{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2018:5GFLTGK4I5YOTW3YD24BN3QQVS","short_pith_number":"pith:5GFLTGK4","canonical_record":{"source":{"id":"1805.11847","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-05-30T08:05:20Z","cross_cats_sorted":[],"title_canon_sha256":"6b4f4adc198ce07b362de492cdce37a6e001ff3b5fdaef6e6150834abe5c25a7","abstract_canon_sha256":"e8e9b3d83c5ed8c57c797a441a2f60f95a7dcf4c02fe7ec01bd22b4bd669c6a8"},"schema_version":"1.0"},"canonical_sha256":"e98ab9995c4770e9db781eb816ee10acbfa4c981df6633cd03afa07c74b1105c","source":{"kind":"arxiv","id":"1805.11847","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1805.11847","created_at":"2026-05-18T00:14:36Z"},{"alias_kind":"arxiv_version","alias_value":"1805.11847v1","created_at":"2026-05-18T00:14:36Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1805.11847","created_at":"2026-05-18T00:14:36Z"},{"alias_kind":"pith_short_12","alias_value":"5GFLTGK4I5YO","created_at":"2026-05-18T12:32:08Z"},{"alias_kind":"pith_short_16","alias_value":"5GFLTGK4I5YOTW3Y","created_at":"2026-05-18T12:32:08Z"},{"alias_kind":"pith_short_8","alias_value":"5GFLTGK4","created_at":"2026-05-18T12:32:08Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2018:5GFLTGK4I5YOTW3YD24BN3QQVS","target":"record","payload":{"canonical_record":{"source":{"id":"1805.11847","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-05-30T08:05:20Z","cross_cats_sorted":[],"title_canon_sha256":"6b4f4adc198ce07b362de492cdce37a6e001ff3b5fdaef6e6150834abe5c25a7","abstract_canon_sha256":"e8e9b3d83c5ed8c57c797a441a2f60f95a7dcf4c02fe7ec01bd22b4bd669c6a8"},"schema_version":"1.0"},"canonical_sha256":"e98ab9995c4770e9db781eb816ee10acbfa4c981df6633cd03afa07c74b1105c","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:14:36.165955Z","signature_b64":"cUmJX7O8B9DZG8JnxrCLZdYOtCiop4AuJxAKsXys/0PWLgOjJRteB6ZeB0XOQ6bfXMP4Rh7VWiphX/Qc7HykBw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"e98ab9995c4770e9db781eb816ee10acbfa4c981df6633cd03afa07c74b1105c","last_reissued_at":"2026-05-18T00:14:36.165261Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:14:36.165261Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1805.11847","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:14:36Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"DypxzDJ2Lcp/b7+QPp9C4VdGvp2W7oWxwBBpEczRLb4o5/VgWyDHxwlOZmehM2UB1dPQii807J5Kp42RxsASCA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-08T14:50:41.435612Z"},"content_sha256":"70c7a84b0a8884f4d6a4ba603968d478117c9ada8924a53313e3cd796f80893e","schema_version":"1.0","event_id":"sha256:70c7a84b0a8884f4d6a4ba603968d478117c9ada8924a53313e3cd796f80893e"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2018:5GFLTGK4I5YOTW3YD24BN3QQVS","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Hypervisor-Based Active Data Protection for Integrity and Confidentiality of Dynamically Allocated Memory in Windows Kernel","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Igor Korkin","submitted_at":"2018-05-30T08:05:20Z","abstract_excerpt":"One of the main issues in the OS security is providing trusted code execution in an untrusted environment. During executing, kernel-mode drivers dynamically allocate memory to store and process their data: Windows core kernel structures, users' private information, and sensitive data of third-party drivers. All this data can be tampered with by kernel-mode malware. Attacks on Windows-based computers can cause not just hiding a malware driver, process privilege escalation, and stealing private data but also failures of industrial CNC machines. Windows built-in security and existing approaches d"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1805.11847","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:14:36Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"55aDhgNfKZYpYr474T/Um21WTuAKAmi9sY0Q9WeSSnWmCUZMBxPRcuCxaZ1I3GSnWWV2ubRM8tw4piTQrLYKAg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-08T14:50:41.436470Z"},"content_sha256":"3ef8323235ff6ab036e4a177a46995c1d1245c9f8db8c11d6ee852269cd65961","schema_version":"1.0","event_id":"sha256:3ef8323235ff6ab036e4a177a46995c1d1245c9f8db8c11d6ee852269cd65961"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/5GFLTGK4I5YOTW3YD24BN3QQVS/bundle.json","state_url":"https://pith.science/pith/5GFLTGK4I5YOTW3YD24BN3QQVS/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/5GFLTGK4I5YOTW3YD24BN3QQVS/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-08T14:50:41Z","links":{"resolver":"https://pith.science/pith/5GFLTGK4I5YOTW3YD24BN3QQVS","bundle":"https://pith.science/pith/5GFLTGK4I5YOTW3YD24BN3QQVS/bundle.json","state":"https://pith.science/pith/5GFLTGK4I5YOTW3YD24BN3QQVS/state.json","well_known_bundle":"https://pith.science/.well-known/pith/5GFLTGK4I5YOTW3YD24BN3QQVS/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2018:5GFLTGK4I5YOTW3YD24BN3QQVS","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"e8e9b3d83c5ed8c57c797a441a2f60f95a7dcf4c02fe7ec01bd22b4bd669c6a8","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-05-30T08:05:20Z","title_canon_sha256":"6b4f4adc198ce07b362de492cdce37a6e001ff3b5fdaef6e6150834abe5c25a7"},"schema_version":"1.0","source":{"id":"1805.11847","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1805.11847","created_at":"2026-05-18T00:14:36Z"},{"alias_kind":"arxiv_version","alias_value":"1805.11847v1","created_at":"2026-05-18T00:14:36Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1805.11847","created_at":"2026-05-18T00:14:36Z"},{"alias_kind":"pith_short_12","alias_value":"5GFLTGK4I5YO","created_at":"2026-05-18T12:32:08Z"},{"alias_kind":"pith_short_16","alias_value":"5GFLTGK4I5YOTW3Y","created_at":"2026-05-18T12:32:08Z"},{"alias_kind":"pith_short_8","alias_value":"5GFLTGK4","created_at":"2026-05-18T12:32:08Z"}],"graph_snapshots":[{"event_id":"sha256:3ef8323235ff6ab036e4a177a46995c1d1245c9f8db8c11d6ee852269cd65961","target":"graph","created_at":"2026-05-18T00:14:36Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"One of the main issues in the OS security is providing trusted code execution in an untrusted environment. During executing, kernel-mode drivers dynamically allocate memory to store and process their data: Windows core kernel structures, users' private information, and sensitive data of third-party drivers. All this data can be tampered with by kernel-mode malware. Attacks on Windows-based computers can cause not just hiding a malware driver, process privilege escalation, and stealing private data but also failures of industrial CNC machines. Windows built-in security and existing approaches d","authors_text":"Igor Korkin","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-05-30T08:05:20Z","title":"Hypervisor-Based Active Data Protection for Integrity and Confidentiality of Dynamically Allocated Memory in Windows Kernel"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1805.11847","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:70c7a84b0a8884f4d6a4ba603968d478117c9ada8924a53313e3cd796f80893e","target":"record","created_at":"2026-05-18T00:14:36Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"e8e9b3d83c5ed8c57c797a441a2f60f95a7dcf4c02fe7ec01bd22b4bd669c6a8","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-05-30T08:05:20Z","title_canon_sha256":"6b4f4adc198ce07b362de492cdce37a6e001ff3b5fdaef6e6150834abe5c25a7"},"schema_version":"1.0","source":{"id":"1805.11847","kind":"arxiv","version":1}},"canonical_sha256":"e98ab9995c4770e9db781eb816ee10acbfa4c981df6633cd03afa07c74b1105c","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"e98ab9995c4770e9db781eb816ee10acbfa4c981df6633cd03afa07c74b1105c","first_computed_at":"2026-05-18T00:14:36.165261Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:14:36.165261Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"cUmJX7O8B9DZG8JnxrCLZdYOtCiop4AuJxAKsXys/0PWLgOjJRteB6ZeB0XOQ6bfXMP4Rh7VWiphX/Qc7HykBw==","signature_status":"signed_v1","signed_at":"2026-05-18T00:14:36.165955Z","signed_message":"canonical_sha256_bytes"},"source_id":"1805.11847","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:70c7a84b0a8884f4d6a4ba603968d478117c9ada8924a53313e3cd796f80893e","sha256:3ef8323235ff6ab036e4a177a46995c1d1245c9f8db8c11d6ee852269cd65961"],"state_sha256":"73eea0a3a96b8fa10126f2bfc1a209bf7657edc220b10050a8e1fbdf5c5ec625"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"xZcWChuq+4/Tq9xmGZ0YREB8lBAZ7/tdJpcZuFWC9x1FQjWuUD9SFu7tHQ1sFAbnZcp0u+mNdm3koJ2jyW7UAQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-08T14:50:41.439437Z","bundle_sha256":"ab99d8bfccb88c3e4835fde2725e496c9a68bef58fd0ae3cb15cc58dcae11f35"}}