{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2015:SGZWY7TSIUXRCYOV6SY7CJVBTC","short_pith_number":"pith:SGZWY7TS","canonical_record":{"source":{"id":"1508.07066","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2015-08-28T01:08:27Z","cross_cats_sorted":[],"title_canon_sha256":"0b5090cf70d13d92f0fd081efc612472eef6840730dea76bab7d509339d61cec","abstract_canon_sha256":"6042085913902eb5f4de777bcca32fb4d03caa7404de8d37aebdfcfa7623fb5e"},"schema_version":"1.0"},"canonical_sha256":"91b36c7e72452f1161d5f4b1f126a19890bbec27a2fa5c8eed50565e46c54e0b","source":{"kind":"arxiv","id":"1508.07066","version":3},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1508.07066","created_at":"2026-05-18T01:11:18Z"},{"alias_kind":"arxiv_version","alias_value":"1508.07066v3","created_at":"2026-05-18T01:11:18Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1508.07066","created_at":"2026-05-18T01:11:18Z"},{"alias_kind":"pith_short_12","alias_value":"SGZWY7TSIUXR","created_at":"2026-05-18T12:29:42Z"},{"alias_kind":"pith_short_16","alias_value":"SGZWY7TSIUXRCYOV","created_at":"2026-05-18T12:29:42Z"},{"alias_kind":"pith_short_8","alias_value":"SGZWY7TS","created_at":"2026-05-18T12:29:42Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2015:SGZWY7TSIUXRCYOV6SY7CJVBTC","target":"record","payload":{"canonical_record":{"source":{"id":"1508.07066","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2015-08-28T01:08:27Z","cross_cats_sorted":[],"title_canon_sha256":"0b5090cf70d13d92f0fd081efc612472eef6840730dea76bab7d509339d61cec","abstract_canon_sha256":"6042085913902eb5f4de777bcca32fb4d03caa7404de8d37aebdfcfa7623fb5e"},"schema_version":"1.0"},"canonical_sha256":"91b36c7e72452f1161d5f4b1f126a19890bbec27a2fa5c8eed50565e46c54e0b","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T01:11:18.126965Z","signature_b64":"OMfrqOzmmtBkumrBYleltlitblXV8tQO3gptO6RFrOFHmj0+x/4BAyjK0+lbJS++AmI9B2oSNBAVzBDEW+wVAg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"91b36c7e72452f1161d5f4b1f126a19890bbec27a2fa5c8eed50565e46c54e0b","last_reissued_at":"2026-05-18T01:11:18.126300Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T01:11:18.126300Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1508.07066","source_version":3,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:11:18Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Su1WAxuQ6Z2RHGRFlF5WiIS5OgwzoFAmj7cUbYXxjrM2zQc34weTm5ECJ6YuF9JBFqrd27OjGD9rSuexVyShAQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-22T01:30:12.856518Z"},"content_sha256":"98ce21ac08f6d4c5dd3110bca7fd54fb85c0d5049a538446567a5dba5397e306","schema_version":"1.0","event_id":"sha256:98ce21ac08f6d4c5dd3110bca7fd54fb85c0d5049a538446567a5dba5397e306"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2015:SGZWY7TSIUXRCYOV6SY7CJVBTC","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"A survey on formal specification and verification of separation kernels","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.SE","authors_text":"Yongwang Zhao","submitted_at":"2015-08-28T01:08:27Z","abstract_excerpt":"Separation kernels are fundamental software of safety and security-critical systems, which provide to their hosted applications spatial and temporal separation as well as controlled information flows among partitions. The application of separation kernels in critical domain demands the correctness of the kernel by formal verification. To the best of our knowledge, there is no survey paper on this topic. This paper presents an overview of formal specification and verification of separation kernels. We first present the background including the concept of separation kernel and the comparisons am"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1508.07066","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:11:18Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"SG2Msao9gV3ZFHwCHtbZgCZ+e4eZXKa6AJ3lzUvvm9BHt+luKzPBz1Rx5o0GjKBNYm3y8O1zo2ZXusMQuACvBw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-22T01:30:12.856865Z"},"content_sha256":"8660f3960400585c73d21f02fabcb0a919309475355a0b6ae7ac80504007add3","schema_version":"1.0","event_id":"sha256:8660f3960400585c73d21f02fabcb0a919309475355a0b6ae7ac80504007add3"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/SGZWY7TSIUXRCYOV6SY7CJVBTC/bundle.json","state_url":"https://pith.science/pith/SGZWY7TSIUXRCYOV6SY7CJVBTC/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/SGZWY7TSIUXRCYOV6SY7CJVBTC/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-22T01:30:12Z","links":{"resolver":"https://pith.science/pith/SGZWY7TSIUXRCYOV6SY7CJVBTC","bundle":"https://pith.science/pith/SGZWY7TSIUXRCYOV6SY7CJVBTC/bundle.json","state":"https://pith.science/pith/SGZWY7TSIUXRCYOV6SY7CJVBTC/state.json","well_known_bundle":"https://pith.science/.well-known/pith/SGZWY7TSIUXRCYOV6SY7CJVBTC/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2015:SGZWY7TSIUXRCYOV6SY7CJVBTC","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"6042085913902eb5f4de777bcca32fb4d03caa7404de8d37aebdfcfa7623fb5e","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2015-08-28T01:08:27Z","title_canon_sha256":"0b5090cf70d13d92f0fd081efc612472eef6840730dea76bab7d509339d61cec"},"schema_version":"1.0","source":{"id":"1508.07066","kind":"arxiv","version":3}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1508.07066","created_at":"2026-05-18T01:11:18Z"},{"alias_kind":"arxiv_version","alias_value":"1508.07066v3","created_at":"2026-05-18T01:11:18Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1508.07066","created_at":"2026-05-18T01:11:18Z"},{"alias_kind":"pith_short_12","alias_value":"SGZWY7TSIUXR","created_at":"2026-05-18T12:29:42Z"},{"alias_kind":"pith_short_16","alias_value":"SGZWY7TSIUXRCYOV","created_at":"2026-05-18T12:29:42Z"},{"alias_kind":"pith_short_8","alias_value":"SGZWY7TS","created_at":"2026-05-18T12:29:42Z"}],"graph_snapshots":[{"event_id":"sha256:8660f3960400585c73d21f02fabcb0a919309475355a0b6ae7ac80504007add3","target":"graph","created_at":"2026-05-18T01:11:18Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Separation kernels are fundamental software of safety and security-critical systems, which provide to their hosted applications spatial and temporal separation as well as controlled information flows among partitions. The application of separation kernels in critical domain demands the correctness of the kernel by formal verification. To the best of our knowledge, there is no survey paper on this topic. This paper presents an overview of formal specification and verification of separation kernels. We first present the background including the concept of separation kernel and the comparisons am","authors_text":"Yongwang Zhao","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2015-08-28T01:08:27Z","title":"A survey on formal specification and verification of separation kernels"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1508.07066","kind":"arxiv","version":3},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:98ce21ac08f6d4c5dd3110bca7fd54fb85c0d5049a538446567a5dba5397e306","target":"record","created_at":"2026-05-18T01:11:18Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"6042085913902eb5f4de777bcca32fb4d03caa7404de8d37aebdfcfa7623fb5e","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2015-08-28T01:08:27Z","title_canon_sha256":"0b5090cf70d13d92f0fd081efc612472eef6840730dea76bab7d509339d61cec"},"schema_version":"1.0","source":{"id":"1508.07066","kind":"arxiv","version":3}},"canonical_sha256":"91b36c7e72452f1161d5f4b1f126a19890bbec27a2fa5c8eed50565e46c54e0b","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"91b36c7e72452f1161d5f4b1f126a19890bbec27a2fa5c8eed50565e46c54e0b","first_computed_at":"2026-05-18T01:11:18.126300Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T01:11:18.126300Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"OMfrqOzmmtBkumrBYleltlitblXV8tQO3gptO6RFrOFHmj0+x/4BAyjK0+lbJS++AmI9B2oSNBAVzBDEW+wVAg==","signature_status":"signed_v1","signed_at":"2026-05-18T01:11:18.126965Z","signed_message":"canonical_sha256_bytes"},"source_id":"1508.07066","source_kind":"arxiv","source_version":3}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:98ce21ac08f6d4c5dd3110bca7fd54fb85c0d5049a538446567a5dba5397e306","sha256:8660f3960400585c73d21f02fabcb0a919309475355a0b6ae7ac80504007add3"],"state_sha256":"9e6a8cf140178bfc5ae0520b84f5aa7853a17ad332eeecf9d78c51b4c1c65acf"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"So4sOemLeY38FEOumfIYzvGztL5OZyiQiAvQPdH1USQT9/FfHJsewAFNNiz/ZY6Q0CG8hWkQjZcgzFakyf7qAQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-22T01:30:12.858796Z","bundle_sha256":"aebb96f2b2d52c38792753ad09e9b6c89616936e384c0e4be0edcf63fbcedb04"}}