Abstract: Statically analyzing a computer software application can include identifying a plurality of objects within the instructions of a computer software application, where the objects in the plurality of objects are of the same object type, and preparing a modified version of the instructions in which any of the objects in the plurality of objects determined to be extraneous is omitted.

Abstract: Privacy violation detection of a mobile application program is disclosed. Regular histories of the mobile application are mined. A call-graph representation of the mobile application program can be created and sequences of events of interest according to the platform specification of the mobile application can be collected. A plurality of learnable features are extracted from the regular histories. The plurality of learnable features are combined into a single feature vector which is fed into a machine-learning-based classification algorithm. Whether the mobile application program includes one or more permissions for accessing unauthorized privacy data of a mobile application user is determined based on a machine learning classification of the single feature vector. The collected sequences can be reduced into a plurality of feature vectors which can include at least one of a happens-before feature and a multiplicity of occurrences feature.

Abstract: Machine learning (ML) significantly reduces false alarms generated by an automated analysis tool performing static security analysis. Using either user-supplied or system-generated annotation of particular findings, a “hypothesis” is generated about how to classify other static analysis findings. The hypothesis is implemented as a machine learning classifier. To generate the classifier, a set of features are abstracted from a typical witness, and the system compares feature sets against one another to determine a set of weights for the classifier. The initial hypothesis is then validated against a second set of findings, and the classifier is adjusted as necessary based on how close it fits the new data. Once the approach converges on a final classifier, it is used to filter remaining findings in the report.

Abstract: A control graph representing a model of data flow of a computer program can be generated during a static analysis. Respective edge weights can be assigned to edges of a plurality of paths in the control flow graph. A size of the uniform-cost search method can be dynamically configured based on a size of the control flow graph. A total edge weight for the considered paths can be determined based the edge weights assigned to the respective edges of the considered path. At least one path of the considered paths in the control flow graph whose total edge weight satisfies a particular total edge weight criteria can be identified. The control flow graph can be updated to indicate to a user the at least one path in the control flow graph whose total edge weight satisfies the particular total edge weight criteria.

Abstract: Techniques for identifying computer program security access control violations using static program analysis are provided. In one example, a computer-implemented method comprises generating, by a device operatively coupled to a processor, a mathematical model of a computer program product, wherein the mathematical model defines data flows through nodes of the computer program product that reach a secure node corresponding to a secure resource. The computer implemented method further comprises evaluating, by the device, a security protocol of the computer program product using static program analysis of the mathematical model to determine whether any of the data flows provides access to the secure node without proceeding through one or more security nodes corresponding to the security protocol, wherein the one or more security nodes are included in the nodes of the computer program product.

Abstract: A method and system for virtualizing mobile device sensors includes requesting from a first mobile device a virtual connection with a mobile device having a specific type of sensor, receiving a response from a second mobile device having the sensor, establishing a trusted temporary communication connection between the first and second mobile devices, sending a control signal from an application program on the first mobile device to the second mobile for operating the sensor on the second mobile device and receiving device sensor data from the sensor on the second mobile device. The operating system of the first mobile device is coupled with the application program by a virtual machine monitor running on the first mobile device such that the first mobile device is a host machine and the second mobile device is a guest machine.

Abstract: Techniques for identifying computer program security access control violations using static program analysis are provided. In one example, a computer-implemented method comprises generating, by a device operatively coupled to a processor, a mathematical model of a computer program product, wherein the mathematical model defines data flows through nodes of the computer program product that reach a secure node corresponding to a secure resource. The computer implemented method further comprises evaluating, by the device, a security protocol of the computer program product using static program analysis of the mathematical model to determine whether any of the data flows provides access to the secure node without proceeding through one or more security nodes corresponding to the security protocol, wherein the one or more security nodes are included in the nodes of the computer program product.

Abstract: Optimizing automated interactions with web pages by identifying, for each of multiple web pages, path information including an incoming hyperlink path having at least one hyperlink, where the incoming hyperlink path leads to the web page, and/or an outgoing hyperlink path having at least one hyperlink, where the outgoing hyperlink path emanates from the web page, determining whether the path information of each of the web pages meets a similarity condition, excluding from an interaction set of the web pages any of the web pages whose path information meets the similarity condition, and causing an automated interaction to be performed with any of the web pages in the interaction set.

Abstract: Optimizing automated interactions with web pages by identifying, for each of multiple web pages, path information including an incoming hyperlink path having at least one hyperlink, where the incoming hyperlink path leads to the web page, and/or an outgoing hyperlink path having at least one hyperlink, where the outgoing hyperlink path emanates from the web page, determining whether the path information of each of the web pages meets a similarity condition, excluding from an interaction set of the web pages any of the web pages whose path information meets the similarity condition, and causing an automated interaction to be performed with any of the web pages in the interaction set.

Abstract: Aspects of the invention include receiving, using a processing system, an actual user location trajectory that includes a plurality of geographic locations of places visited by a user. It is determined that at least one of the plurality of places visited by the user has been identified as a sensitive place. An obfuscated user location trajectory is created that preserves the privacy of the sensitive places that is consistent with the actual user location trajectory that conforms to a valid street route on a map, preserves spatiotemporal correlation between geographic locations, and is consistent with geographic locations visited by the user in the past. Contents of the obfuscated user location trajectory are output to an application in place of contents of the actual user location trajectory.

Abstract: Aspects of the invention include receiving, using a processing system, a geographic location of a user. A trust level of an application is determined. Based at least in part on the trust level of the application meeting a threshold, the geographic location of the user is transmitted to the application. Based at least in part on the trust level of the application not meeting the threshold, a semantic label associated with the geographic location of the user is determined. The semantic label describes a type of place located at the geographic location of the user. An obfuscated geographic location that preserves the privacy of the geographic location of the user and is associated with a semantic label consistent with the semantic label associated with the geographic location of the user is generated. The obfuscated geographic location is transmitted to the application in place of the geographic location of the user.

Abstract: Aspects of the invention include receiving, using a processing system, a geographic location of a user. A trust level of an application is determined. Based at least in part on the trust level of the application meeting a threshold, the geographic location of the user is transmitted to the application. Based at least in part on the trust level of the application not meeting the threshold, a semantic label associated with the geographic location of the user is determined. The semantic label describes a type of place located at the geographic location of the user. An obfuscated geographic location that preserves the privacy of the geographic location of the user and is associated with a semantic label consistent with the semantic label associated with the geographic location of the user is generated. The obfuscated geographic location is transmitted to the application in place of the geographic location of the user.

Abstract: Aspects of the invention include receiving, using a processing system, an actual user location trajectory that includes a plurality of geographic locations of places visited by a user. It is determined that at least one of the plurality of places visited by the user has been identified as a sensitive place. An obfuscated user location trajectory is created that preserves the privacy of the sensitive places that is consistent with the actual user location trajectory that conforms to a valid street route on a map, preserves spatiotemporal correlation between geographic locations, and is consistent with geographic locations visited by the user in the past. Contents of the obfuscated user location trajectory are output to an application in place of contents of the actual user location trajectory.

Abstract: Performing an automated interaction with a computer software application by identifying, among a plurality of regions of an interface of a computer software application, a region for which a region-level measure exists of user interaction that occurred within the region of the interface, determining if the region-level measure meets or exceeds a predefined minimum level of user interaction, and performing an automated interaction with an element at least partly found within the region if the region-level measure meets or exceeds the predefined minimum level of user interaction.

Abstract: Systems, methods, and computer program products are disclosed including receiving a computer program, compiling the computer program, performing data flow analysis on the computer program to identify accesses to data locations by execution units at compile-time, generating a list of data-flow paths including accesses to one or more of the data locations, determining that more than one of the execution units accesses the same data location based on the list of data-flow paths, determining the existence of a potential vulnerability in at least one of the data-flow paths based at least in part on the determination that more than one of the execution units accesses the same data location, synthesizing a scheduling constraint for the data location based at least in part on the determination of the existence of the potential vulnerability in the at least one of the data-flow paths, and implementing the scheduling constraint for the data location.

Abstract: User-guided machine learning (ML) significantly reduces false alarms generated by an automated analysis tool performing static security analysis. User interactivity involves initial review and annotation of findings (“witnesses”) in a report generated by the analysis tool. Those annotated findings are then used by the system to generate a “hypothesis” about how to further classify the static analysis findings in the report. The hypothesis is implemented as a machine learning classifier. To generate the classifier, a set of features are abstracted from a typical witness, and the system compares feature sets against one another to determine a set of weights for the classifier. The initial hypothesis is then validated against a second set of user-annotated findings, and the classifier is adjusted as necessary based on how close it fits the new data. Once the approach converges on a final classifier, it is used to filter remaining findings in the report.

Abstract: A new paradigm for security analysis is provided by transitioning code analysis reporting from the problem space (the warnings themselves), to a solution space (potential solutions to the identified problems). Thus, instead of reporting raw findings to the user, the automated system as described here outputs proposed solutions to eliminate the defects identified in the security analysis. A consequence of this approach is that the report generated by the analysis tool is much more consumable, and thus much more actionable. Preferably, the report provides the user with one or more candidate location(s) at which to apply a fix to an identified security problem. These locations preferably are identified by processing overlapping nodes to identify one or more solution groupings that represent an API for a sanitization fix. The report also includes one or more recommendations for the fix, and preferably the report is generated on a per-vulnerability type basis.

Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.

Abstract: A method and system for virtualizing mobile device sensors includes requesting from a first mobile device a virtual connection with a mobile device having a specific type of sensor, receiving a response from a second mobile device having the sensor, establishing a trusted temporary communication connection between the first and second mobile devices, sending a control signal from an application program on the first mobile device to the second mobile for operating the sensor on the second mobile device and receiving device sensor data from the sensor on the second mobile device. The operating system of the first mobile device is coupled with the application program by a virtual machine monitor running on the first mobile device such that the first mobile device is a host machine and the second mobile device is a guest machine.

Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.