Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.

Abstract: In some embodiments, a system is provided, and computer-executable instructions cause the system to: obtain a file with instructions for provisioning resources of a service by referencing types of compute resources and including instructions for generating a customized resource of a first type; determine that the file references a first type of compute resources; retrieve threat modeling information associated with the first type of resource, including information identifying a first potential threat; generate a graph with nodes representing the first type of resource, the customized resource, and the first potential threat, and an edge connecting the first node and the second node with a predicate indicative of the relationship them; generate an ontology statement that relate the customized resource and first type of resource; and provide a plurality of ontology statements representing the graph to a reasoner to perform at least a portion of a security review without user intervention.

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.

Abstract: In particular embodiments, an environment for modular software analysis is generated for a software module under analysis. Irrelevancy analysis is performed on the software module to determine that, for each input datum to the software module, whether the input datum is relevant or irrelevant with respect to branch coverage of the module code. A default concrete value is assigned to each irrelevant input datum. A set of concrete values is calculated for each relevant input datum using symbolic execution. The environment is enhanced such that default concrete values are passed to the software module for the irrelevant input data and sets of concrete values generated using symbolic execution are passed to the software module for the relevant input data. The enhanced environment enables module analysis with as much as 100% branch coverage of the module code.

Abstract: In one embodiment, a method includes accessing an event-driven application input by a user, the event-driven application comprising source code, one or more use cases input by the user for the event-driven application, and one or more functional requirements input by the user for the event-driven application; parsing the use cases and the functional requirements according to the predefined syntax to construct one or more validation modules for validating the event-driven application without any modification to the source code of the event-driven application for validation purposes; formally validating the event-driven application using the validation modules without relying on assertions inserted into the source code of the event-driven application for validation purposes; and if the formal validation finds one or more defects in the event-driven application, generating output for communication to the user identifying the defects.

Abstract: In one embodiment, a method includes automated extraction of the Page Transition Graph (PTG) model for model-based analysis of web applications.

Abstract: In one embodiment, a method includes specifying an application-specific navigation model of an event-driven application; analyzing the navigation model with respect to one or more navigation requirements of the event-driven application to determine whether the event-driven application satisfies the navigation requirements; generating one or more drivers for the event-driven application based on the navigation model; and traversing the navigation model with the application-independent event drivers to analyze the event-driven application with respect to one or more business-logic requirements of the event-driven application to determine whether the event-driven application satisfies the business-logic requirements.

Abstract: In one embodiment, a method includes automated extraction of the Page Transition Graph (PTG) model for model-based analysis of web applications.

Abstract: In one embodiment, a method includes accessing an event-driven application input by a user, the event-driven application comprising source code, one or more use cases input by the user for the event-driven application, and one or more functional requirements input by the user for the event-driven application; parsing the use cases and the functional requirements according to the predefined syntax to construct one or more validation modules for validating the event-driven application without any modification to the source code of the event-driven application for validation purposes; formally validating the event-driven application using the validation modules without relying on assertions inserted into the source code of the event-driven application for validation purposes; and if the formal validation finds one or more defects in the event-driven application, generating output for communication to the user identifying the defects.

Abstract: In one embodiment, a method includes specifying an application-specific navigation model of an event-driven application; analyzing the navigation model with respect to one or more navigation requirements of the event-driven application to determine whether the event-driven application satisfies the navigation requirements; generating one or more drivers for the event-driven application based on the navigation model; and traversing the navigation model with the application-independent event drivers to analyze the event-driven application with respect to one or more business-logic requirements of the event-driven application to determine whether the event-driven application satisfies the business-logic requirements.

Abstract: In particular embodiments, an environment for modular software analysis is generated for a software module under analysis. Irrelevancy analysis is performed on the software module to determine that, for each input datum to the software module, whether the input datum is relevant or irrelevant with respect to branch coverage of the module code. A default concrete value is assigned to each irrelevant input datum. A set of concrete values is calculated for each relevant input datum using symbolic execution. The environment is enhanced such that default concrete values are passed to the software module for the irrelevant input data and sets of concrete values generated using symbolic execution are passed to the software module for the relevant input data. The enhanced environment enables module analysis with as much as 100% branch coverage of the module code.

Abstract: A method for detecting software defects includes selecting from a target program comprising a plurality of modules a first module for evaluation and isolating the first module. The method also includes iteratively performing the following steps until the first module has been reduced such that a validation program is able to determine whether the first module contains a defect: generating an environment surrounding the first module, the generated environment preserving at least one external constraint on the first module; reducing the size of the first module; and reducing the number of program states associated with the first module.

Abstract: A method for detecting software defects includes selecting from a target program comprising a plurality of modules a first module for evaluation and isolating the first module. The method also includes iteratively performing the following steps until the first module has been reduced such that a validation program is able to determine whether the first module contains a defect: generating an environment surrounding the first module, the generated environment preserving at least one external constraint on the first module; reducing the size of the first module; and reducing the number of program states associated with the first module.