Patent application number | Description | Published |
20080320075 | DETECTING DATA PROPAGATION IN A DISTRIBUTED SYSTEM - Embodiments gather historical information about data propagation by monitoring requests to and replies from a server. When a request is received from a client system to upload code onto a web site, a user identity associated with the client system is determined and a tag that uniquely identifies the uploaded data is created and mapped with the user identity into a propagation graph. The propagation graph includes nodes and edges associated with a number of client systems that made similar requests such that each node of the propagation graph corresponds to both a tag and user identity of a client system and edges within the propagation graph represent causality links between the nodes. The propagation graph can then be used for finding long propagation chains, which can be useful for detecting worm-like propagation activity. | 12-25-2008 |
20090083363 | REMOTE MONITORING OF LOCAL BEHAVIOR OF NETWORK APPLICATIONS - Computer-executable instructions comprising some or all of a program can be delivered to a client for execution on a real-time basis such that the client receives anew the computer-executable instructions for each new execution of the program. Such an environment enables instrumentation instructions to be inserted into the computer-executable instructions after a request and prior to the delivery of the computer-executable instructions. The inserted instrumentation instructions can be spread across multiple deliveries of the same computer-executable instructions, and they can be modified to account for information received from previously inserted instrumentation instructions. The instrumentation instructions can be inserted as part of the server process, the client process, or as part of a proxy server that can be used at the discretion of the program developer. | 03-26-2009 |
20090083409 | REMOTE MONITORING OF LOCAL BEHAVIOR OF NETWORK APPLICATIONS - Computer-executable instructions comprising some or all of a program can be delivered to a client for execution on a real-time basis such that the client receives anew the computer-executable instructions for each new execution of the program. Such an environment enables instrumentation instructions to be inserted into the computer-executable instructions after a request and prior to the delivery of the computer-executable instructions. The inserted instrumentation instructions can be spread across multiple deliveries of the same computer-executable instructions, and they can be modified to account for information received from previously inserted instrumentation instructions. The instrumentation instructions can be inserted as part of the server process, the client process, or as part of a proxy server that can be used at the discretion of the program developer. | 03-26-2009 |
20090083714 | REMOTE MONITORING OF LOCAL BEHAVIOR OF NETWORK APPLICATIONS - Computer-executable instructions comprising some or all of a program can be delivered to a client for execution on a real-time basis such that the client receives anew the computer-executable instructions for each new execution of the program. Such an environment enables instrumentation instructions to be inserted into the computer-executable instructions after a request and prior to the delivery of the computer-executable instructions. The inserted instrumentation instructions can be spread across multiple deliveries of the same computer-executable instructions, and they can be modified to account for information received from previously inserted instrumentation instructions. The instrumentation instructions can be inserted as part of the server process, the client process, or as part of a proxy server that can be used at the discretion of the program developer. | 03-26-2009 |
20090199159 | DECLARATIVE EXECUTION CONTEXT SPLITTING - Various technologies and techniques are disclosed for enabling code to be executed on one or more execution contexts based upon declarative annotations contained in the code or other locations. An annotation associated with a region of code is located. The annotation specifies information about an execution context where the region of code should be executed. A caller proxy is generated that is responsible for calling a callee adapter to execute the region of code. The callee adapter is generated that is responsible for receiving a call from the caller proxy and for dispatching a call to the region of code at the execution context. At runtime, the caller proxy receives a request to call the region of code and sends an execution request to the callee adapter. The callee adapter receives the execution request and dispatches a call to an executable version of the region of code. | 08-06-2009 |
20090249489 | SECURITY BY CONSTRUCTION FOR WEB APPLICATIONS - Secure distributed Web applications are produced by default upon construction. Mechanisms are provided to address distributed application vulnerabilities (e.g., cross-site scripting, cross-site request forgery, replay attacks . . . automatically. These mechanisms are provided in conjunction with a tier-splitting component that breaks up an application for execution across multiple contexts or tiers. As a result, any application that is tier split is protected from security vulnerabilities by default without any intervention on the part of a developer. | 10-01-2009 |
20090292791 | AUTOMATED CODE SPLITTING AND PRE-FETCHING FOR IMPROVING RESPONSIVENESS OF BROWSER-BASED APPLICATIONS - A “code splitting tool” provides various techniques for automatically analyzing and rewriting existing browser-based applications to introduce dynamic code loading into those applications thereby improving perceived application responsiveness. Structural elements of application code (including functions, classes, etc.) are broken into small “stubs” with corresponding bodies. Rewritten applications then initially transfer only the portion of the code (including some combination of stubs and bodies) to the client as necessary for initial application execution. Additional stubs and/or bodies are then transferred either on-demand at runtime or in the background. Automated code rewriting proceeds without requiring any application-specific knowledge or changes to existing code prior to code rewriting. Further, the code splitting tool can tailor code rewriting to specific computing devices (computers, PDA's, cell phones, etc.), specific network conditions, and/or specific users, through an automated training process that creates clusters that control code downloads to optimize perceived application responsiveness. | 11-26-2009 |
20100153928 | Developing and Maintaining High Performance Network Services - A network service runtime module executing on a processor is configured to accept a directed acyclic service graph representing elements of a network service application. During execution of the service graph, runtime events are stored. The service graph may by optimized by generating alternate service graphs, and simulating performance of the alternate service graphs in a simulator using the stored runtime events. A hill climber algorithm may be used in conjunction with the simulator to vary alternate service graphs and determine which alternate service graphs provide the greatest utility. Once determined, an alternate service graph with the greatest utility may be loaded into the network service runtime module for execution. | 06-17-2010 |
20100205674 | Monitoring System for Heap Spraying Attacks - A monitoring system may analyze system memory to determine a vulnerability statistic by identifying potential sleds within the memory, and creating a statistic that is a ratio of the amount of potential sleds per the total memory. In some cases, the statistic may be based on the number of instructions or bytes consumed by the sleds. The potential sleds may be determined by several different mechanisms, including abstract payload execution, polymorphic sled detection, sled surface area calculation, and other mechanisms. The monitoring system may be a multi-threaded operation that continually monitors system memory and analyzes recently changed objects in memory. When the vulnerability statistic rises above a certain level, the system may alert a user or administrator to a high vulnerability condition. | 08-12-2010 |
20110191848 | PREVENTING MALICIOUS JUST-IN-TIME SPRAYING ATTACKS - A method disclosed herein includes acts of receiving code at a Just-in-Time compiler executing in an application on a computing device and compiling the code to generate machine code and causing the machine code to be placed on at least one page that is accessible by at least one processor on the computing device, wherein the Just-in-Time compiler compiles the code utilizing at least one technique for preventing a Just-in-Time spraying attack. | 08-04-2011 |
20110219357 | COMPRESSING SOURCE CODE WRITTEN IN A SCRIPTING LANGUAGE - A method described herein includes at a computing device, receiving, over a network connection, a data packet from an external source, wherein the data packet comprises a compressed abstract syntax tree (AST)-based representation of source code written in a scripting language. The method further includes decompressing the compressed AST-based representation of the source code to generate a decompressed AST. The method also includes causing at least one processor on the computing device to execute at least one instruction represented in the decompressed AST subsequent to the compressed AST-based representation of the source code being decompressed. | 09-08-2011 |
20110283355 | EDGE COMPUTING PLATFORM FOR DELIVERY OF RICH INTERNET APPLICATIONS - An edge computing platform that provides on-demand delivery of Rich Internet Applications and other applications is disclosed. One embodiment includes an optional manager node and content distribution network (CDN) that include one or more compute nodes. The CDN collects information pertaining to execution of a software application. The CDN aggregates the information and transfers the aggregated information to the manager node. The manager node analyzes the information from the CDN and transfers results of the analysis to the CDN. The CDN receives a software application that is designed to be dynamically updated when executed at the clients. The CDN modifies the software application based on the information from the manager node. The CDN receives a request that pertains to the software application from a client device. The CDN transfers at least a portion of the modified software application to the client. | 11-17-2011 |
20120151592 | STRING OPERATIONS WITH TRANSDUCERS - There is provided a computer-implemented method for analyzing string-manipulating programs. An exemplary method comprises describing a string-manipulating program as a finite state transducer. The finite state transducer may be evaluated with a constraint solving methodology to determine whether a particular string may be provided as output by the string-manipulating program. The constraint solving methodology may involve the use of one or more satisfiability modulo theories (SMT) solvers. A determination may be made regarding whether the string-manipulating program may contain a potential security risk depending on whether the particular string may be provided as output by the string-manipulating program. | 06-14-2012 |
20120167061 | IDENTIFYING FACTORABLE CODE - Various embodiments are disclosed that relate to the automated identification of one or more computer program functions for potentially placing on a remote computing device in a split-computational computing environment. For example, one disclosed embodiment provides, on a computing device, a method of determining a factorable portion of code to locate remotely from other portions of the code of a program to hinder unauthorized use and/or distribution of the program. The method includes, on a computing device, receiving an input of a representation of the code of the program, performing analysis on the representation of the code, the analysis comprising one or more of static analysis and dynamic analysis, and based upon the analysis of the code, outputting a list of one or more functions determined from the analysis to be candidates for locating remotely. | 06-28-2012 |
20120167209 | AUTOMATIC CONTEXT-SENSITIVE SANITIZATION - An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path. | 06-28-2012 |
20120191803 | DECOMMISSIONING FACTORED CODE - Various embodiments are disclosed that relate to decommissioning factored code of a program on a computing device. For example, one disclosed embodiment provides a method of operating a computing device. The method includes executing a program on the computing device, and while executing the program, identifying a remote location of a factored function via a code map, sending a call to the factored function and receiving a return response. The method further comprises, upon occurrence of a decommissioning event, receiving a copy of the factored function; and updating the code map with a location of the copy of the factored function. | 07-26-2012 |
20120192209 | FACTORING MIDDLEWARE FOR ANTI-PIRACY - Embodiments are disclosed that relate to hindering unauthorized use or distribution of a middleware program contained within an application. One example embodiment provides a method for hindering unauthorized use or distribution of a middleware program contained within an application. The method comprises acquiring factored middleware code, the factored middleware code having a missing function residing on a remote computing device, and building an application around the factored middleware code such that the application is configured to call to the remote computing device for execution of the missing function during use. The application may be configured to send a call to the remote computing device for execution of the missing function during use. | 07-26-2012 |
20120216280 | DETECTION OF CODE-BASED MALWARE - This document describes techniques for detection of code-based malware. According to some embodiments, the techniques utilize a collection of known malicious code and know benign code and determine which features of each type of code can be used to determine whether unclassified code is malicious or benign. The features can then be used to train a classifier (e.g., a Bayesian classifier) to characterize unclassified code as malicious or benign. In at least some embodiments, the techniques can be used as part of and/or in cooperation with a web browser to inspect web content (e.g., a web page) to determine if the content includes code-based malware. | 08-23-2012 |
20120246701 | Programming, Verifying, Visualizing, and Deploying Browser Extensions with Fine-grained Security Policies - An environment is described which enables the generation, analysis, and use of secure browser extensions. Each browser extension includes an extension body and a policy expressed in a logic-based specification language. The policy specifies the access control and dataflow privileges associated with the extension body in a fine-grained manner by leveraging the structure and content of resources that are accessible to the browser extension. A suite of analysis tools for testing the safety of the browser extension includes a visualization module identifies features of a resource that are accessible to the policy. A static analysis module uses a static analysis technique to determine whether the extension body satisfies the policy. The environment also includes a conversion module for converting the browser extension, once deemed safe, into a form for use by a particular type of browser. The browser can execute that extension without performing runtime safety checks. | 09-27-2012 |
20120297017 | PRIVACY-CONSCIOUS PERSONALIZATION - Personalization is enabled in a privacy-conscious manner. User interest information can be determined as a function of user behavior with respect interaction with content, for example. Such private information can subsequently be disseminated in a controlled fashion based on permission of the user to which the information pertains. Additionally, core functionality can be supplemented by third-party extensions allowed by a user. | 11-22-2012 |
20120323794 | MONETIZATION STRATEGIES IN PRIVACY-CONSCIOUS PERSONALIZATION - Personalization is enabled in a privacy-conscious manner. User interest information can be determined as a function of user behavior with respect interaction with content, for example. Distribution of user information can be managed as function of user permission and one or more offers to acquire the information from parties such as electronic merchants, data aggregators, or ad networks, among others. | 12-20-2012 |
20130174258 | Execution of Multiple Execution Paths - Techniques for execution of multiple execution paths are described. In one or more embodiments, an execution of a portion of executable code is conditioned upon a particular environment-specific value. For example, the execution of the executable code can cause one type of output if the value of the variable equals a particular value, and can cause a different type of output if the value of the variable equals a different value. Techniques discussed herein can enable the executable code to be executed such that multiple outputs are produced, e.g., by executing the code according to the different values for the variable. In implementations, the multiple outputs can be analyzed for various attributes, such as presence of malware, implementation and coding errors, and so on. | 07-04-2013 |
20140109106 | CODE DEPENDENCY CALCULATION - Generation of a dependency graph for code that includes code portions such as resources or functions or both. For some or all of the nodes, the dependency is calculated by determining that the given node, a depending node, depends on an affecting node. The dependency is recorded so as to be associated with the node. Furthermore, the dependency calculation method is recorded so as to be associated with the dependency. The code may perhaps include portions within two different domains, in which the mechanism for calculating dependencies may differ. In some cases, the dependency graph may be constructed in stages, and perhaps additional properties may be associated with the node, and metadata of the properties may also be recorded. | 04-17-2014 |
20140157422 | COMBINING PERSONALIZATION AND PRIVACY LOCALLY ON DEVICES - A profiling service may determine, local to a device, user profile attributes associated with a device user based on interaction of the device user with the device, based on device-local monitoring of device user interactions with the device, and may store the user profile attributes in a memory. The profiling service may be configured as an augmentation to a device operating system of the device. A profile exposure component may manage exposure of information associated with the user profile attributes to applications operating locally on the device, without exposure to the applications or to third parties of information determined as sensitive to the device user. | 06-05-2014 |
20140282879 | Automatically Securing Distributed Applications - A processing system for distributed multi-tier applications is provided. The system includes a server component that executes a replica of a client-side application, where a client component executes the client-side application. The client component captures events from the client-side application and transmits the events to the replica to validate the computational integrity security of the application. | 09-18-2014 |
20140298455 | CRYPTOGRAPHIC MECHANISMS TO PROVIDE INFORMATION PRIVACY AND INTEGRITY - A security engine may be selected from a plurality of security engines to apply one or more security mechanisms to a section of source code of an application. In some cases, the section of source code may be identified by one or more security mechanism identifiers included in the source code. The security engine may generate machine-readable code that corresponds to the section of source code for which the one or more security mechanisms are to be applied. The machine-readable code may be executed on a plurality of computing devices. In one implementation, applying the security mechanisms to the section of source code may include producing zero-knowledge proofs of knowledge for the section of source code. | 10-02-2014 |
20140325062 | DATA-DRIVEN PROFILING FOR DISTRIBUTED APPLICATIONS - An exemplary method includes providing an application that includes client-side code and server-side code, instrumenting the client-side code and the server-side code to generate timestamps, distributing the instrumented client-side code and the instrumented server-side code and monitoring timestamps generated during execution of the application. In such a method, where timestamps generated by the client-side code and timestamps generated by the server-side code occur along a common timeline, a developer can monitor performance of the distributed application. Other exemplary methods, systems, etc., are also disclosed. | 10-30-2014 |
20140366147 | AUTOMATIC MEDIATION OF RESOURCE ACCESS IN MOBILE APPLICATIONS - The subject disclosure is directed towards automated, static analysis-based program code processing that detects unprotected resource accesses by applications, that is, those that do not provide proper opt-in consent dialogs (prompts). In one aspect, consent prompt code is automatically inserted into the program code to protect such unprotected access points. Also described are program representation graph construction and processing, a dominator node-based approach to determine placement points for inserting consent prompt code, and a backward search-based approach for inserting consent prompt code. | 12-11-2014 |
20150071555 | Managing Access by Applications to Perceptual Information - Functionality is described herein by which plural environment-sensing applications capture information from an environment in a fine-grained and least-privileged manner. By doing so, the functionality reduces the risk that private information that appears within the environment will be released to unauthorized parties. Among other aspects, the functionality provides an error correction mechanism for reducing the incidence of false positives in the detection of objects, an offloading technique for delegating computationally intensive recognition tasks to a remote computing framework, and a visualization module by which a user may inspect the access rights to be granted (or already granted) to each application. | 03-12-2015 |
20150082439 | AUTOMATIC CONTEXT-SENSITIVE SANITIZATION - An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path | 03-19-2015 |