Abstract: Methods, systems, apparatuses, and computer program products are provided for secure handling of queries by a data server and a database application. A parameterized query is received from a client. Table column metadata is loaded for one or more table columns referenced by the parameterized query. Datatypes of expressions in the parameterized query are derived with any parameters and variables of the parameterized query indicated as having unknown datatypes. Unsupported datatype conversions in the parameterized query are determined. An encryption scheme is inferred for any parameters and variables to generate an inferred encryption scheme set. The datatypes of expressions in the parameterized query are re-derived with any parameters and variables having their inferred encryption schemes. Encryption key metadata corresponding to the inferred encryption scheme set is loaded. An encryption configuration is transmitted to the client that includes the inferred encryption scheme for any parameters and variables.

Abstract: A method of manual memory management is described. In response to detecting an access violation triggered by the use of an invalid reference to an object in a manual heap, a source of the access in a register or stack is identified. An updated reference for the object using stored mapping data is determined and used to replace the invalid reference in the source.

Abstract: A method of manual memory management is described which comprises enabling one or more threads to access an object created in a manual heap by storing a reference to the object in thread-local state and subsequently deleting the stored reference after accessing the object. In response to abandonment of the object, an identifier for the object and a current value of either a local counter of a thread or a global counter are stored in a delete queue and all threads are prevented from storing any further references to the object in thread-local state. Deallocation of the object only occurs when all references to the object stored in thread-local state for any threads have been deleted and a current value of the local counter for the thread or the global counter has incremented to a value that is at least a pre-defined amount more than the stored value, wherein the global counter is updated using one or more local counters.

Abstract: Methods, systems, apparatuses, and computer program products are provided for secure handling of queries by a data server (DS) and a database application (DA). A parameterized query is received by the DS from the DA based on a user query received from a requestor. The DS analyzes the parameterized query to attempt to determine an encryption configuration for a transformed version of the user query capable of being evaluated by the DS on encrypted data values. The DS responds to the DA with either a failure to determine the encryption configuration, or by providing the determined encryption configuration to the DA. The DA generates the transformed version of the user query, and provides the transformed version to the DS. The DS evaluates the transformed version of the user query, and provides results to the DA. The DA decrypts the results, and provides the decrypted results to the requestor.

Abstract: Systems, methods and computer program products are described that analyze the code of an application and, based on the analysis, identify whether data elements (e.g., columns) referenced by the code can be encrypted, and for those data elements that can be encrypted, recommend an encryption scheme. The recommended encryption scheme for a given data element may be the highest level of encryption that can be applied thereto without affecting the semantics of the application code. The output generated based on the analysis may not only include a mapping of each data element to a recommended encryption scheme, but may also include an explanation of why each recommendation was made for each data element. Such explanation may include, for example, an identification of the application code that gave rise to the recommendation for each data element.

Abstract: A multi-party privacy-preserving machine learning system is described which has a trusted execution environment comprising at least one protected memory region. An code loader at the system loads machine learning code, received from at least one of the parties, into the protected memory region. A data uploader uploads confidential data, received from at least one of the parties, to the protected memory region. The trusted execution environment executes the machine learning code using at least one data-oblivious procedure to process the confidential data and returns the result to at least one of the parties, where a data-oblivious procedure is a process where any patterns of memory accesses, patterns of disk accesses and patterns of network accesses are such that the confidential data cannot be predicted from the patterns.

Abstract: Methods, systems, apparatuses, and computer program products are provided for secure handling of queries by a data server and a database application. A parameterized query is received from a client. Table column metadata is loaded for one or more table columns referenced by the parameterized query. Datatypes of expressions in the parameterized query are derived with any parameters and variables of the parameterized query indicated as having unknown datatypes. Unsupported datatype conversions in the parameterized query are determined. An encryption scheme is inferred for any parameters and variables to generate an inferred encryption scheme set. The datatypes of expressions in the parameterized query are re-derived with any parameters and variables having their inferred encryption schemes. Encryption key metadata corresponding to the inferred encryption scheme set is loaded. An encryption configuration is transmitted to the client that includes the inferred encryption scheme for any parameters and variables.

Abstract: Techniques to secure computation data in a computing environment from untrusted code. These techniques involve an isolated environment within the computing environment and an application programming interface (API) component to execute a key exchange protocol that ensures data integrity and data confidentiality for data communicated out of the isolated environment. The isolated environment includes an isolated memory region to store a code package. The key exchange protocol further involves a verification process for the code package stored in the isolated environment to determine whether the one or more exchanged encryption keys have been compromised. If the signature successfully authenticates the one or more keys, a secure communication channel is established to the isolated environment and access to the code package's functionality is enabled. Other embodiments are described and claimed.

Abstract: Methods, systems, apparatuses, and computer program products are provided for processing queries. A data server includes a query processor configured to receive a query from a database application, which was received by the database application from a requestor. The query is directed to data stored at the data server. The query processor includes a deferred evaluation determiner and deferred expression determiner. The deferred evaluation determiner is configured to analyze the query, and to designate the query for deferred evaluation by the database application if a predetermined factor is met, such as the query including an operation on encrypted data that is not supported at the data server. The deferred expression determiner is configured to determine expression evaluation information for evaluating at least a portion of the query at the database application. The query processor provides the encrypted data and the expression evaluation information to the database application for evaluation.

Abstract: Methods, systems, apparatuses, and computer program products are provided for secure handling of queries by a data server (DS) and a database application (DA). A parameterized query is received by the DS from the DA based on a user query received from a requestor. The DS analyzes the parameterized query to attempt to determine an encryption configuration for a transformed version of the user query capable of being evaluated by the DS on encrypted data values. The DS responds to the DA with either a failure to determine the encryption configuration, or by providing the determined encryption configuration to the DA. The DA generates the transformed version of the user query, and provides the transformed version to the DS. The DS evaluates the transformed version of the user query, and provides results to the DA. The DA decrypts the results, and provides the decrypted results to the requestor.

Abstract: Systems, methods and computer program products are described that analyze the code of an application and, based on the analysis, identify whether data elements (e.g., columns) referenced by the code can be encrypted, and for those data elements that can be encrypted, recommend an encryption scheme. The recommended encryption scheme for a given data element may be the highest level of encryption that can be applied thereto without affecting the semantics of the application code. The output generated based on the analysis may not only include a mapping of each data element to a recommended encryption scheme, but may also include an explanation of why each recommendation was made for each data element. Such explanation may include, for example, an identification of the application code that gave rise to the recommendation for each data element.

Abstract: The claimed subject matter provides a method for executing molecular transactions on a distributed platform. The method includes generating a first unique identifier for executing a molecular transaction. The molecular transaction includes a first atomic action. The method further includes persisting a first work list record. The first work list record includes the first unique identifier and a step number for the first atomic action. Additionally, the method includes retrieving, by a first worker process of a runtime, the first work list record. The method also includes executing, by the first worker process, the first atomic action in response to determining that a first successful completion record for the first atomic action does not exist. Further, the method includes persisting, by the first worker process, the first successful completion record for the first atomic action in response to a successful execution of the first atomic action.

Abstract: An event is described herein as being representable by a quantified abstraction of the event. The event includes at least one predicate, and the at least one predicate has at least one constant symbol corresponding thereto. An instance of the constant symbol corresponding to the event is identified, and the instance of the constant symbol is replaced by a free variable to obtain an abstracted predicate. Thus, a quantified abstraction of the event is composed as a pair: the abstracted predicate and a mapping between the free variable and an instance of the constant symbol that corresponds to the predicate. A data mining algorithm is executed over abstracted, quantified events to ascertain a correlation between the event and another event.

Abstract: This paper describes preferential path profiling, which enables profiling a specified subset of all possible program paths with very low overhead. Preferential path profiling compactly identifies paths of interest using an array. More specifically, PPP assigns a unique and compact path index identifier to all interesting paths that can be used to index into a path array. The path array contains a second path value identifier that is used to distinguish interesting paths from other program paths This path numbering allows the implementation of preferential path profiling to use array-based counters instead of hash table-based counters for identifying paths of interest and gathering path profiles, which significantly reduces execution time and computational resource overhead during profiling.

Abstract: The method executes the application and if there are no errors from the execution of the application, the method ends. If errors exist, the errors are collected from the execution of the application in an error report. Labeled application paths are created by adding a unique label to individual application paths where the application paths are individual loops and individual functions in the application. An analysis is created of the labeled application paths by executing the application with the labeled paths, reviewing the error report for data related to the labels and if an error is sufficiently related to application paths with labels, storing the path that created the errors in a report. If an error is not sufficient related to the application path with labels, the method is repeated by the creating the analysis again by substituting additional application paths for the application paths.

Abstract: Locks are used to protect variables. All variables protected by a lock are allocated on a page associated with a lock. When a thread (called the owner) acquires the lock, a local copy of the memory page containing the variable is created, the original memory page is protected, and all access of the variable in the owner thread is directed to the local copy. Upon releasing the lock, the changes from the local copy are carried over to the memory page and the memory page is unprotected. Any concurrent access of the variable by non-owner threads triggers an exception handler (due to the protection mechanism) and delays such an access until after the owner thread has finished accessing the variable.

Abstract: An event is described herein as being representable by a quantified abstraction of the event. The event includes at least one predicate, and the at least one predicate has at least one constant symbol corresponding thereto. An instance of the constant symbol corresponding to the event is identified, and the instance of the constant symbol is replaced by a free variable to obtain an abstracted predicate. Thus, a quantified abstraction of the event is composed as a pair: the abstracted predicate and a mapping between the free variable and an instance of the constant symbol that corresponds to the predicate. A data mining algorithm is executed over abstracted, quantified events to ascertain a correlation between the event and another event.

Abstract: The described technology provides data structure path profiling. An instrumented version of a program is created that calls a profiler runtime when pointer based data structures are allocated or accessed via pointers. A model of the heap is created and nodes in the model data structures are assigned unique identifiers. Paths traversed through the model data structures are assigned unique identifiers. The paths are counted in order to identify paths through the data structure model that are traversed frequently. The model is useful for providing information about high frequency data paths to the program developer and for various optimization purposes, such as prefetching and or increasing data locality during garbage collection.

Abstract: A stable program, a new program version and a test case which passes (or fails) in the first program may be analyzed. Another new input may be found that either exhibits the similar (different) behavior as that of the test case in the first program (or second program) or follows different (similar) behavior as that of the test case in the new program version. In the first case, the trace of the test case and the new input in the second code version while in the second case, the trace of the test case and the new input in the original program are compared to produce a bug report. By reviewing the bug reports, divergences may be found and error causing code lines may be isolated.

Abstract: The claimed subject matter provides a system and/or a method that facilitates ensuring non-interference between multiple threads that access a shared resource. An interface can receive a portion of sequential code, wherein the portion of sequential code includes a property that is maintained and relied upon when invoked and executed by a sequential client. A synthesizer component can leverage a sequential proof related to the portion of sequential code in order to derive a concurrency control mechanism for a portion of concurrency code that maintains the property when invoked by a concurrent client, wherein the sequential proof identifies a concurrent interference at an execution point that is tolerable for the concurrent client.