{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:3U72OZZ24YTAL63U22Z254IMTB","short_pith_number":"pith:3U72OZZ2","canonical_record":{"source":{"id":"1706.04741","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-06-15T05:12:41Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"3e745bc86cd70f1de935f94bc7960119a9251f5267b952e7f79b7abc5de5177f","abstract_canon_sha256":"20eae97ef525f1ba3677fd0506190800b4c2031e98e5a104a7f306a6af69a18d"},"schema_version":"1.0"},"canonical_sha256":"dd3fa7673ae62605fb74d6b3aef10c98408ae24a5af82e962ecb903decaf3443","source":{"kind":"arxiv","id":"1706.04741","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1706.04741","created_at":"2026-05-18T00:42:19Z"},{"alias_kind":"arxiv_version","alias_value":"1706.04741v1","created_at":"2026-05-18T00:42:19Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1706.04741","created_at":"2026-05-18T00:42:19Z"},{"alias_kind":"pith_short_12","alias_value":"3U72OZZ24YTA","created_at":"2026-05-18T12:30:58Z"},{"alias_kind":"pith_short_16","alias_value":"3U72OZZ24YTAL63U","created_at":"2026-05-18T12:30:58Z"},{"alias_kind":"pith_short_8","alias_value":"3U72OZZ2","created_at":"2026-05-18T12:30:58Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:3U72OZZ24YTAL63U22Z254IMTB","target":"record","payload":{"canonical_record":{"source":{"id":"1706.04741","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-06-15T05:12:41Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"3e745bc86cd70f1de935f94bc7960119a9251f5267b952e7f79b7abc5de5177f","abstract_canon_sha256":"20eae97ef525f1ba3677fd0506190800b4c2031e98e5a104a7f306a6af69a18d"},"schema_version":"1.0"},"canonical_sha256":"dd3fa7673ae62605fb74d6b3aef10c98408ae24a5af82e962ecb903decaf3443","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:42:19.271159Z","signature_b64":"UwytF0FaKVBWEvfth8D7QpRGvlCcA9XHgryPxAhPdaWLjUli0S44TieHOl21PH4Rb0cQhak+D+aEcnfDnR2vAA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"dd3fa7673ae62605fb74d6b3aef10c98408ae24a5af82e962ecb903decaf3443","last_reissued_at":"2026-05-18T00:42:19.270523Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:42:19.270523Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1706.04741","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:42:19Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"8j2UoFx+FG6w/wBJsM7iDNgaW5AQKV+xotpuZMnuit+pGhB3BtzSX1zxeCC5D3/NlMY1iUKAxYXep14sLDzxDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-04T11:17:44.163033Z"},"content_sha256":"ba8142acacc8a1b5c6fbeac5c31304818aa90600833df9b7e3c0b839a2e302a0","schema_version":"1.0","event_id":"sha256:ba8142acacc8a1b5c6fbeac5c31304818aa90600833df9b7e3c0b839a2e302a0"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:3U72OZZ24YTAL63U22Z254IMTB","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Software Model Checking: A Promising Approach to Verify Mobile App Security","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR"],"primary_cat":"cs.SE","authors_text":"Hoang Nga Nguyen, Irina Mariuca Asavoae, Markus Roggenbach, Siraj Ahmed Shaikh","submitted_at":"2017-06-15T05:12:41Z","abstract_excerpt":"In this position paper we advocate software model checking as a technique suitable for security analysis of mobile apps. Our recommendation is based on promising results that we achieved on analysing app collusion in the context of the Android operating system. Broadly speaking, app collusion appears when, in performing a threat, several apps are working together, i.e., they exchange information which they could not obtain on their own. In this context, we developed the Kandroid tool, which provides an encoding of the Android/Smali code semantics within the K framework. Kandroid allows for sof"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1706.04741","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:42:19Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"urNLe9dUuhWSlYS2nsPWlnaZNy/rsHrIuZ8rUY72uBWiw3tvyWzLer0axJi+TtmC+9JLangqQWytuTWzyU6CDg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-04T11:17:44.163397Z"},"content_sha256":"b54408e1ac64baa19838a0638bcf24a3b30fb3e8f86144d60026b0e2b3937114","schema_version":"1.0","event_id":"sha256:b54408e1ac64baa19838a0638bcf24a3b30fb3e8f86144d60026b0e2b3937114"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/3U72OZZ24YTAL63U22Z254IMTB/bundle.json","state_url":"https://pith.science/pith/3U72OZZ24YTAL63U22Z254IMTB/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/3U72OZZ24YTAL63U22Z254IMTB/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-04T11:17:44Z","links":{"resolver":"https://pith.science/pith/3U72OZZ24YTAL63U22Z254IMTB","bundle":"https://pith.science/pith/3U72OZZ24YTAL63U22Z254IMTB/bundle.json","state":"https://pith.science/pith/3U72OZZ24YTAL63U22Z254IMTB/state.json","well_known_bundle":"https://pith.science/.well-known/pith/3U72OZZ24YTAL63U22Z254IMTB/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:3U72OZZ24YTAL63U22Z254IMTB","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"20eae97ef525f1ba3677fd0506190800b4c2031e98e5a104a7f306a6af69a18d","cross_cats_sorted":["cs.CR"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-06-15T05:12:41Z","title_canon_sha256":"3e745bc86cd70f1de935f94bc7960119a9251f5267b952e7f79b7abc5de5177f"},"schema_version":"1.0","source":{"id":"1706.04741","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1706.04741","created_at":"2026-05-18T00:42:19Z"},{"alias_kind":"arxiv_version","alias_value":"1706.04741v1","created_at":"2026-05-18T00:42:19Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1706.04741","created_at":"2026-05-18T00:42:19Z"},{"alias_kind":"pith_short_12","alias_value":"3U72OZZ24YTA","created_at":"2026-05-18T12:30:58Z"},{"alias_kind":"pith_short_16","alias_value":"3U72OZZ24YTAL63U","created_at":"2026-05-18T12:30:58Z"},{"alias_kind":"pith_short_8","alias_value":"3U72OZZ2","created_at":"2026-05-18T12:30:58Z"}],"graph_snapshots":[{"event_id":"sha256:b54408e1ac64baa19838a0638bcf24a3b30fb3e8f86144d60026b0e2b3937114","target":"graph","created_at":"2026-05-18T00:42:19Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"In this position paper we advocate software model checking as a technique suitable for security analysis of mobile apps. Our recommendation is based on promising results that we achieved on analysing app collusion in the context of the Android operating system. Broadly speaking, app collusion appears when, in performing a threat, several apps are working together, i.e., they exchange information which they could not obtain on their own. In this context, we developed the Kandroid tool, which provides an encoding of the Android/Smali code semantics within the K framework. Kandroid allows for sof","authors_text":"Hoang Nga Nguyen, Irina Mariuca Asavoae, Markus Roggenbach, Siraj Ahmed Shaikh","cross_cats":["cs.CR"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-06-15T05:12:41Z","title":"Software Model Checking: A Promising Approach to Verify Mobile App Security"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1706.04741","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ba8142acacc8a1b5c6fbeac5c31304818aa90600833df9b7e3c0b839a2e302a0","target":"record","created_at":"2026-05-18T00:42:19Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"20eae97ef525f1ba3677fd0506190800b4c2031e98e5a104a7f306a6af69a18d","cross_cats_sorted":["cs.CR"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-06-15T05:12:41Z","title_canon_sha256":"3e745bc86cd70f1de935f94bc7960119a9251f5267b952e7f79b7abc5de5177f"},"schema_version":"1.0","source":{"id":"1706.04741","kind":"arxiv","version":1}},"canonical_sha256":"dd3fa7673ae62605fb74d6b3aef10c98408ae24a5af82e962ecb903decaf3443","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"dd3fa7673ae62605fb74d6b3aef10c98408ae24a5af82e962ecb903decaf3443","first_computed_at":"2026-05-18T00:42:19.270523Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:42:19.270523Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"UwytF0FaKVBWEvfth8D7QpRGvlCcA9XHgryPxAhPdaWLjUli0S44TieHOl21PH4Rb0cQhak+D+aEcnfDnR2vAA==","signature_status":"signed_v1","signed_at":"2026-05-18T00:42:19.271159Z","signed_message":"canonical_sha256_bytes"},"source_id":"1706.04741","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ba8142acacc8a1b5c6fbeac5c31304818aa90600833df9b7e3c0b839a2e302a0","sha256:b54408e1ac64baa19838a0638bcf24a3b30fb3e8f86144d60026b0e2b3937114"],"state_sha256":"1637d80582af4fd89a10c9b9d9f1bbd68d6cc53e325f95c9f274b8262b471f51"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"1JZiqNjIzBufMicM6uKvUoFWrVcB+sk4q/h2Uha893f8deXXFf6JZcNvjkorsHSwgFCwHGYyb1CI2KzAs/36Aw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-04T11:17:44.165355Z","bundle_sha256":"1cc98ac96c7284e3888c955a1f71ae194320b4756b07461e04655513c77994de"}}