Abstract: Herein is innovative control flow integrity (CFI) based on code generation techniques that instrument data protection for access control of subroutines invoked across module boundaries. This approach is counterintuitive because, even though code is stored separately from data, access control to the data is used to provide access control to the code. In an embodiment, an instrumentation computer generates, at the beginning of a subroutine that is implemented in machine instructions, a prologue that contains: a first instruction of the subroutine that indicates that the first instruction is a target of a control flow branch and a second instruction of the subroutine that verifies that a memory address is accessible. Generated in the machine instructions are instruction(s) that, when executed by a processor, cause the memory address to have limited accessibility. Some code generation may be performed at the start of runtime by a loader or a dynamic linker.

Abstract: A method may include generating, by a source isolate, an external object reference, passing, by the source isolate, the external object reference to a target isolate, storing, by the source isolate and in an exported reference table, an entry that maps the external object reference to an object stored in a heap of the source isolate, performing, by the target isolate, a task that accesses the object using the external object reference, receiving, by the source isolate and from a finalizer of the external object reference, a notification that the external object reference has become unreferenced, and in response to the notification, removing, by the source isolate, the entry from the exported reference table.

Abstract: Herein is innovative control flow integrity (CFI) based on code generation techniques that instrument data protection for access control of subroutines invoked across module boundaries. This approach is counterintuitive because, even though code is stored separately from data, access control to the data is used to provide access control to the code. In an embodiment, an instrumentation computer generates, at the beginning of a subroutine that is implemented in machine instructions, a prologue that contains: a first instruction of the subroutine that indicates that the first instruction is a target of a control flow branch and a second instruction of the subroutine that verifies that a memory address is accessible. Generated in the machine instructions are instruction(s) that, when executed by a processor, cause the memory address to have limited accessibility. Some code generation may be performed at the start of runtime by a loader or a dynamic linker.

Abstract: Techniques are described herein for function-level limiting of privileges for a target application. Privileges dependencies for different functions of an application are determined based on static evaluation of the code base. A call graph with nodes representing the application functions is established, and the nodes are associated with the determined privilege dependencies. The graph is modified using iterative backward dataflow analysis to associate the nodes in the graph with privileges that are reachable from each node. Transition-edges are identified within the graph, where a transition-edge connects nodes having different sets of privileges. Function calls implementing the identified transition-edges are replaced, in instructions for the application (e.g., bytecode or machine code), with calls to wrapper functions.

Abstract: A method may include generating, by a source isolate, an external object reference, passing, by the source isolate, the external object reference to a target isolate, storing, by the source isolate and in an exported reference table, an entry that maps the external object reference to an object stored in a heap of the source isolate, performing, by the target isolate, a task that accesses the object using the external object reference, receiving, by the source isolate and from a finalizer of the external object reference, a notification that the external object reference has become unreferenced, and in response to the notification, removing, by the source isolate, the entry from the exported reference table.

Abstract: USB traffic is intercepted between a USB device and a computer system. It is determined whether the USB device has previously had a policy associated with it as to whether USB traffic from the device should be blocked, allowed, or sanitized. In response to not having a previous policy for the USB device, a request is made for a user to be prompted to provide a policy of one of block, allow, or sanitize for the USB device. In response to a user-provided-policy, one of the following are performed: blocking the traffic, allowing the traffic, or sanitizing the traffic between the USB device and the computer system. Apparatus, methods, and computer program products are disclosed.

Abstract: Techniques for tailoring security configurations for least-privilege applications are provided. In one technique, multiple software artifacts associated with a software application are identified. For each software artifact, a call graph is generated, the call graph is added to a set of call graphs, and a set of dependencies for the software artifact is detected. The set of call graphs are combined to generate a merged call graph. One or more portions of the merged call graph are pruned to generate a pruned call graph. Annotation data is stored that associates elements in the pruned call graph with the set of dependencies for each software artifact. Based on the annotation data, reachable dependencies are identified. Based on the reachable dependencies, a set of security policies is generated for the software application.

Abstract: Techniques for tailoring security configurations for least-privilege applications are provided. In one technique, multiple software artifacts associated with a software application are identified. For each software artifact, a call graph is generated, the call graph is added to a set of call graphs, and a set of dependencies for the software artifact is detected. The set of call graphs are combined to generate a merged call graph. One or more portions of the merged call graph are pruned to generate a pruned call graph. Annotation data is stored that associates elements in the pruned call graph with the set of dependencies for each software artifact. Based on the annotation data, reachable dependencies are identified. Based on the reachable dependencies, a set of security policies is generated for the software application.

Abstract: An example operation may include one or more of determining a proposal associated with a first blockchain member and a second blockchain member is present in a pending notification stored on a blockchain, invoking a receiving function of a smart contract, receiving a private key from the second blockchain member to access the proposal stored in the blockchain, retrieving all pending notifications in the blockchain, and iterating decryption attempts, using the private key, over all blockchain transactions including the pending notifications to determine whether any of the pending notifications include the proposal for the second blockchain member.

Abstract: The invention is notably directed to a computer-implemented method for performing safety check operations. The method comprises steps that are implemented while executing a computer program, which is instrumented with safety check operations. As a result, this computer program forms a sequence of ordered instructions. Such instructions comprise safety check operation instructions, in addition to generic execution instructions and system inputs. System inputs allow the executing program to interact with an operating system, which manages resources for the computer program to execute. A series of instructions are identified while executing the computer program. Namely, a first instruction is identified in the sequence, as one of the safety check operation instructions, in view of its subsequent execution. After having identified the first instruction, a second instruction is identified in the sequence. The second instruction is identified as one of the generic computer program instructions.

Abstract: An example operation may include one or more of connecting, by a code collaboration server, to a blockchain network configured to store a code of a projects, receiving, by the code collaboration server, a transaction with a code contribution from a developer via a smart contract, executing, by a code collaboration server, a smart contract to merge the code contribution with the code of the project, executing, by a code collaboration server, a smart contract to build the project based on the merged code, executing, by a code collaboration server, a smart contract to test the build in an execution environment, and in response to a successful test of the build, executing, by a code collaboration server, a smart contract to commit the code contribution to the blockchain.

Abstract: An example operation may include one or more of determining a proposal associated with a first blockchain member and a second blockchain member is present in a pending notification stored on a blockchain, invoking a receiving function of a smart contract, receiving a private key from the second blockchain member to access the proposal stored in the blockchain, retrieving all pending notifications in the blockchain, and iterating decryption attempts, using the private key, over all blockchain transactions including the pending notifications to determine whether any of the pending notifications include the proposal for the second blockchain member.

Abstract: An example operation may include one or more of identifying a proposal associated with a first blockchain member and a second blockchain member, generating a key/value pair for the proposal, creating a writeset including the key/value pair, storing the writeset in a blockchain, receiving digital signatures at the blockchain from the first blockchain member and the second blockchain member, and validating the proposal as an agreement.

Abstract: The invention is notably directed to a computer-implemented method for performing safety check operations. The method comprises steps that are implemented while executing a computer program, which is instrumented with safety check operations. As a result, this computer program forms a sequence of ordered instructions. Such instructions comprise safety check operation instructions, in addition to generic execution instructions and system inputs. System inputs allow the executing program to interact with an operating system, which manages resources for the computer program to execute. A series of instructions are identified while executing the computer program. Namely, a first instruction is identified in the sequence, as one of the safety check operation instructions, in view of its subsequent execution. After having identified the first instruction, a second instruction is identified in the sequence. The second instruction is identified as one of the generic computer program instructions.

Abstract: Separating data of trusted and untrusted data types in a memory of a computer during execution of a software program. Assigning mutually separated memory regions in the memory, namely, for each of the data types, a memory region for storing any data of the respective data type, and an additional memory region for storing any data which cannot be uniquely assigned to one of the data types. For each allocation instruction, performing a memory allocation including linking the allocation instruction to at least one data source, generating instruction-specific context information, evaluating the data source to determine the data type, associating the data type with the context information, based on the context information, assigning the allocation instruction to the memory region assigned to the evaluated data type, and allocating memory for storing data from the data source in the assigned memory region.

Abstract: Communications are intercepted between a universal serial bus (USB) device and a host, at least by implementing first device firmware of the USB device. The USB device contains its own second device firmware. Using at least the implemented first device firmware, intercepted communications from the USB device toward the host are sanitized. The sanitizing is performed so that no communication from the USB device is directly forwarded to the host and instead only sanitized communications are forwarded to the host. Methods, apparatus, and computer program products are disclosed.

Abstract: Separating data of trusted and untrusted data types in a memory of a computer during execution of a software program. Assigning mutually separated memory regions in the memory, namely, for each of the data types, a memory region for storing any data of the respective data type, and an additional memory region for storing any data which cannot be uniquely assigned to one of the data types. For each allocation instruction, performing a memory allocation including linking the allocation instruction to at least one data source, generating instruction-specific context information, evaluating the data source to determine the data type, associating the data type with the context information, based on the context information, assigning the allocation instruction to the memory region assigned to the evaluated data type, and allocating memory for storing data from the data source in the assigned memory region.

Abstract: Separating data of trusted and untrusted data types in a memory of a computer during execution of a software program. Assigning mutually separated memory regions in the memory, namely, for each of the data types, a memory region for storing any data of the respective data type, and an additional memory region for storing any data which cannot be uniquely assigned to one of the data types. For each allocation instruction, performing a memory allocation including linking the allocation instruction to at least one data source, generating instruction-specific context information, evaluating the data source to determine the data type, associating the data type with the context information, based on the context information, assigning the allocation instruction to the memory region assigned to the evaluated data type, and allocating memory for storing data from the data source in the assigned memory region.

Abstract: USB traffic is intercepted between a USB device and a computer system. It is determined whether the USB device has previously had a policy associated with it as to whether USB traffic from the device should be blocked, allowed, or sanitized. In response to not having a previous policy for the USB device, a request is made for a user to be prompted to provide a policy of one of block, allow, or sanitize for the USB device. In response to a user-provided-policy, one of the following are performed: blocking the traffic, allowing the traffic, or sanitizing the traffic between the USB device and the computer system. Apparatus, methods, and computer program products are disclosed.

Abstract: Communications are intercepted between a universal serial bus (USB) device and a host, at least by implementing first device firmware of the USB device. The USB device contains its own second device firmware. Using at least the implemented first device firmware, intercepted communications from the USB device toward the host are sanitized. The sanitizing is performed so that no communication from the USB device is directly forwarded to the host and instead only sanitized communications are forwarded to the host. Methods, apparatus, and computer program products are disclosed.