Abstract: Techniques for identifying computer program security access control violations using static program analysis are provided. In one example, a computer-implemented method comprises generating, by a device operatively coupled to a processor, a mathematical model of a computer program product, wherein the mathematical model defines data flows through nodes of the computer program product that reach a secure node corresponding to a secure resource. The computer implemented method further comprises evaluating, by the device, a security protocol of the computer program product using static program analysis of the mathematical model to determine whether any of the data flows provides access to the secure node without proceeding through one or more security nodes corresponding to the security protocol, wherein the one or more security nodes are included in the nodes of the computer program product.

Abstract: A program is executed that includes multiple script functions. For a selected script function, the following are performed during program execution. It is determined whether the selected script function should or should not be executed based on a utility corresponding to the selected script function. The utility was determined prior to determining whether the selected script function should be executed. The selected script function is executed in response to a determination the selected script function should be executed. Execution of the selected script function is skipped in response to a determination the selected script function should not be executed. These techniques may be applied in real-time to crawl a program such as a webpage or may be applied using offline learning followed by a real-time crawling of the program. Apparatus, methods, and program products are disclosed.

Abstract: A method and system for virtualizing mobile device sensors includes requesting from a first mobile device a virtual connection with a mobile device having a specific type of sensor, configuring an operating system of the first mobile device to allow an application program to accept data by proxy from the available sensor of the second mobile device; receiving a response from a second mobile device having the sensor, establishing a trusted temporary communication connection between the first and second mobile devices, sending a control signal from an application program on the first mobile device to the second mobile for operating the sensor on the second mobile device and receiving device sensor data from the sensor on the second mobile device.

Abstract: Online security analysis is provided by installing an analysis agent on a mobile device. The analysis agent monitors the mobile device to detect an initiation of installation for a new application that is to be installed on the mobile device. In response to the initiation of installation, the analysis agent quarantines a set of resources corresponding to the new application; analyzes the set of resources to determine whether or not at least one of a potential security threat or a security misconfiguration exists; and, in response to determining that at least one of the potential security threat or the security misconfiguration exists, generates an alert for informing a user that the potential security threat or the security misconfiguration exists.

Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.

Abstract: Technical solutions are described for testing a computer program product. An example method includes intercepting an instance of a request sent for execution by the computer program product, the request being one from a plurality of requests in a sequential flow. The method also includes storing a unique identifier for the request, and initializing a current test request index in response to the request being a first instance of a starting request of the sequential flow. The method also includes selecting a test task from a set of test tasks corresponding to the request in response to determining that the request is a current test-request based on an index of the request matching the current test request index. The method also includes modifying the instance of the request according to the selected test task, and sending the modified instance of the request to the computer program product for execution.

Abstract: Techniques for identifying computer program security access control violations using static program analysis are provided. In one example, a computer-implemented method comprises generating, by a device operatively coupled to a processor, a mathematical model of a computer program product, wherein the mathematical model defines data flows through nodes of the computer program product that reach a secure node corresponding to a secure resource. The computer implemented method further comprises evaluating, by the device, a security protocol of the computer program product using static program analysis of the mathematical model to determine whether any of the data flows provides access to the secure node without proceeding through one or more security nodes corresponding to the security protocol, wherein the one or more security nodes are included in the nodes of the computer program product.

Abstract: Privacy violation detection of a mobile application program is disclosed. Regular histories of the mobile application are mined. A call-graph representation of the mobile application program can be created and sequences of events of interest according to the platform specification of the mobile application can be collected. A plurality of learnable features are extracted from the regular histories. The plurality of learnable features are combined into a single feature vector which is fed into a machine-learning-based classification algorithm. Whether the mobile application program includes one or more permissions for accessing unauthorized privacy data of a mobile application user is determined based on a machine learning classification of the single feature vector. The collected sequences can be reduced into a plurality of feature vectors which can include at least one of a happens-before feature and a multiplicity of occurrences feature.

Abstract: A first application being presented for installation on a processing system can be detected. The first application can be scanned, via a static analysis, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. If the static analysis is indeterminate, a runtime analysis of the first application can determine whether the interface layout implemented by the first application is suspiciously similar to the user interface layout of the second application. If the user interface layout implemented by the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, the first application can be identified as being unsafe.

Abstract: A first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. If the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, the first application can be identified as being unsafe.

Abstract: An example system includes a processor to receive an application to be instrumented. The processor is to also instrument the application based on a baseline taint tracking scheme to generate an instrumented application including taint tags. The processor is also to execute the instrumented application and generate a profile of runtime behavior of the application. The processor is to modify the baseline tracking scheme based on the profile to generate an updated taint tracking scheme.

Abstract: Techniques for identifying computer program security access control violations using static program analysis are provided. In one example, a computer-implemented method comprises generating, by a device operatively coupled to a processor, a mathematical model of a computer program product, wherein the mathematical model defines data flows through nodes of the computer program product that reach a secure node corresponding to a secure resource. The computer implemented method further comprises evaluating, by the device, a security protocol of the computer program product using static program analysis of the mathematical model to determine whether any of the data flows provides access to the secure node without proceeding through one or more security nodes corresponding to the security protocol, wherein the one or more security nodes are included in the nodes of the computer program product.

Abstract: A method, system and computer readable program product for cooperative modifying of a software program. In an embodiment, the invention provides a method comprising monitoring two or more running executions of the same software program at two or more user computer systems; detecting an issue with one of the executions; suspending the running executions of the software program; determining a fix to the software program; modifying the software program with the fix on the two or more user computer systems; and resuming the running executions of the software program. In an embodiment, the executions are run at one server computer; and modifying the software program with the fix comprises performing one server instance update to modify all the running executions of the software program with the fix. In an embodiment, the method further comprises issuing notifications to users that the software program has been modified with the fix.

Abstract: A method, system and computer readable program are disclosed for managing data in a computing network. In an embodiment, the invention provides a method comprising obtaining specified data from a database in the computing network, aggregating the specified data in a defined data structure stored in the computing network, and specifying in the data structure properties over the data aggregated in the data structure. In an embodiment, a plurality of services in the computing network use the data in the data structure in accordance with the properties specified in the data structure. In an embodiment, one or more of the services modifies one or more of the properties specified in the data structure based on a transformation by the one or more of the services of the data aggregated in the data structure.

Abstract: An apparatus, method and computer program product for repairing security vulnerabilities of an application running on a mobile device. The method comprises: monitoring, by a hardware processor running a mobile device application, an application program interface (API) request associated with a data access operation, the data access operation associated with a security vulnerability. The method determines one or more private values provided by the data access operation and tracks, for each determined private value, a use of the private value by the mobile device application. Further, the method determines from the tracked usage, whether a private value has been transformed in a manner associated with the security vulnerability. For each private value that has been transformed, using the processor to modify the private value deemed a security vulnerability prior to an access by the mobile device application.

Abstract: A system for detecting a vulnerability in a Web service can include a processor configured to initiate executable operations including determining whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service and, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.

Abstract: A static analysis tool is augmented to provide a mechanism by which a large set (and potentially all) security warnings output from the tool may be represented to the user in a manner that is manageable for consumption by the user. According to this disclosure, a static analysis is run on a program to generate a set of security warnings. Using dynamic programming, the set of security warnings output by the static analysis are mapped onto a collection of fix points, wherein a fix point captures a location within the program that should be visited to fix a set of warnings that map to that fix point. The fix points represent the highest probable locations of particular potential vulnerabilities in the program. They are computed in a parametric manner, preferably according to user preferences, by solving an instance of a “knapsack” problem.

Abstract: A method detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.

Abstract: A method of detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.

Abstract: A computer system may identify a cryptographic application programming interface (API) call for a program. The cryptographic API call may include a first variable. The computer system may determine that the first variable is a static value. The computer system may tag the first variable. The computer system may determine that the cryptographic API call will be executed. The computer system may replace the first variable with a second variable during execution of the program. The computer system may execute the cryptographic API call with the second variable.