{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2016:BQDDXDVTUKTRSLQTUJISA6LUTI","short_pith_number":"pith:BQDDXDVT","canonical_record":{"source":{"id":"1601.05851","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.OS","submitted_at":"2016-01-22T01:22:53Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"ce74bf5b57fe3cbceb656dec8947201e559bbb788f724325b5c003412e091f44","abstract_canon_sha256":"646a5bc214dd7b1ff18a225bdedf9e33dcb19fd24635bf2d0bd724c0213c2e50"},"schema_version":"1.0"},"canonical_sha256":"0c063b8eb3a2a7192e13a2512079749a164180017706f6857a226b9c7f98aa4d","source":{"kind":"arxiv","id":"1601.05851","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1601.05851","created_at":"2026-05-18T00:43:03Z"},{"alias_kind":"arxiv_version","alias_value":"1601.05851v1","created_at":"2026-05-18T00:43:03Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1601.05851","created_at":"2026-05-18T00:43:03Z"},{"alias_kind":"pith_short_12","alias_value":"BQDDXDVTUKTR","created_at":"2026-05-18T12:30:07Z"},{"alias_kind":"pith_short_16","alias_value":"BQDDXDVTUKTRSLQT","created_at":"2026-05-18T12:30:07Z"},{"alias_kind":"pith_short_8","alias_value":"BQDDXDVT","created_at":"2026-05-18T12:30:07Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2016:BQDDXDVTUKTRSLQTUJISA6LUTI","target":"record","payload":{"canonical_record":{"source":{"id":"1601.05851","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.OS","submitted_at":"2016-01-22T01:22:53Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"ce74bf5b57fe3cbceb656dec8947201e559bbb788f724325b5c003412e091f44","abstract_canon_sha256":"646a5bc214dd7b1ff18a225bdedf9e33dcb19fd24635bf2d0bd724c0213c2e50"},"schema_version":"1.0"},"canonical_sha256":"0c063b8eb3a2a7192e13a2512079749a164180017706f6857a226b9c7f98aa4d","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:43:03.095678Z","signature_b64":"bJdZgVWdbRVN61h6KrZC7ihPOJR1hAmDy2f4U3KWSgBrXVqIhVuHD4hBFOzdIaIRP0nCsqtLDeGFFT2RblTdBg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"0c063b8eb3a2a7192e13a2512079749a164180017706f6857a226b9c7f98aa4d","last_reissued_at":"2026-05-18T00:43:03.094994Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:43:03.094994Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1601.05851","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:43:03Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"cCmrNhY8NVWx4t+U6TxK5fnt3KSrR1py4FG2prXo4bswZzV3vn9kAhs7uSSXtlBO3nu6dTJPUAtfJDDKvWWmDA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-28T09:39:30.201190Z"},"content_sha256":"3529ba0f824f2a8e053e16b70900bcf943b2bb8d2c97313269fef8b71ab2c642","schema_version":"1.0","event_id":"sha256:3529ba0f824f2a8e053e16b70900bcf943b2bb8d2c97313269fef8b71ab2c642"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2016:BQDDXDVTUKTRSLQTUJISA6LUTI","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"HyBIS: Windows Guest Protection through Advanced Memory Introspection","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR"],"primary_cat":"cs.OS","authors_text":"Federico Franzoni, Flavio Lombardi, Roberto Di Pietro","submitted_at":"2016-01-22T01:22:53Z","abstract_excerpt":"Effectively protecting the Windows OS is a challenging task, since most implementation details are not publicly known. Windows has always been the main target of malwares that have exploited numerous bugs and vulnerabilities. Recent trusted boot and additional integrity checks have rendered the Windows OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows Virtual Machines are becoming an increasingly interesting attack target. In this work we introduce and analyze a novel Hypervisor-Based Introspection System (HyBIS) we developed for protecting Windows OSes from malware and "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1601.05851","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:43:03Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"4tg3CRKucVTN5m/yHVx/4XR5N6LcHvYrVvepQp2AV4ozM0fHkdUL2UvEieEUE5Y1Cb4mNypmgWCrxJR6XL8UCw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-28T09:39:30.201538Z"},"content_sha256":"465c529c9cc4bd1170c17760d6f1d450503af25ff8ad5dd0f03612ec2f1db500","schema_version":"1.0","event_id":"sha256:465c529c9cc4bd1170c17760d6f1d450503af25ff8ad5dd0f03612ec2f1db500"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/BQDDXDVTUKTRSLQTUJISA6LUTI/bundle.json","state_url":"https://pith.science/pith/BQDDXDVTUKTRSLQTUJISA6LUTI/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/BQDDXDVTUKTRSLQTUJISA6LUTI/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-28T09:39:30Z","links":{"resolver":"https://pith.science/pith/BQDDXDVTUKTRSLQTUJISA6LUTI","bundle":"https://pith.science/pith/BQDDXDVTUKTRSLQTUJISA6LUTI/bundle.json","state":"https://pith.science/pith/BQDDXDVTUKTRSLQTUJISA6LUTI/state.json","well_known_bundle":"https://pith.science/.well-known/pith/BQDDXDVTUKTRSLQTUJISA6LUTI/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2016:BQDDXDVTUKTRSLQTUJISA6LUTI","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"646a5bc214dd7b1ff18a225bdedf9e33dcb19fd24635bf2d0bd724c0213c2e50","cross_cats_sorted":["cs.CR"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.OS","submitted_at":"2016-01-22T01:22:53Z","title_canon_sha256":"ce74bf5b57fe3cbceb656dec8947201e559bbb788f724325b5c003412e091f44"},"schema_version":"1.0","source":{"id":"1601.05851","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1601.05851","created_at":"2026-05-18T00:43:03Z"},{"alias_kind":"arxiv_version","alias_value":"1601.05851v1","created_at":"2026-05-18T00:43:03Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1601.05851","created_at":"2026-05-18T00:43:03Z"},{"alias_kind":"pith_short_12","alias_value":"BQDDXDVTUKTR","created_at":"2026-05-18T12:30:07Z"},{"alias_kind":"pith_short_16","alias_value":"BQDDXDVTUKTRSLQT","created_at":"2026-05-18T12:30:07Z"},{"alias_kind":"pith_short_8","alias_value":"BQDDXDVT","created_at":"2026-05-18T12:30:07Z"}],"graph_snapshots":[{"event_id":"sha256:465c529c9cc4bd1170c17760d6f1d450503af25ff8ad5dd0f03612ec2f1db500","target":"graph","created_at":"2026-05-18T00:43:03Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Effectively protecting the Windows OS is a challenging task, since most implementation details are not publicly known. Windows has always been the main target of malwares that have exploited numerous bugs and vulnerabilities. Recent trusted boot and additional integrity checks have rendered the Windows OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows Virtual Machines are becoming an increasingly interesting attack target. In this work we introduce and analyze a novel Hypervisor-Based Introspection System (HyBIS) we developed for protecting Windows OSes from malware and ","authors_text":"Federico Franzoni, Flavio Lombardi, Roberto Di Pietro","cross_cats":["cs.CR"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.OS","submitted_at":"2016-01-22T01:22:53Z","title":"HyBIS: Windows Guest Protection through Advanced Memory Introspection"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1601.05851","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:3529ba0f824f2a8e053e16b70900bcf943b2bb8d2c97313269fef8b71ab2c642","target":"record","created_at":"2026-05-18T00:43:03Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"646a5bc214dd7b1ff18a225bdedf9e33dcb19fd24635bf2d0bd724c0213c2e50","cross_cats_sorted":["cs.CR"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.OS","submitted_at":"2016-01-22T01:22:53Z","title_canon_sha256":"ce74bf5b57fe3cbceb656dec8947201e559bbb788f724325b5c003412e091f44"},"schema_version":"1.0","source":{"id":"1601.05851","kind":"arxiv","version":1}},"canonical_sha256":"0c063b8eb3a2a7192e13a2512079749a164180017706f6857a226b9c7f98aa4d","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"0c063b8eb3a2a7192e13a2512079749a164180017706f6857a226b9c7f98aa4d","first_computed_at":"2026-05-18T00:43:03.094994Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:43:03.094994Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"bJdZgVWdbRVN61h6KrZC7ihPOJR1hAmDy2f4U3KWSgBrXVqIhVuHD4hBFOzdIaIRP0nCsqtLDeGFFT2RblTdBg==","signature_status":"signed_v1","signed_at":"2026-05-18T00:43:03.095678Z","signed_message":"canonical_sha256_bytes"},"source_id":"1601.05851","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:3529ba0f824f2a8e053e16b70900bcf943b2bb8d2c97313269fef8b71ab2c642","sha256:465c529c9cc4bd1170c17760d6f1d450503af25ff8ad5dd0f03612ec2f1db500"],"state_sha256":"23514fec0cbf2556c2675ba887a3af97f15d23638356c08c113c3dbf353ac972"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Ivzsp6NcJcrTiI20+omhu//CRFxphSLMQVi5vYRiUe2FKulEz/ScThCUvgflmCBgM6dWT+aoexXYXNqzlxqACQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-28T09:39:30.203387Z","bundle_sha256":"705761fc72abd86f166be89eecf21d6d985b4eef7ce8ea4163d2d1136e9cde1b"}}