Salvatore A Guarnieri

US Patent:

20140052997, Feb 20, 2014

Filed:

Aug 17, 2012

Appl. No.:

13/588347

Inventors:

Bard Bloom - Dobbs Ferry NY, US
John H. Field - Middlebury CT, US
Salvatore Guarnieri - New York NY, US
Marco Pistoia - Amawalk NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 21/22

US Classification:

713189, 726 20

Abstract:

An application includes: a programming model including a service provider, first components, second components, and sinks communicating via messages. Each of the second components is assigned a unique capability. A given one of the first components routes a message from the given first component to second component(s) and then to a sink. Each of the second component(s) sends the message to the service provider. The service provider creates a token corresponding at least to a received message and a unique capability assigned to an associated one of the second component(s) and sends the token to the associated one of the second component(s). The selected sink receives the message and a token corresponding to each of the second component(s), verifies each received token, and either accepts the message if each of the received tokens is verified or ignores the message if at least one of the received tokens is not verified.

US Patent:

20140052998, Feb 20, 2014

Filed:

Sep 12, 2012

Appl. No.:

13/611064

Inventors:

Bard Bloom - Dobbs Ferry NY, US
John H. Field - Middlebury CT, US
Salvatore Guarnieri - New York NY, US
Marco Pistoia - Amawalk NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 21/24

US Classification:

713189, 726 30

Abstract:

An application includes: a programming model including a service provider, first components, second components, and sinks communicating via messages. Each of the second components is assigned a unique capability. A given one of the first components routes a message from the given first component to second component(s) and then to a sink. Each of the second component(s) sends the message to the service provider. The service provider creates a token corresponding at least to a received message and a unique capability assigned to an associated one of the second component(s) and sends the token to the associated one of the second component(s). The selected sink receives the message and a token corresponding to each of the second component(s), verifies each received token, and either accepts the message if each of the received tokens is verified or ignores the message if at least one of the received tokens is not verified.

US Patent:

20140075561, Mar 13, 2014

Filed:

Sep 12, 2012

Appl. No.:

13/611201

Inventors:

Salvatore A. Guarnieri - New York NY, US
Marco Pistoia - Amawalk NY, US
Omer Tripp - Har-Adar, IL

Assignee:

INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY

International Classification:

G06F 21/00

US Classification:

726 25, 726 22

Abstract:

Methods for creating a hybrid string representations include receiving string information as input; parsing the string information to produce one or more string components; determining string components that may be represented concretely by comparing the one or more components to a set of known concretizations; abstracting all string components that could not be represented concretely; and creating a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.

US Patent:

20140075562, Mar 13, 2014

Filed:

Sep 12, 2012

Appl. No.:

13/611792

Inventors:

Salvatore A. Guarnieri - New York NY, US
Marco Pistoia - Amawalk NY, US
Omer Tripp - Har-Adar, IL

Assignee:

INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY

International Classification:

G06F 21/00

US Classification:

726 25, 726 22

Abstract:

Systems for constructing hybrid string representations include a string parser configured to parse received string information to produce one or more string components, a database configured to store a set of known concretizations, and a processor configured to compare the one or more string components to the set of known concretizations to determine string components that may be represented concretely, to abstract all string components that could not be represented concretely, and to create a hybrid string representation that includes at least one concrete string component and at least one abstracted string component.

US Patent:

20130290786, Oct 31, 2013

Filed:

Apr 26, 2012

Appl. No.:

13/457083

Inventors:

Shay ARTZI - Brookline MA, US
Julian DOLBY - Bronx NY, US
Salvatore A. GUARNIERI - New York NY, US
Simon H. JENSEN - Aarhus V, DK
Marco PISTOIA - Amawalk NY, US
Manu SRIDHARAN - Boulder CO, US
Frank TIP - Ridgewood NJ, US
Omer TRIPP - Har-Adar, IL

Assignee:

INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY

International Classification:

G06F 11/36

US Classification:

714 32, 714E11207

Abstract:

A novel system, computer program product, and method are disclosed for feedback-directed automated test generation for programs, such as JavaScript, in which execution is monitored to collect information that directs the test generator towards inputs that yield increased coverage. Several instantiations of the framework are implemented, corresponding to variations on feedback-directed random testing, in a tool called Artemis.

US Patent:

20180046934, Feb 15, 2018

Filed:

Aug 9, 2016

Appl. No.:

15/232244

Inventors:

- Armonk NY, US
Salvatore Angelo Guarnieri - New York NY, US
Marco Pistoia - Amawalk NY, US
Omer Tripp - Bronx NY, US

International Classification:

G06N 99/00
G06F 21/56
G06F 21/57
G06N 7/00

Abstract:

Techniques for generating a warning filter to filter the warnings output from a static program analysis tool are provided. In one example, a computer-implemented method comprises determining feature vector data for a set of warnings, wherein the set of warnings is generated in response to static analysis of a computer program, and wherein the feature vector data comprises a feature vector indicative of an attribute of a warning of the set of warnings. The computer-implemented method also comprises determining a warning filter that identifies a first subset of the set of warnings as representing true positives based on the feature vector data and classified warning data, and wherein the classified warning data represents a second subset of the set of warnings that have been classified to indicate whether respective members of the second subset are indicative of true positives.

US Patent:

20160182553, Jun 23, 2016

Filed:

Dec 18, 2014

Appl. No.:

14/576118

Inventors:

- Armonk NY, US
Salvatore Angelo Guarnieri - NY NY, US

International Classification:

H04L 29/06
G06N 99/00
G06F 17/24

Abstract:

User-guided machine learning (ML) significantly reduces false alarms generated by an automated analysis tool performing static security analysis. User interactivity involves initial review and annotation of findings (“witnesses”) in a report generated by the analysis tool. Those annotated findings are then used by the system to generate a “hypothesis” about how to further classify the static analysis findings in the report. The hypothesis is implemented as a machine learning classifier. To generate the classifier, a set of features are abstracted from a typical witness, and the system compares feature sets against one another to determine a set of weights for the classifier. The initial hypothesis is then validated against a second set of user-annotated findings, and the classifier is adjusted as necessary based on how close it fits the new data. Once the approach converges on a final classifier, it is used to filter remaining findings in the report.

US Patent:

20140344938, Nov 20, 2014

Filed:

May 17, 2013

Appl. No.:

13/896761

Inventors:

- Armonk NY, US
Marco Pistoia - Amawalk NY, US
Salvatore A. Guarnieri - New York NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 21/57

US Classification:

726 25

Abstract:

A disclosed method includes determining modifications have been made to a program and deriving data flow seeds that are affected by the modifications. The method includes selecting one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications and performing a security analysis on the program. The security analysis includes tracking flows emanating from the selected data flow seeds to sinks terminating the flows. The method includes outputting results of the security analysis. The results comprise one or more indications of security status for one or more of the flows emanating from the selected data flow seeds. At least the deriving, selecting, and performing are performed using a static analysis of the program. Apparatus and program products are also disclosed.