{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:3VNN5QF5C6MAW2TCOE22OG6XD2","short_pith_number":"pith:3VNN5QF5","canonical_record":{"source":{"id":"1702.05997","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-02-20T15:07:07Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"9c46c89850ea4b71ce645e2847ddb6ad8ebbfb57451194f8a1382ef9fe1b0806","abstract_canon_sha256":"8d1f51caa070b51fe5ce9ca3fa4b2a5f817b79e331ce3567644b2b9d3a7ca5a7"},"schema_version":"1.0"},"canonical_sha256":"dd5adec0bd17980b6a627135a71bd71e829295652309a09778d0ddb3f8699037","source":{"kind":"arxiv","id":"1702.05997","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1702.05997","created_at":"2026-05-18T00:50:24Z"},{"alias_kind":"arxiv_version","alias_value":"1702.05997v1","created_at":"2026-05-18T00:50:24Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1702.05997","created_at":"2026-05-18T00:50:24Z"},{"alias_kind":"pith_short_12","alias_value":"3VNN5QF5C6MA","created_at":"2026-05-18T12:30:58Z"},{"alias_kind":"pith_short_16","alias_value":"3VNN5QF5C6MAW2TC","created_at":"2026-05-18T12:30:58Z"},{"alias_kind":"pith_short_8","alias_value":"3VNN5QF5","created_at":"2026-05-18T12:30:58Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:3VNN5QF5C6MAW2TCOE22OG6XD2","target":"record","payload":{"canonical_record":{"source":{"id":"1702.05997","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-02-20T15:07:07Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"9c46c89850ea4b71ce645e2847ddb6ad8ebbfb57451194f8a1382ef9fe1b0806","abstract_canon_sha256":"8d1f51caa070b51fe5ce9ca3fa4b2a5f817b79e331ce3567644b2b9d3a7ca5a7"},"schema_version":"1.0"},"canonical_sha256":"dd5adec0bd17980b6a627135a71bd71e829295652309a09778d0ddb3f8699037","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:50:24.623602Z","signature_b64":"OongVuJIo4dh/aDyM638yrOBFWSnChgz0AodcModDsNxYAWqV0paEP3UWnED3faC8WcgXk8bj8+kcyvp5MkXAQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"dd5adec0bd17980b6a627135a71bd71e829295652309a09778d0ddb3f8699037","last_reissued_at":"2026-05-18T00:50:24.622847Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:50:24.622847Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1702.05997","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:50:24Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"J1opiekK2UT28wv4i9AWBeYMwONEEfN5NzlfNT3ncMaQ/tcwmqpGtKw8pkbPln8n/W8C3wtuFDBmkcRRz6ooBw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-21T22:28:54.652171Z"},"content_sha256":"47a04fa1e70d670a354c76d462448c4d904add5650a867865f8db1c981d4a643","schema_version":"1.0","event_id":"sha256:47a04fa1e70d670a354c76d462448c4d904add5650a867865f8db1c981d4a643"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:3VNN5QF5C6MAW2TCOE22OG6XD2","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Refinement-based Specification and Security Analysis of Separation Kernels","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR"],"primary_cat":"cs.SE","authors_text":"David Sanan, Fuyuan Zhang, Yang Liu, Yongwang Zhao","submitted_at":"2017-02-20T15:07:07Z","abstract_excerpt":"Assurance of information-flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for improving safety, ARINC 653 has been complied with by mainstream separation kernels. Due to the new trend of integrating safe and secure functionalities into one separation kernel, security analysis of ARINC 653 as well as a formal specification with security proofs are thus significant for the development and certification of ARINC 653 compliant Separation Kernels (ARINC SKs). This paper presents a specification development and security analysis m"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1702.05997","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:50:24Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"SIgxCskPViWE15cbBLHvVZ3TSBPLezYcGtBlYlwacH+pCyDwnEtz1KSqwfgBdmY4BLVVR9+nVrgxPa7pD/FNCw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-21T22:28:54.652536Z"},"content_sha256":"6b627d6869e4f204d9e073449d6e247d71a39c14e7049982769901de9a50618c","schema_version":"1.0","event_id":"sha256:6b627d6869e4f204d9e073449d6e247d71a39c14e7049982769901de9a50618c"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/3VNN5QF5C6MAW2TCOE22OG6XD2/bundle.json","state_url":"https://pith.science/pith/3VNN5QF5C6MAW2TCOE22OG6XD2/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/3VNN5QF5C6MAW2TCOE22OG6XD2/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-21T22:28:54Z","links":{"resolver":"https://pith.science/pith/3VNN5QF5C6MAW2TCOE22OG6XD2","bundle":"https://pith.science/pith/3VNN5QF5C6MAW2TCOE22OG6XD2/bundle.json","state":"https://pith.science/pith/3VNN5QF5C6MAW2TCOE22OG6XD2/state.json","well_known_bundle":"https://pith.science/.well-known/pith/3VNN5QF5C6MAW2TCOE22OG6XD2/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:3VNN5QF5C6MAW2TCOE22OG6XD2","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"8d1f51caa070b51fe5ce9ca3fa4b2a5f817b79e331ce3567644b2b9d3a7ca5a7","cross_cats_sorted":["cs.CR"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-02-20T15:07:07Z","title_canon_sha256":"9c46c89850ea4b71ce645e2847ddb6ad8ebbfb57451194f8a1382ef9fe1b0806"},"schema_version":"1.0","source":{"id":"1702.05997","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1702.05997","created_at":"2026-05-18T00:50:24Z"},{"alias_kind":"arxiv_version","alias_value":"1702.05997v1","created_at":"2026-05-18T00:50:24Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1702.05997","created_at":"2026-05-18T00:50:24Z"},{"alias_kind":"pith_short_12","alias_value":"3VNN5QF5C6MA","created_at":"2026-05-18T12:30:58Z"},{"alias_kind":"pith_short_16","alias_value":"3VNN5QF5C6MAW2TC","created_at":"2026-05-18T12:30:58Z"},{"alias_kind":"pith_short_8","alias_value":"3VNN5QF5","created_at":"2026-05-18T12:30:58Z"}],"graph_snapshots":[{"event_id":"sha256:6b627d6869e4f204d9e073449d6e247d71a39c14e7049982769901de9a50618c","target":"graph","created_at":"2026-05-18T00:50:24Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Assurance of information-flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for improving safety, ARINC 653 has been complied with by mainstream separation kernels. Due to the new trend of integrating safe and secure functionalities into one separation kernel, security analysis of ARINC 653 as well as a formal specification with security proofs are thus significant for the development and certification of ARINC 653 compliant Separation Kernels (ARINC SKs). This paper presents a specification development and security analysis m","authors_text":"David Sanan, Fuyuan Zhang, Yang Liu, Yongwang Zhao","cross_cats":["cs.CR"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-02-20T15:07:07Z","title":"Refinement-based Specification and Security Analysis of Separation Kernels"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1702.05997","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:47a04fa1e70d670a354c76d462448c4d904add5650a867865f8db1c981d4a643","target":"record","created_at":"2026-05-18T00:50:24Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"8d1f51caa070b51fe5ce9ca3fa4b2a5f817b79e331ce3567644b2b9d3a7ca5a7","cross_cats_sorted":["cs.CR"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-02-20T15:07:07Z","title_canon_sha256":"9c46c89850ea4b71ce645e2847ddb6ad8ebbfb57451194f8a1382ef9fe1b0806"},"schema_version":"1.0","source":{"id":"1702.05997","kind":"arxiv","version":1}},"canonical_sha256":"dd5adec0bd17980b6a627135a71bd71e829295652309a09778d0ddb3f8699037","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"dd5adec0bd17980b6a627135a71bd71e829295652309a09778d0ddb3f8699037","first_computed_at":"2026-05-18T00:50:24.622847Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:50:24.622847Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"OongVuJIo4dh/aDyM638yrOBFWSnChgz0AodcModDsNxYAWqV0paEP3UWnED3faC8WcgXk8bj8+kcyvp5MkXAQ==","signature_status":"signed_v1","signed_at":"2026-05-18T00:50:24.623602Z","signed_message":"canonical_sha256_bytes"},"source_id":"1702.05997","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:47a04fa1e70d670a354c76d462448c4d904add5650a867865f8db1c981d4a643","sha256:6b627d6869e4f204d9e073449d6e247d71a39c14e7049982769901de9a50618c"],"state_sha256":"524af5b4e64d183e4449b738a2af52a858c62d0114df2591be94ab7ee73ae7d1"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"lGqInTe16w+M9Q02vBmMbYGB7o6fIsLKqjXcrkZQj7z6qwN41OlWBI943MNHt/osGvyVNDYe6MEIf3TV56KnDA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-21T22:28:54.654504Z","bundle_sha256":"7cbed7d48e355356ae932f4b90d3660984ca2e2b7d7adb146c68c74bda9c757c"}}