Abstract: Method, apparatus and product for purpose-based data access control. Having a data about a subject, for which usage is approved for a purpose, a first encryption key associated with the first purpose is obtained. A link pointing to a first alias of the data is generated, the first alias being associated with the first purpose. The link pointing to the first alias is encrypted with the first encryption key to obtain a first encrypted link; and access is provided to the first encrypted link, whereby access to the data is obtainable by decrypting the first encrypted link with the first decryption key to obtain the first alias and using the first alias to access the data. In some cases, a second link for a second can be similarly generated. Upon revocation of approval, a corresponding alias is eliminated to prevent access thereby. The links may be retained in a decentralized ledger, such as a blockchain.

Abstract: An apparatus, a computer program product and a method for co-verification of systems comprising software and hardware components. The method comprises obtaining an over-approximation of the system that over-approximates the software or the hardware by using a non-deterministic version thereof; performing simulation of the over-approximation of the system; and utilizing an outcome of the simulation to guide a co-simulation of the system. The co-simulation comprises instrumenting the software to identify whether the coverage goals are reached during execution, generating a test input for the system, simulating execution of the test input by the instrumented software, wherein during said simulating, stimuli provided from the instrumented software to underlying hardware is provided to a hardware simulator that is configured to simulate the hardware-under-test; determining a coverage of the execution of the test input, and utilizing the coverage information in a successive iteration of the method.

Abstract: An apparatus, a computer program product and a method for co-verification of systems comprising software and hardware components. The method comprises obtaining an over-approximation of the system that over-approximates the software or the hardware by using a non-deterministic version thereof; performing simulation of the over-approximation of the system; and utilizing an outcome of the simulation to guide a co-simulation of the system. The co-simulation comprises instrumenting the software to identify whether the coverage goals are reached during execution, generating a test input for the system, simulating execution of the test input by the instrumented software, wherein during said simulating, stimuli provided from the instrumented software to underlying hardware is provided to a hardware simulator that is configured to simulate the hardware-under-test; determining a coverage of the execution of the test input, and utilizing the coverage information in a successive iteration of the method.

Abstract: A system, an apparatus, a computer program product and a method for obfuscation-based security and authentication. The method comprises: obtaining a different key for each different device; obfuscating an interface layer utilized by components of the device to interact, using the key, to produce an obfuscated interface layer; and providing, directly or indirectly, the two components with the key to allow the two components to utilize the obfuscated interface layer to interact with each other. The system comprises a plurality of devices that are instances of a same device and a server coupled to a memory retaining a plurality of keys, each of which is used to obfuscate interface layers of a different device to produce heterogeneous set of devices instead of a homogenous set of devices. Communications and operations with the plurality of devices are performed in an obfuscated manner through the server.

Abstract: In some examples, a system for authenticating users can include a processor to train a first predictive application based on a first set of user engagements with advertisements, wherein the first predictive application is associated with a first advertising identifier. The processor can also train a second predictive application based on a second set of user engagements with the advertisements, wherein the second predictive application is associated with a second advertising identifier. Additionally, the processor can compare the first predictive application and the second predictive application and authenticate a user in response to detecting a similarity of the first predictive application and the second predictive application is below a threshold value, wherein authenticating the user enables the user to access a resource or service.

Abstract: An apparatus, a computer program product and a method for co-verification of systems comprising software and hardware components. The method comprises obtaining an over-approximation of the system that over-approximates the software or the hardware by using a non-deterministic version thereof; performing simulation of the over-approximation of the system; and utilizing an outcome of the simulation to guide a co-simulation of the system. The co-simulation comprises instrumenting the software to identify whether the coverage goals are reached during execution, generating a test input for the system, simulating execution of the test input by the instrumented software, wherein during said simulating, stimuli provided from the instrumented software to underlying hardware is provided to a hardware simulator that is configured to simulate the hardware-under-test; determining a coverage of the execution of the test input, and utilizing the coverage information in a successive iteration of the method.

Abstract: An apparatus, a computer program product and a method for co-verification of systems comprising software and hardware components. The method comprises obtaining an over-approximation of the system that over-approximates the software or the hardware by using a non-deterministic version thereof; performing simulation of the over-approximation of the system; and utilizing an outcome of the simulation to guide a co-simulation of the system. The co-simulation comprises instrumenting the software to identify whether the coverage goals are reached during execution, generating a test input for the system, simulating execution of the test input by the instrumented software, wherein during said simulating, stimuli provided from the instrumented software to underlying hardware is provided to a hardware simulator that is configured to simulate the hardware-under-test; determining a coverage of the execution of the test input, and utilizing the coverage information in a successive iteration of the method.

Abstract: An apparatus, a computer program product and a method for co-verification of systems comprising software and hardware components. The method comprises obtaining an over-approximation of the system that over-approximates the software or the hardware by using a non-deterministic version thereof; performing simulation of the over-approximation of the system; and utilizing an outcome of the simulation to guide a co-simulation of the system. The co-simulation comprises instrumenting the software to identify whether the coverage goals are reached during execution, generating a test input for the system, simulating execution of the test input by the instrumented software, wherein during said simulating, stimuli provided from the instrumented software to underlying hardware is provided to a hardware simulator that is configured to simulate the hardware-under-test; determining a coverage of the execution of the test input, and utilizing the coverage information in a successive iteration of the method.

Abstract: Method, apparatus and product for purpose-based data access control. Having a data about a subject, for which usage is approved for a purpose, a first encryption key associated with the first purpose is obtained. A link pointing to a first alias of the data is generated, the first alias being associated with the first purpose. The link pointing to the first alias is encrypted with the first encryption key to obtain a first encrypted link; and access is provided to the first encrypted link, whereby access to the data is obtainable by decrypting the first encrypted link with the first decryption key to obtain the first alias and using the first alias to access the data. In some cases, a second link for a second can be similarly generated. Upon revocation of approval, a corresponding alias is eliminated to prevent access thereby. The links may be retained in a decentralized ledger, such as a blockchain.

Abstract: An apparatus, a computer program product and a method for hybrid genetic concolic co-verification of hardware and software. The method comprises repeatedly obtaining a test input for a system comprising a software and a hardware; performing a symbolic co-simulation of the system executing the test input to generate a symbolic co-simulation constraint and utilizing the symbolic co-simulation constraint to generate a new test input. The symbolic co-simulation comprises iteratively performing concolic execution of the software and symbolic simulation of the hardware. The concolic execution is guided using the test input and monitors software symbols.

Abstract: An apparatus, a computer program product and a method for hybrid genetic concolic co-verification of hardware and software. The method comprises repeatedly obtaining a test input for a system comprising a software and a hardware; performing a symbolic co-simulation of the system executing the test input to generate a symbolic co-simulation constraint and utilizing the symbolic co-simulation constraint to generate a new test input. The symbolic co-simulation comprises iteratively performing concolic execution of the software and symbolic simulation of the hardware. The concolic execution is guided using the test input and monitors software symbols.

Abstract: An apparatus, a computer program product and a method for co-verification of systems comprising software and hardware components. The method comprises obtaining an over-approximation of the system that over-approximates the software or the hardware by using a non-deterministic version thereof; performing simulation of the over-approximation of the system; and utilizing an outcome of the simulation to guide a co-simulation of the system. The co-simulation comprises instrumenting the software to identify whether the coverage goals are reached during execution, generating a test input for the system, simulating execution of the test input by the instrumented software, wherein during said simulating, stimuli provided from the instrumented software to underlying hardware is provided to a hardware simulator that is configured to simulate the hardware-under-test; determining a coverage of the execution of the test input, and utilizing the coverage information in a successive iteration of the method.

Abstract: A method, apparatus and product for using a predictive model to predict if inputs reach a vulnerability of a program. Given a sample input, which when provided to a program being executed, is configured to cause execution of the program to reach a vulnerability, a set of variant inputs and labels thereof is generated based on the sample input and execution of the program with each variant input. A predictive model is trained based on the set of variant inputs and labels thereof, and provided to an input analysis platform configured to analyze an input; whereby the input analysis platform is enabled to predict whether an input would cause the program to reach the vulnerability prior to executing the program with the input and perform a responsive action accordingly.

Abstract: In some examples, a system for authenticating transactions can include a processor to detect metadata corresponding to a user of a mobile device, wherein the metadata comprises a call history from the mobile device. The processor can also detect transaction information corresponding to the user of the mobile device from a remote server, wherein the transaction information corresponds to a transaction initiated at a remote service provider and wherein the transaction information indicates a transaction type and transaction initiator information. The processor can also generate an authentication score of the transaction based on the metadata and the transaction information. The processor can also authorize the transaction based on the authentication score.

Abstract: A system, an apparatus, a computer program product and a method for obfuscation-based security and authentication. The method comprises: obtaining a different key for each different device; obfuscating an interface layer utilized by components of the device to interact, using the key, to produce an obfuscated interface layer; and providing, directly or indirectly, the two components with the key to allow the two components to utilize the obfuscated interface layer to interact with each other. The system comprises a plurality of devices that are instances of a same device and a server coupled to a memory retaining a plurality of keys, each of which is used to obfuscate interface layers of a different device to produce heterogeneous set of devices instead of a homogenous set of devices. Communications and operations with the plurality of devices are performed in an obfuscated manner through the server.

Abstract: In some examples, a system for authenticating users can include a processor to train a first predictive application based on a first set of user engagements with advertisements, wherein the first predictive application is associated with a first advertising identifier. The processor can also train a second predictive application based on a second set of user engagements with the advertisements, wherein the second predictive application is associated with a second advertising identifier. Additionally, the processor can compare the first predictive application and the second predictive application and authenticate a user in response to detecting a similarity of the first predictive application and the second predictive application is below a threshold value, wherein authenticating the user enables the user to access a resource or service.

Abstract: A method, apparatus and product for using a predictive model to predict if inputs reach a vulnerability of a program. Given a sample input, which when provided to a program being executed, is configured to cause execution of the program to reach a vulnerability, a set of variant inputs and labels thereof is generated based on the sample input and execution of the program with each variant input. A predictive model is trained based on the set of variant inputs and labels thereof, and provided to an input analysis platform configured to analyze an input; whereby the input analysis platform is enabled to predict whether an input would cause the program to reach the vulnerability prior to executing the program with the input and perform a responsive action accordingly.

Abstract: In some examples, a system for authenticating transactions can include a processor to detect metadata corresponding to a user of a mobile device, wherein the metadata comprises a call history from the mobile device. The processor can also detect transaction information corresponding to the user of the mobile device from a remote server, wherein the transaction information corresponds to a transaction initiated at a remote service provider and wherein the transaction information indicates a transaction type and transaction initiator information. The processor can also generate an authentication score of the transaction based on the metadata and the transaction information. The processor can also authorize the transaction based on the authentication score.

Abstract: A method, system and product for predicting impact of workload migration. The method comprising: obtaining a utilization pattern of a workload that is being executed on a first platform; generating a synthetic workload that is configured to have the utilization pattern when executed on the first platform; executing the synthetic workload on a second platform; and identifying a change in performance between execution of the synthetic workload on the first platform and between execution of the synthetic workload on the second platform in order to provide a prediction of an impact of migrating the workload from the first platform to the second platform.

Abstract: A method, system and product for predicting impact of workload migration. The method comprising: obtaining a utilization pattern of a workload that is being executed on a first platform; generating a synthetic workload that is configured to have the utilization pattern when executed on the first platform; executing the synthetic workload on a second platform; and identifying a change in performance between execution of the synthetic workload on the first platform and between execution of the synthetic workload on the second platform in order to provide a prediction of an impact of migrating the workload from the first platform to the second platform.