Abstract: Data processing systems and methods, according to various embodiments, are adapted for determining a categorization for each tracking tool that executes on a particular webpage based on a variety of criteria, such as the purpose of the tracking tool and its source script. The system may compare the characteristics of tracking tools on a webpage to a database of known tracking tools to determine the appropriate categorization. When a user visits the webpage, the system analyzes these categories and determines whether the tracking tool should be permitted to run based on the categories and/or other criteria, such as whether the user has consented to the use of that type of tracking tool.

Abstract: Described are examples for managing event data from multiple event data sources including executing, by a processor, a query for event data in a discoverable event stream, wherein the event data is stored as timeseries data in the discoverable event stream such that a property corresponding to an object has multiple different values at multiple different time instances, determining, based on a timeseries function, a subset of the multiple different values for the property in instances of the event data that correspond to the multiple different time instances to return for the query, and returning the subset of the multiple different values for the property for the query.

Abstract: Aspects of the present disclosure relate to ingesting event data into a discoverable event stream using a common schema to assign timeseries properties to the event data. These techniques may include receiving a first event of a pre-processed event stream, the first event including a plurality of event data fields representing an occurrence of the first event, and determining timing information based on the plurality of event data fields representing the occurrence of the first event. In addition, the techniques may include generating, based on combining the plurality of event data fields and the timing information, a second event of a discoverable event stream corresponding to the pre-processed event stream, and generating, within a time series of the discoverable event stream, based on the timing information and an event field of the plurality of event data fields, a time series entry corresponding to the second event.

Abstract: Providing a method and a corresponding system for encrypting customer workload data through a trusted entity such as a self-boot engine (SBE). More specifically, there is a method and a corresponding system for securely extracting out customer centric data in a manner that requires the customer payloads and/or workloads to register with the SBE and share the encryption key.

Abstract: Authenticating a host computer and NVDIMM pair using lookup tables for a challenge/response exchange between the pair of devices. The NVDIMM is challenged by the host computer for which a response associated with the physically unclonable function of a NVDIMM component is provided. The NVDIMM challenges the host computer for which a response associated with the physically unclonable function of a host computer component is provided. Additional security stores a modified response associated with run-time physically unclonable functions associated with the host computer and NVDIMM pair for use in future challenge/response exchanges.

Abstract: A method for managing memory within a computing system. The method includes one or more computer processors identifying a range of physical memory addresses that store a first data. The method further includes determining whether a second data is stored within the range of physical memory addresses that stores the first data. The method further includes responding to determining that the second data is stored within the range of physical memory addresses that store the first data, by determining whether a process accessing the second data is identified as associated with a side-channel attack. The method further includes responding to determining that the process accessing the second data is associated with the side-channel attack, by initiating a response associated with the process accessing the second data.

Abstract: Providing a method and a corresponding system for encrypting customer workload data through a trusted entity such as a self-boot engine (SBE). More specifically, there is a method and a corresponding system for securely extracting out customer centric data in a manner that requires the customer payloads and/or workloads to register with the SBE and share the encryption key.

Abstract: Embodiments provide a mutable CRTM schema for ensuring the integrity of a client workload on a single system as updates are made to the firmware used to initialize and run that system by booting a computing system in a secure mode; when successfully validating a boot image for the computing system via a secure verification code that is blocked from write access when the system is booted in a unsecure mode, allowing write access to the secure verification code; and continuing to boot the computing system in the secure mode according to the boot image. When booting the system and unseccessfully validating the boot image at the third time, the system boot is failed.

Abstract: Authenticating a host computer and NVDIMM pair using lookup tables for a challenge/response exchange between the pair of devices. The NVDIMM is challenged by the host computer for which a response associated with the physically unclonable function of a NVDIMM component is provided. The NVDIMM challenges the host computer for which a response associated with the physically unclonable function of a host computer component is provided. Additional security stores a modified response associated with run-time physically unclonable functions associated with the host computer and NVDIMM pair for use in future challenge/response exchanges.

Abstract: A method for managing memory within a computing system. The method includes one or more computer processors identifying a range of physical memory addresses that store a first data. The method further includes determining whether a second data is stored within the range of physical memory addresses that stores the first data. The method further includes responding to determining that the second data is stored within the range of physical memory addresses that store the first data, by determining whether a process accessing the second data is identified as associated with a side-channel attack. The method further includes responding to determining that the process accessing the second data is associated with the side-channel attack, by initiating a response associated with the process accessing the second data.

Abstract: Embodiments provide a mutable CRTM schema for ensuring the integrity of a client workload on a single system as updates are made to the firmware used to initialize and run that system by booting a computing system in a secure mode; when successfully validating a boot image for the computing system via a secure verification code that is blocked from write access when the system is booted in a unsecure mode, allowing write access to the secure verification code; and continuing to boot the computing system in the secure mode according to the boot image. When booting the system and unseccessfully validating the boot image at the third time, the system boot is failed.

Abstract: The present invention extends to methods, systems, and computer program products for forming data responsive to a query. Responding to a query can include selecting data views on top of data sources. A data catalog stores data elements from different data sources and stores links between data elements from the different data sources. A view can be selected for a query based on one or more of: classification of data included in the data catalog or prior usage of data included in the data catalog. A selected data view is populated with data elements from the data catalog using the links to determine that data elements spanning multiple data sources satisfy the query. The data catalog can be used to identify relationships between data elements from different data sources that would not otherwise be identified.

Abstract: A protection circuit can be used with a computer system having a master device and at least one slave device that are connected by an inter-integrated circuit (I2C) bus. A first access request is received that includes an address that identifies a first slave device. In response to a permissible mode, the first access request is communicated to the first slave device using the I2C bus. A sticky protection bit can be set. In response to the sticky protection bit being set, the protection circuit can be placed in a protected mode. A second access request is received. The second access request can be determined to be a protected access to the first slave device. In response to the determining and the protected mode, the second access request to the first slave device can be denied.

Abstract: A protection circuit can be used with a computer system having a master device and at least one slave device that are connected by an inter-integrated circuit (I2C) bus. A first access request is received that includes an address that identifies a first slave device. In response to a permissible mode, the first access request is communicated to the first slave device using the I2C bus. A sticky protection bit can be set. In response to the sticky protection bit being set, the protection circuit can be placed in a protected mode. A second access request is received. The second access request can be determined to be a protected access to the first slave device. In response to the determining and the protected mode, the second access request to the first slave device can be denied.

Abstract: The present invention extends to methods, systems, and computer program products for forming data responsive to a query. Responding to a query can include selecting data views on top of data sources. A data catalog stores data elements from different data sources and stores links between data elements from the different data sources. A view can be selected for a query based on one or more of: classification of data included in the data catalog or prior usage of data included in the data catalog. A selected data view is populated with data elements from the data catalog using the links to determine that data elements spanning multiple data sources satisfy the query. The data catalog can be used to identify relationships between data elements from different data sources that would not otherwise be identified.

Abstract: A processor determines a timestamp for a signal based on a number of consecutive cycles that the signal is present on a trace bus. The processor writes a first part of the timestamp to a memory that is allocated for a timestamp of a trace entry. The processor overwrites one or more identified free bits with a second part of the timestamp of the trace entry.

Abstract: The present invention extends to methods, systems, and computer program products for creating data views. Embodiments of the invention allow automatic creation of data views/projections on top of data sources. A view can be created on one data source (by looking at one or multiple data elements within the data source) or by looking at multiple data sources (of the same or different data types) and combining elements into a view. Data sources can be any kind of data source, including but not limited to: databases, files, and Web services. Views can be picked from a set of predefined views, picked from views of another tenant (either statically or using fuzzy logic), selected based on data element classifications and/or data element relationship classifications, selected based on data usage (e.g., by looking at logs), etc.

Abstract: A computer identifies a storage element in a simulation model of an integrated circuit design that, during simulation of the integrated circuit design using the simulation model, is subject to having its value forced. In response to identifying the storage element, an indication of the storage element and the associated clock signal are stored in a database. In response to receiving an input indicating the value of the storage element is to be forced during simulation, a determination is made by reference to the database whether or not forcing of the value is mistimed with reference to the associated clock signal. In response to a determination that the forcing of the value as indicated by the input is mistimed with reference to the associated clock signal, an indication that forcing of the value is mistimed is output.

Abstract: A protection circuit can be used with a computer system having a master device and at least one slave device that are connected by an inter-integrated circuit (I2C) bus. A first access request is received that includes an address that identifies a first slave device. In response to a permissible mode, the first access request is communicated to the first slave device using the I2C bus. A sticky protection bit can be set. In response to the sticky protection bit being set, the protection circuit can be placed in a protected mode. A second access request is received. The second access request can be determined to be a protected access to the first slave device. In response to the determining and the protected mode, the second access request to the first slave device can be denied.

Abstract: A protection circuit can be used with a computer system having a master device and at least one slave device that are connected by an inter-integrated circuit (I2C) bus. A first access request is received that includes an address that identifies a first slave device. In response to a permissible mode, the first access request is communicated to the first slave device using the I2C bus. A sticky protection bit can be set. In response to the sticky protection bit being set, the protection circuit can be placed in a protected mode. A second access request is received. The second access request can be determined to be a protected access to the first slave device. In response to the determining and the protected mode, the second access request to the first slave device can be denied.