{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:63GW5R4BFRXAWOIFZO4EPDHHPB","short_pith_number":"pith:63GW5R4B","canonical_record":{"source":{"id":"1705.06784","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2017-05-18T20:16:17Z","cross_cats_sorted":[],"title_canon_sha256":"f4882a034c59a2378b33deff5c710f43201fd9dacdd09d05a6a32833b4175d41","abstract_canon_sha256":"7f10f17630b515e23c927275b4c10195b9bc472ad3c57a80325cf28cc1652fab"},"schema_version":"1.0"},"canonical_sha256":"f6cd6ec7812c6e0b3905cbb8478ce77857ad348484dd0dfb869ce4963d0790bb","source":{"kind":"arxiv","id":"1705.06784","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1705.06784","created_at":"2026-05-18T00:44:11Z"},{"alias_kind":"arxiv_version","alias_value":"1705.06784v1","created_at":"2026-05-18T00:44:11Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1705.06784","created_at":"2026-05-18T00:44:11Z"},{"alias_kind":"pith_short_12","alias_value":"63GW5R4BFRXA","created_at":"2026-05-18T12:31:03Z"},{"alias_kind":"pith_short_16","alias_value":"63GW5R4BFRXAWOIF","created_at":"2026-05-18T12:31:03Z"},{"alias_kind":"pith_short_8","alias_value":"63GW5R4B","created_at":"2026-05-18T12:31:03Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:63GW5R4BFRXAWOIFZO4EPDHHPB","target":"record","payload":{"canonical_record":{"source":{"id":"1705.06784","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2017-05-18T20:16:17Z","cross_cats_sorted":[],"title_canon_sha256":"f4882a034c59a2378b33deff5c710f43201fd9dacdd09d05a6a32833b4175d41","abstract_canon_sha256":"7f10f17630b515e23c927275b4c10195b9bc472ad3c57a80325cf28cc1652fab"},"schema_version":"1.0"},"canonical_sha256":"f6cd6ec7812c6e0b3905cbb8478ce77857ad348484dd0dfb869ce4963d0790bb","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:44:11.293642Z","signature_b64":"L5LXE0f4AWF8L9r2V0znwvKhRuHDP0AN9XdbQ6ZWrOMpb5eF/KH04u9k9aak05JBWQ5G0wqbAwQapnJDrt9kBg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"f6cd6ec7812c6e0b3905cbb8478ce77857ad348484dd0dfb869ce4963d0790bb","last_reissued_at":"2026-05-18T00:44:11.292766Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:44:11.292766Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1705.06784","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:44:11Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"nqPuj1sHYXzWfqjAgF2cq+m3rRBlqsIBd0O9XOMgaGXYsxg6Z2N9JtRVCuHRxRBCh9TSQK3et4eIPPV8+3cCCg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-05T04:30:08.195974Z"},"content_sha256":"42af7a7232b9ea12209a2e94edde7e69f76c54e7121317960dcb97c1b041e38a","schema_version":"1.0","event_id":"sha256:42af7a7232b9ea12209a2e94edde7e69f76c54e7121317960dcb97c1b041e38a"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:63GW5R4BFRXAWOIFZO4EPDHHPB","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access","license":"http://creativecommons.org/publicdomain/zero/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Igor Korkin, Satoshi Tanda","submitted_at":"2017-05-18T20:16:17Z","abstract_excerpt":"Modern malware and spyware platforms attack existing antivirus solutions and even Microsoft PatchGuard. To protect users and business systems new technologies developed by Intel and AMD CPUs may be applied. To deal with the new malware we propose monitoring and controlling access to the memory in real time using Intel VT-x with EPT. We have checked this concept by developing MemoryMonRWX, which is a bare-metal hypervisor. MemoryMonRWX is able to track and trap all types of memory access: read, write, and execute. MemoryMonRWX also has the following competitive advantages: fine-grained analysis"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1705.06784","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:44:11Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"IDTKcUvxLdjaGdxZqIVq9kGrhzCcmxoVBmwO/dA2xZ/gLVShWRoRaEAau+dqTEuoLi0UncvWnpL1UIwNwFgqCA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-05T04:30:08.196559Z"},"content_sha256":"7539d74dab8276752eed40686fad3d306d37ec4adababbb6e9c0c9512d23c7ed","schema_version":"1.0","event_id":"sha256:7539d74dab8276752eed40686fad3d306d37ec4adababbb6e9c0c9512d23c7ed"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/63GW5R4BFRXAWOIFZO4EPDHHPB/bundle.json","state_url":"https://pith.science/pith/63GW5R4BFRXAWOIFZO4EPDHHPB/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/63GW5R4BFRXAWOIFZO4EPDHHPB/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-05T04:30:08Z","links":{"resolver":"https://pith.science/pith/63GW5R4BFRXAWOIFZO4EPDHHPB","bundle":"https://pith.science/pith/63GW5R4BFRXAWOIFZO4EPDHHPB/bundle.json","state":"https://pith.science/pith/63GW5R4BFRXAWOIFZO4EPDHHPB/state.json","well_known_bundle":"https://pith.science/.well-known/pith/63GW5R4BFRXAWOIFZO4EPDHHPB/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:63GW5R4BFRXAWOIFZO4EPDHHPB","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"7f10f17630b515e23c927275b4c10195b9bc472ad3c57a80325cf28cc1652fab","cross_cats_sorted":[],"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2017-05-18T20:16:17Z","title_canon_sha256":"f4882a034c59a2378b33deff5c710f43201fd9dacdd09d05a6a32833b4175d41"},"schema_version":"1.0","source":{"id":"1705.06784","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1705.06784","created_at":"2026-05-18T00:44:11Z"},{"alias_kind":"arxiv_version","alias_value":"1705.06784v1","created_at":"2026-05-18T00:44:11Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1705.06784","created_at":"2026-05-18T00:44:11Z"},{"alias_kind":"pith_short_12","alias_value":"63GW5R4BFRXA","created_at":"2026-05-18T12:31:03Z"},{"alias_kind":"pith_short_16","alias_value":"63GW5R4BFRXAWOIF","created_at":"2026-05-18T12:31:03Z"},{"alias_kind":"pith_short_8","alias_value":"63GW5R4B","created_at":"2026-05-18T12:31:03Z"}],"graph_snapshots":[{"event_id":"sha256:7539d74dab8276752eed40686fad3d306d37ec4adababbb6e9c0c9512d23c7ed","target":"graph","created_at":"2026-05-18T00:44:11Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Modern malware and spyware platforms attack existing antivirus solutions and even Microsoft PatchGuard. To protect users and business systems new technologies developed by Intel and AMD CPUs may be applied. To deal with the new malware we propose monitoring and controlling access to the memory in real time using Intel VT-x with EPT. We have checked this concept by developing MemoryMonRWX, which is a bare-metal hypervisor. MemoryMonRWX is able to track and trap all types of memory access: read, write, and execute. MemoryMonRWX also has the following competitive advantages: fine-grained analysis","authors_text":"Igor Korkin, Satoshi Tanda","cross_cats":[],"headline":"","license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2017-05-18T20:16:17Z","title":"Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1705.06784","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:42af7a7232b9ea12209a2e94edde7e69f76c54e7121317960dcb97c1b041e38a","target":"record","created_at":"2026-05-18T00:44:11Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"7f10f17630b515e23c927275b4c10195b9bc472ad3c57a80325cf28cc1652fab","cross_cats_sorted":[],"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2017-05-18T20:16:17Z","title_canon_sha256":"f4882a034c59a2378b33deff5c710f43201fd9dacdd09d05a6a32833b4175d41"},"schema_version":"1.0","source":{"id":"1705.06784","kind":"arxiv","version":1}},"canonical_sha256":"f6cd6ec7812c6e0b3905cbb8478ce77857ad348484dd0dfb869ce4963d0790bb","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"f6cd6ec7812c6e0b3905cbb8478ce77857ad348484dd0dfb869ce4963d0790bb","first_computed_at":"2026-05-18T00:44:11.292766Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:44:11.292766Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"L5LXE0f4AWF8L9r2V0znwvKhRuHDP0AN9XdbQ6ZWrOMpb5eF/KH04u9k9aak05JBWQ5G0wqbAwQapnJDrt9kBg==","signature_status":"signed_v1","signed_at":"2026-05-18T00:44:11.293642Z","signed_message":"canonical_sha256_bytes"},"source_id":"1705.06784","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:42af7a7232b9ea12209a2e94edde7e69f76c54e7121317960dcb97c1b041e38a","sha256:7539d74dab8276752eed40686fad3d306d37ec4adababbb6e9c0c9512d23c7ed"],"state_sha256":"b890c14aed93794aa2383d5b2cf08c206ef08e4d60cacf0c65c65f8a2dc9d94c"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"CwpmNlyHl5l8x369tcMzvCxJen8dRpYqqMug2HAZVcd6tCuxi63sybTELZSr0eOyns3l0CncWdmjtMABF4XFBA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-05T04:30:08.199751Z","bundle_sha256":"1bffa8da6e13f0d204905325c4bf93e9fd1453f5ff7da1f45dba24391f67c7f8"}}