Abstract: Disclosed herein are techniques for analyzing control-flow integrity based on functional line-of-code behavior and relation models. Techniques include receiving data based on runtime operations of a controller; constructing a line-of-code behavior and relation model representing execution of functions on the controller based on the received data; constructing, based on the line-of-code behavioral and relation model, a dynamic control flow integrity model configured for the controller to enforce in real-time; and deploying the dynamic control flow integrity model to the controller.

Abstract: Disclosed herein are techniques for identifying software interdependencies based on functional line-of-code behavior and relation models. Techniques include identifying a first portion of executable code associated with a first controller; accessing a functional line-of-code behavior and relation model representing functionality of the first portion of executable code and a second portion of executable code; determining, based on the functional line-of-code behavior and relation model, that the second portion of executable code is interdependent with the first portion of executable code; and generating, based on the determined interdependency, a report identifying the interdependent first portion of executable code and second portion of executable code.

Abstract: Methods and apparatus are provided for validating event scenarios using reference readings obtained from a plurality of sensors associated with one or more predefined event scenarios. If a reading from a first sensor satisfies a reference reading of the first sensor for at least one identified scenario in a scenario library, at least one additional sensor is identified from the identified scenario and a reading is obtained from the additional sensors. The identified scenario is validated when the readings of the additional sensors satisfy the reference reading for the additional sensors from the identified scenario. A confidence level is optionally determined based on the readings of the sensors in the identified scenario. The readings of the sensors are optionally monitored over time to update the confidence level of the identified scenario.

Abstract: Disclosed herein are techniques for generating and signing line-of-code behavior and relation models. Techniques include identifying executable code for a controller; performing a functional analysis of the executable code to determine a plurality of functions associated with the executable code and a plurality of relationships between the plurality of functions; generating, based on the determined plurality of functions and plurality of relationships, a line-of-code behavior and relation model for the executable code; performing a signature operation on the generated line-of-code behavior and relation model to produce a unique signature value associated with at least one of: the line-of-code behavior and relation model or a functional block of the line-of-code behavior and relation model; and linking the unique signature value to the line-of-code behavior and relation model.

Abstract: Disclosed herein are techniques for identifying sources of software-based malfunctions. Techniques include identifying a potential software malfunction in a system, the system having multiple code sets associated with a plurality of different software sources; accessing a line-of-code behavior and relation model representing execution of functions of the code sets; identifying, based on the line-of-code behavior and relation model, a code set determined to have the potential to cause, a least in part, the potential software malfunction; and determining a source identifier of the identified code set.

Abstract: Disclosed herein are techniques for analyzing control-flow integrity based on functional line-of-code behavior and relation models. Techniques include receiving data based on runtime operations of a controller; constructing a line-of-code behavior and relation model representing execution of functions on the controller based on the received data; constructing, based on the line-of-code behavioral and relation model, a dynamic control flow integrity model configured for the controller to enforce in real-time; and deploying the dynamic control flow integrity model to the controller.

Abstract: Disclosed herein are techniques for analyzing control-flow integrity based on functional line-of-code behavior and relation models. Techniques include receiving data based on runtime operations of a controller; constructing a line-of-code behavior and relation model representing execution of functions on the controller based on the received data; constructing, based on the line-of-code behavioral and relation model, a dynamic control flow integrity model configured for the controller to enforce in real-time; and deploying the dynamic control flow integrity model to the controller.

Abstract: Disclosed herein are techniques for identifying sources of software-based malfunctions. Techniques include identifying a potential software malfunction in a system, the system having multiple code sets associated with a plurality of different software sources; accessing a line-of-code behavior and relation model representing execution of functions of the code sets; identifying, based on the line-of-code behavior and relation model, a code set determined to have the potential to cause, a least in part, the potential software malfunction; and determining a source identifier of the identified code set.

Abstract: Disclosed herein are techniques for analyzing hardware change impacts based on at least one functional line-of-code behavior and relation model. Techniques include identifying a new hardware component associated with a system; accessing a first line-of-code behavior and relation model representing execution of functions using the new hardware component; accessing a second line-of-code behavior and relation model representing execution of functions on a previous hardware component of the system; performing a functional differential comparison of the first line-of-code behavior and relation model to the second line-of-code behavior and relation model; determining, based on the functional differential comparison, a status of functional equivalence between the new hardware component and the previous hardware component; and generating, based on the determined difference, a report identifying the status of functional equivalence.

Abstract: Disclosed herein are techniques for identifying software dependencies based on functional line-of-code behavior and relation models. Techniques include accessing a first line-of-code behavior and relation model representing execution of functions of a first portion of executable code, the first portion of executable code being associated with a first symbol; detecting a change to the first portion of executable code; constructing, based on the changed first portion of executable code, a second line-of-code behavior and relation model representing execution of functions of the changed first portion of executable code; determining, based on the constructed second model, a dependency between (i) the changed first portion of executable code or the first symbol and (ii) a second symbol; and generating, based on the determined difference, a report identifying the dependency.

Abstract: Disclosed herein are techniques for using a line-of-code behavior and relation model to determine software functionality changes. Techniques include identifying a first portion of executable code and a second portion of executable code; accessing a first line-of-code behavior and relation model representing execution of functions of the first portion of executable code; constructing, based on the second portion of executable code, a second line-of-code behavior and relation model representing execution of functions of the second portion of executable code; performing a functional differential comparison of the first line-of-code behavior and relation model to the second line-of-code behavior and relation model; determining, based on the functional differential comparison, a status of functional equivalence between the first portion of executable code and the code portion of executable code; and generating, based on the determined difference, a report identifying the status of functional equivalence.

Abstract: Disclosed herein are techniques for generating and signing line-of-code behavior and relation models. Techniques include identifying executable code for a controller; performing a functional analysis of the executable code to determine a plurality of functions associated with the executable code and a plurality of relationships between the plurality of functions; generating, based on the determined plurality of functions and plurality of relationships, a line-of-code behavior and relation model for the executable code; performing a signature operation on the generated line-of-code behavior and relation model to produce a unique signature value associated with at least one of: the line-of-code behavior and relation model or a functional block of the line-of-code behavior and relation model; and linking the unique signature value to the line-of-code behavior and relation model.

Abstract: Disclosed herein are techniques for identifying software interdependencies based on functional line-of-code behavior and relation models. Techniques include identifying a first portion of executable code associated with a first controller; accessing a functional line-of-code behavior and relation model representing functionality of the first portion of executable code and a second portion of executable code; determining, based on the functional line-of-code behavior and relation model, that the second portion of executable code is interdependent with the first portion of executable code; and generating, based on the determined interdependency, a report identifying the interdependent first portion of executable code and second portion of executable code.

Abstract: Disclosed herein are techniques for visualizing and configuring controller function sequences.

Abstract: Disclosed herein are techniques for analyzing software delta changes based on functional line-of-code behavior and relation models. Techniques include identifying a prompt to change a first version of code on a controller to a second version of code; constructing, based on the identified prompt, a line-of-code behavior and relation model representing execution of functions of the controller based on the second version of code; performing a signature operation on the generated line-of-code behavior and relation model to produce a signature value; and sending the signature value to the controller; wherein the controller is configured to compare the signature value to a computed signature value that the controller is configured to compute based on the second version of code and determine, based on the comparison, whether to validate the second version of code.

Abstract: There are disclosed herein techniques for use in fraud detection. In one embodiment, there is disclosed a technique comprising receiving a request to authenticate an electronic transaction described by a particular value of an authentication factor. The technique also comprises analysing transaction data relating to prior electronic transactions to determine information in connection with the particular value of the authentication factor. The analysing comprising a first part and a second part that separately analyse transaction data relating to at least one prior electronic transaction such that one of the first and second parts distinguishes itself from the other of the first and second parts by the extent to which that one part discriminates against the at least one prior electronic transaction based on its age.

Abstract: Techniques of authenticating a new user involve classifying a new user as a member of a group based on the new user's current activity. Along these lines, when a new user enrolls in an authentication system, the authentication system places the new user in a group of new users that have not made any requests and are assumed to be high risks of making fraudulent requests. Once the new user makes a request to access a resource, the authentication system classifies the new user as a member of another group according to authentication factors describing activities surrounding the request.

Abstract: Techniques are provided for smoothing discretized values used, for example, for authentication or identity assurance. An illustrative method comprises obtaining at least one probability of transitioning between at least two discretized values of a given feature; computing a smoothed feature score for the given feature for a transition from a first one of the discretized values to a second one of the discretized values based on the probability of the transition from the first discrete value to the second discrete value; and performing one or more of authenticating a user and verifying an identity of a user based at least in part on the smoothed feature score. The probabilities of transitioning between the discretized values are optionally stored in a transition matrix. Feature scores for first and second discretized values are optionally weighted based on the probability of the transition from the first discrete value to the second discrete value.

Abstract: There is disclosed in one embodiment a method comprising the step of determining, access rights granted to a first user that enables access to a computerized resource. The method also comprises the step of comparing the access rights granted to the first user against access rights granted to a second user associated with the first user. The method further comprises the step of providing a warning when the comparison indicates that the first user has excessive access rights over the second user.

Abstract: Technology for providing risk-based authentication, in which a location N-gram is generated for each historical transaction, the location N-gram indicating both a location from which the historical transaction originated and at least one location from which at least one previous transaction performed by the user that performed the historical transaction originated. A counter corresponding to the location N-gram is identified and incremented in a behavior profile for the user. An anomalousness risk score for a current user transaction having the same location N-gram may be calculated based on a value of the counter. If the risk score exceeds a threshold, an alert may be issued or other action taken with regard to the current transaction. Techniques are provided that limit complexity resulting from using a series of locations to detect anomalous user behavior, and that reduce the sparseness of the generated historical behavior data.