Abstract: A computer system performs tracking of security context for confidential or untrusted values input from sources in an executing application to sinks in the executing application. The security context includes indications of sources and declassifier methods corresponding to the values and has been previously defined prior to the tracking. Prior to release of a selected confidential or untrusted value by a sink in the executing application, security context is fetched for the selected confidential or untrusted value. A selected declassifier method is caused to be used on the selected confidential or untrusted value prior to release of the selected confidential or untrusted value to the sink. The selected declassifier method obfuscates the selected confidential or untrusted value and is selected based on the security context for the selected confidential or untrusted value. The obfuscated confidential or untrusted value is caused to be released to the sink in the executing application.

Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.

Abstract: A Software optimization method, system, and computer program product, include defining a vocabulary of tokens to yield admissible inputs of a system, generating random test inputs based on combining inputs and input tuples, followed by application of these inputs into the system, and analyzing the correlations between system failures and the tokens present in respective inputs to localize failures to particular inputs and input tuples.

Abstract: A method, system, and computer program product including generating random test inputs as a number of queries using a token and analyzing a correlation between a system failure and a token present in respective inputs to localize the system failure.

Abstract: Techniques for synthesizing security exploits via self-amplifying deep learning are provided. In one example, a computer-implemented method can comprise generating, by a system operatively coupled to a processor, a probabilistic model based on an evaluation of one or more first payloads included in a first group of payloads. The computer implemented method can also comprise determining, by the system, based on the probabilistic model, that at least one first payload from the first group of payloads is invalid. Additionally, the computer implemented method can comprise, generating, by the system, a second group of payloads based on removing the at least one invalid first payload from the first group of payloads.

Abstract: A security verification system and method that includes outputting a list of potential dataflow vulnerabilities as a first output from inputting a subject program and security specification, mapping candidate vulnerabilities to a user interface (UI) entry point and payload from the output of the list of potential dataflow vulnerabilities to provide a second output, and performing directed testing of the second output.

Abstract: A method, apparatus, system, and computer program product for performing security testing. Information about successful payloads in payloads is determined by a computer system using crowd-sourced data in which a successful payload is a payload used in a successful attack. A set of popular payloads is determined by a computer system from the payloads using information about the successful payloads determined using the crowd-sourced data. Testing is focused by the computer system on the set of popular payloads based on a set of key features for the set of popular payloads.

Abstract: A method for detecting malicious code fragments based on data-flow isolation is provided. The method may include isolating data flows associated with a computing program for a user device. The method may further include mapping steps for the isolated data flow to modules associated with the computing program and the user device. The method may further include comparing the mapped steps to determine connections between the isolated data flows. The method may further include, based on the comparison of the mapped steps and the modules, determining whether the isolated data flows comprise malicious data flow deviations. The method may also include, in response to the determination that the isolated data flows comprise malicious data flow deviations, determining whether the computer program is malicious by weighing security risks associated with the malicious data flow deviations based on security risk factors.

Abstract: An example system includes a processor to receive an application to be instrumented. The processor is to also instrument the application based on a baseline taint tracking scheme to generate an instrumented application including taint tags. The processor is also to execute the instrumented application and generate a profile of runtime behavior of the application. The processor is to modify the baseline tracking scheme based on the profile to generate an updated taint tracking scheme.

Abstract: Techniques for analyzing code are described. In some instances, a code analysis service is to perform a series of comparisons, one or more per path segment of an index structure of non-defective code samples, using a token derived from a defective code segment of the stored code, to determine one or more paths in the index, wherein each path is to point to code that is similar to the defective code segment; and provide, in response to the series of comparisons, at least one of: a location of the code determined to be similar to the defective code segment and the code determined to be similar.

Abstract: Techniques for performing root cause analysis in dynamic software testing via probabilistic modeling are provided. In one example, a computer-implemented method comprises initializing, by a system operatively coupled to a processor, a threshold value, a defined probability value, and a counter value. The computer-implemented method also includes, in response to determining, by the system, that a probability value assigned to a candidate payload of one or more candidate payloads exceeds the defined probability value, and in response to determining, by the system, that the counter value exceeds the threshold value: determining, by the system, that a match exists between the candidate payload and an input point based on an application of the candidate payload to the input point resulting in a defined condition, wherein the one or more candidate payloads are represented by population data accessed by the system.

Abstract: In an approach for testing an application for a security vulnerability, a processor inserts an instrumentation hook in the application to be tested, wherein the instrumentation hook is executed prior to a sink operation. A processor transmits a probe input value to the application to be tested. A processor detects a modification to the probe input value at the instrumentation hook by comparing the probe input value at the instrumentation hook to a signature value and detecting that the probe input value matches the signature value. A processor removes the sink operation from testing for the security vulnerability.

Abstract: A security analysis of an application is performed by encoding predicates during a first operation by asserting a set of data flow facts comprising a mapping from a variable to a security-relevant substring of a string of the application. A respective truth value is associated with each data flow fact of the set of data flow facts. The set of data flow facts and each truth value are stored in a tangible computer-readable memory device. The truth value of at least one data flow fact of the set of data flow facts is updated in at least one subsequent operation using a set of abstract transformers to eliminate or reduce a security vulnerability in the application.

Abstract: Techniques for identifying computer program security access control violations using static program analysis are provided. In one example, a computer-implemented method comprises generating, by a device operatively coupled to a processor, a mathematical model of a computer program product, wherein the mathematical model defines data flows through nodes of the computer program product that reach a secure node corresponding to a secure resource. The computer implemented method further comprises evaluating, by the device, a security protocol of the computer program product using static program analysis of the mathematical model to determine whether any of the data flows provides access to the secure node without proceeding through one or more security nodes corresponding to the security protocol, wherein the one or more security nodes are included in the nodes of the computer program product.

Abstract: A method detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.

Abstract: Optimizing automated interactions with web pages by identifying, for each of multiple web pages, path information including an incoming hyperlink path having at least one hyperlink, where the incoming hyperlink path leads to the web page, and/or an outgoing hyperlink path having at least one hyperlink, where the outgoing hyperlink path emanates from the web page, determining whether the path information of each of the web pages meets a similarity condition, excluding from an interaction set of the web pages any of the web pages whose path information meets the similarity condition, and causing an automated interaction to be performed with any of the web pages in the interaction set.

Abstract: Privacy violation detection of a mobile application program is disclosed. Regular histories of the mobile application are mined. A call-graph representation of the mobile application program can be created and sequences of events of interest according to the platform specification of the mobile application can be collected. A plurality of learnable features are extracted from the regular histories. The plurality of learnable features are combined into a single feature vector which is fed into a machine-learning-based classification algorithm. Whether the mobile application program includes one or more permissions for accessing unauthorized privacy data of a mobile application user is determined based on a machine learning classification of the single feature vector. The collected sequences can be reduced into a plurality of feature vectors which can include at least one of a happens-before feature and a multiplicity of occurrences feature.

Abstract: Aspects of the disclosure provide for automatically generating patches for security violations. For example, a plurality of inputs may be generated for code. The code may be executed using the plurality of inputs to obtain execution states at a plurality of code locations. The execution states may include at least one security violation for at least some of the plurality of inputs. Using the execution states, one or more patch conditions causing the at least one security violation may be determined. Using the execution states, one or more corresponding patch locations may be determined based on a code location of the plurality of code locations where the at least one security violation each of the one or more patch conditions occurred. At least one candidate patch for the at least one security violation may be automatically generated. The at least one candidate patch may include one of the patch conditions and one of the corresponding patch locations.

Abstract: Techniques for performing root cause analysis in dynamic software testing via probabilistic modeling are provided. In one example, a computer-implemented method comprises initializing, by a system operatively coupled to a processor, a threshold value, a defined probability value, and a counter value. The computer-implemented method also includes, in response to determining, by the system, that a probability value assigned to a candidate payload of one or more candidate payloads exceeds the defined probability value, and in response to determining, by the system, that the counter value exceeds the threshold value: determining, by the system, that a match exists between the candidate payload and an input point based on an application of the candidate payload to the input point resulting in a defined condition, wherein the one or more candidate payloads are represented by population data accessed by the system.

Abstract: A method, system and computer readable program product for cooperative modifying of a software program. In an embodiment, the invention provides a method comprising monitoring two or more running executions of the same software program at two or more user computer systems; detecting an issue with one of the executions; suspending the running executions of the software program; determining a fix to the software program; modifying the software program with the fix on the two or more user computer systems; and resuming the running executions of the software program. In an embodiment, the executions are run at one server computer; and modifying the software program with the fix comprises performing one server instance update to modify all the running executions of the software program with the fix. In an embodiment, the method further comprises issuing notifications to users that the software program has been modified with the fix.