308) to produce transformed information and sending the transformed information (312). An exemplary firewall server (112) includes server software (144, 148) that allows the firewall server (112) to receive information from a resource (104, 108) via a network and to send information to a client computer (114) and an immunization component (264, 268) for immunizing the information to prevent exploitation of a vulnerabilty of browser software (154) on the client computer (114). Various other exemplary methods, devices, systems, etc., are also disclosed.

Abstract: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

Abstract: To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.

Abstract: Computer-executable instructions comprising some or all of a program can be delivered to a client for execution on a real-time basis such that the client receives anew the computer-executable instructions for each new execution of the program. Such an environment enables instrumentation instructions to be inserted into the computer-executable instructions after a request and prior to the delivery of the computer-executable instructions. The inserted instrumentation instructions can be spread across multiple deliveries of the same computer-executable instructions, and they can be modified to account for information received from previously inserted instrumentation instructions. The instrumentation instructions can be inserted as part of the server process, the client process, or as part of a proxy server that can be used at the discretion of the program developer.

Abstract: A virtual data center allocation architecture with bandwidth guarantees that provides for the creation of multiple virtual data centers from a single physical infrastructure. The virtual data center allocation is accomplished in three steps. First, clusters are created from the servers in the physical infrastructure. Second, a bipartite graph is built to map the virtual machines to the servers located in a particular cluster and finally a path is calculated between two virtual machines. The virtual data centers may be dynamically expanded or contracted based on changing bandwidth guarantees.

Abstract: Techniques are described herein that are capable of providing security guarantees in security service level agreements (SLAB). For instance, a security SLA may specify a level of service to be provided to a user with respect to at least one security property (e.g., confidentiality, integrity, write-serialization, read freshness, etc.). Attestations may be used to prove occurrence (or non-occurrence) of violations of security properties in a manner that is universally verifiable, e.g., by third parties. An attestation is an indicator that is generated by a user to certify that the user makes a request (e.g., get request or put request) or an indicator that is generated by a cloud service provider to certify that the cloud service provider accurately fulfills a request of a user. A security SLA may specify a payment to be made to a user in response to an occurrence of a violation of a security property.

Abstract: A generic application-level protocol analyzer (GAPA) is adaptable to model an application and its response to messages in different protocols, including multiple, layered protocols in a network context. One mode of a GAPA includes an analysis engine having a plurality of objects adaptable to model an application and its response to messages. The objects may include a session dispatching object, a state machine object, a message parsing object, a protocol layering object, and a handler object. The analysis engine may be used to evaluate real-time network streams or to evaluate recorded network traces. The GAPA is adapted to specific applications using a generic application-level protocol analyzer engine language (GAPAL). The GAPAL uses a high-level syntax similar to those in existing protocol specification descriptions. The GAPAL supports binary and text-based protocols. Using the GAPAL, objects are described without writing low-level code to model specific objects or specify message formats.

Abstract: A method and system for retrieving data from devices in a way that seeks to preserve privacy and ensure the integrity of the retrieved data is provided. A retrieval system is implemented on a network of devices that communicate with each other via a secure communications link. Each device is directly connected to one or more “friend” devices that it trusts. The retrieval system operates by forwarding a request for data from one friend device to another friend device. Each friend device may optionally add data to the request until all the requested data is added. The request with the retrieved data is returned to the device that initiated the request.

Abstract: A principal operating system based-browser controls access to resources. The resources are represented semantically in a resource object model. A browser kernel of the browser mediates resources access calls from principals. In some implementations the principals are web entities and the resources are peripheral devices. The resource object model separates device semantics from physical device access. Resource access control policies are maintained by the browser kernel and separated from device access mechanisms.

Abstract: Techniques for providing resource sharing in a multi-principal browser are described. Resource sharing includes managing a resource for web entity by determining how to divide the resource to share among two or more web entities based at least in part on a Document Object Model (DOM)-recursive resource allocation policy or an application-specified resource allocation policy. A web entity includes a principal instance contending for the resource. The process identifies resource allocation mechanisms from each resource type based at least in part on the DOM-recursive sharing policy or the application-specified resource allocation policy along with the resource type.

Abstract: A method and system for identifying a configuration parameter of a “sick” computer system that is at fault for causing an undesired behavior based on analysis of configuration parameters from other computer systems is provided. In one embodiment, a troubleshooting system collects “suspect” values for “suspect” configuration parameters used by a “sick” application when the undesired behavior was exhibited by the sick computer system. The troubleshooting system then compares the suspect values to sample values of the suspect configuration parameters retrieved from sample computer systems. The troubleshooting system uses that comparison to identify one or more suspect configuration parameters that are likely at fault for causing the application to exhibit the undesired behavior.

Abstract: A method and system for collecting data from devices using a homomorphic encryption of the data is provided. A collection system of a device adds contributions to homomorphically encrypted data and forwards the requests to another device. When the device receives a reply to the request, it uncombines its contribution to the homomorphic encryption of the data. The device then forwards the reply to the previous device. The initiator device ultimately removes its contribution to the encryption and identifies the data.

Abstract: A web browser operating system using a browser kernel places principals having different origins in separate principal instances, where each separate principal instance executes in a separate protection domain. Principal origin may be determined using the combination of protocol, domain name, and port. The browser kernel mediates communications between principal instances, and between the principal instances and the operating system. Within each principal instance, a browser runtime executes as a restricted operating system process (ROSP), while any plugins are executed as a separate ROSP. Renderings from each browser runtime are combined by the browser kernel for presentation to a user.

Abstract: A system for automatic inference of message formats from network packets is described. Each network message from a set of network messages is split into one or more tokens based on the types of bytes in the network messages. The set of network messages can then be classified into clusters based on token patterns. The network messages in each cluster can then be further sub-clustered recursively based on the message formats. Further, the messages with a similar message format across the sub-clusters can be merged into a cluster. The set of formatted clusters thus obtained correspond to a set of message formats that can be used further for protocol reverse engineering.

Abstract: A method and system for aggregating configuration information from friend devices is provided. The aggregation system attempts to foil attacks on the privacy of data contributed to a request by aggregating data from a cluster of friend devices in such a way that it is difficult for a device in the cluster and an attacking device outside the cluster to determine the contribution of an individual device to the data. The aggregation system of an initiator device may also determine the cardinality of a parameter so that the corresponding parameter vector can have a size large enough to support the number of possible values. The aggregation system determines the cardinality by counting nonzero hash values of the actual values that are provided by the devices.