{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2013:AKARZ6BOBESMISTVMKYW4MWIBZ","short_pith_number":"pith:AKARZ6BO","canonical_record":{"source":{"id":"1305.3883","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/3.0/","primary_cat":"cs.CR","submitted_at":"2013-05-16T18:28:45Z","cross_cats_sorted":[],"title_canon_sha256":"54f24c62b83eec6e33cc90ec633b454bd1aab040d7383c7138d88c6219a5a76a","abstract_canon_sha256":"22ac8163feb12956fa9132b86e3dc5db99cc50742b0297e1dd295deeb4ce9824"},"schema_version":"1.0"},"canonical_sha256":"02811cf82e0924c44a7562b16e32c80e55cc738ff46d4d330283e96e55611302","source":{"kind":"arxiv","id":"1305.3883","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1305.3883","created_at":"2026-05-18T03:25:33Z"},{"alias_kind":"arxiv_version","alias_value":"1305.3883v1","created_at":"2026-05-18T03:25:33Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1305.3883","created_at":"2026-05-18T03:25:33Z"},{"alias_kind":"pith_short_12","alias_value":"AKARZ6BOBESM","created_at":"2026-05-18T12:27:38Z"},{"alias_kind":"pith_short_16","alias_value":"AKARZ6BOBESMISTV","created_at":"2026-05-18T12:27:38Z"},{"alias_kind":"pith_short_8","alias_value":"AKARZ6BO","created_at":"2026-05-18T12:27:38Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2013:AKARZ6BOBESMISTVMKYW4MWIBZ","target":"record","payload":{"canonical_record":{"source":{"id":"1305.3883","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/3.0/","primary_cat":"cs.CR","submitted_at":"2013-05-16T18:28:45Z","cross_cats_sorted":[],"title_canon_sha256":"54f24c62b83eec6e33cc90ec633b454bd1aab040d7383c7138d88c6219a5a76a","abstract_canon_sha256":"22ac8163feb12956fa9132b86e3dc5db99cc50742b0297e1dd295deeb4ce9824"},"schema_version":"1.0"},"canonical_sha256":"02811cf82e0924c44a7562b16e32c80e55cc738ff46d4d330283e96e55611302","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T03:25:33.761871Z","signature_b64":"fjH+7kgwyXN1OIyOeR4FpfZQxmp4D/eXAbSZCxj5kcRXCQeK81FlhS2EUz0jW7hIQm0H8WBuyKLhKkaRXhANBg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"02811cf82e0924c44a7562b16e32c80e55cc738ff46d4d330283e96e55611302","last_reissued_at":"2026-05-18T03:25:33.761272Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T03:25:33.761272Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1305.3883","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T03:25:33Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"y36NTIN3vYLdT86qYIKcIxRRM2xp/IYU09Nko2I56wW2gVkvOPtMQGM7pA2q4uQjKNrLWl39ejs9RcQUz/pNCg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-26T07:25:06.056290Z"},"content_sha256":"10fa35267e06facdc93215085e2b393b1f0d1fa126fec6fb7347b3df6b8acd06","schema_version":"1.0","event_id":"sha256:10fa35267e06facdc93215085e2b393b1f0d1fa126fec6fb7347b3df6b8acd06"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2013:AKARZ6BOBESMISTVMKYW4MWIBZ","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Combining Static and Dynamic Analysis for Vulnerability Detection","license":"http://creativecommons.org/licenses/by/3.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Dumitru Ceara, Laurent Mounier, Marie-Laure Potet, Sanjay Rawat","submitted_at":"2013-05-16T18:28:45Z","abstract_excerpt":"In this paper, we present a hybrid approach for buffer overflow detection in C code. The approach makes use of static and dynamic analysis of the application under investigation. The static part consists in calculating taint dependency sequences (TDS) between user controlled inputs and vulnerable statements. This process is akin to program slice of interest to calculate tainted data- and control-flow path which exhibits the dependence between tainted program inputs and vulnerable statements in the code. The dynamic part consists of executing the program along TDSs to trigger the vulnerability "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1305.3883","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T03:25:33Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"9ScN9jNJlagpB9JaeTNCNxzaGhAhFcgEPaxc47wx5lgmZtIPQGAuI9higdGm9rEgqYsnRQgWLYmrW4sZpREjDg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-26T07:25:06.056680Z"},"content_sha256":"34215e599dc8e47b66844e9eb56cd1f23dc322fd2ef2e037c97fb376914152e0","schema_version":"1.0","event_id":"sha256:34215e599dc8e47b66844e9eb56cd1f23dc322fd2ef2e037c97fb376914152e0"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/AKARZ6BOBESMISTVMKYW4MWIBZ/bundle.json","state_url":"https://pith.science/pith/AKARZ6BOBESMISTVMKYW4MWIBZ/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/AKARZ6BOBESMISTVMKYW4MWIBZ/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-26T07:25:06Z","links":{"resolver":"https://pith.science/pith/AKARZ6BOBESMISTVMKYW4MWIBZ","bundle":"https://pith.science/pith/AKARZ6BOBESMISTVMKYW4MWIBZ/bundle.json","state":"https://pith.science/pith/AKARZ6BOBESMISTVMKYW4MWIBZ/state.json","well_known_bundle":"https://pith.science/.well-known/pith/AKARZ6BOBESMISTVMKYW4MWIBZ/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2013:AKARZ6BOBESMISTVMKYW4MWIBZ","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"22ac8163feb12956fa9132b86e3dc5db99cc50742b0297e1dd295deeb4ce9824","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/3.0/","primary_cat":"cs.CR","submitted_at":"2013-05-16T18:28:45Z","title_canon_sha256":"54f24c62b83eec6e33cc90ec633b454bd1aab040d7383c7138d88c6219a5a76a"},"schema_version":"1.0","source":{"id":"1305.3883","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1305.3883","created_at":"2026-05-18T03:25:33Z"},{"alias_kind":"arxiv_version","alias_value":"1305.3883v1","created_at":"2026-05-18T03:25:33Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1305.3883","created_at":"2026-05-18T03:25:33Z"},{"alias_kind":"pith_short_12","alias_value":"AKARZ6BOBESM","created_at":"2026-05-18T12:27:38Z"},{"alias_kind":"pith_short_16","alias_value":"AKARZ6BOBESMISTV","created_at":"2026-05-18T12:27:38Z"},{"alias_kind":"pith_short_8","alias_value":"AKARZ6BO","created_at":"2026-05-18T12:27:38Z"}],"graph_snapshots":[{"event_id":"sha256:34215e599dc8e47b66844e9eb56cd1f23dc322fd2ef2e037c97fb376914152e0","target":"graph","created_at":"2026-05-18T03:25:33Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"In this paper, we present a hybrid approach for buffer overflow detection in C code. The approach makes use of static and dynamic analysis of the application under investigation. The static part consists in calculating taint dependency sequences (TDS) between user controlled inputs and vulnerable statements. This process is akin to program slice of interest to calculate tainted data- and control-flow path which exhibits the dependence between tainted program inputs and vulnerable statements in the code. The dynamic part consists of executing the program along TDSs to trigger the vulnerability ","authors_text":"Dumitru Ceara, Laurent Mounier, Marie-Laure Potet, Sanjay Rawat","cross_cats":[],"headline":"","license":"http://creativecommons.org/licenses/by/3.0/","primary_cat":"cs.CR","submitted_at":"2013-05-16T18:28:45Z","title":"Combining Static and Dynamic Analysis for Vulnerability Detection"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1305.3883","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:10fa35267e06facdc93215085e2b393b1f0d1fa126fec6fb7347b3df6b8acd06","target":"record","created_at":"2026-05-18T03:25:33Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"22ac8163feb12956fa9132b86e3dc5db99cc50742b0297e1dd295deeb4ce9824","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/3.0/","primary_cat":"cs.CR","submitted_at":"2013-05-16T18:28:45Z","title_canon_sha256":"54f24c62b83eec6e33cc90ec633b454bd1aab040d7383c7138d88c6219a5a76a"},"schema_version":"1.0","source":{"id":"1305.3883","kind":"arxiv","version":1}},"canonical_sha256":"02811cf82e0924c44a7562b16e32c80e55cc738ff46d4d330283e96e55611302","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"02811cf82e0924c44a7562b16e32c80e55cc738ff46d4d330283e96e55611302","first_computed_at":"2026-05-18T03:25:33.761272Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T03:25:33.761272Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"fjH+7kgwyXN1OIyOeR4FpfZQxmp4D/eXAbSZCxj5kcRXCQeK81FlhS2EUz0jW7hIQm0H8WBuyKLhKkaRXhANBg==","signature_status":"signed_v1","signed_at":"2026-05-18T03:25:33.761871Z","signed_message":"canonical_sha256_bytes"},"source_id":"1305.3883","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:10fa35267e06facdc93215085e2b393b1f0d1fa126fec6fb7347b3df6b8acd06","sha256:34215e599dc8e47b66844e9eb56cd1f23dc322fd2ef2e037c97fb376914152e0"],"state_sha256":"e823874631bca8aa159e0379934f685f5662161ee28d03cb9c6d68c36f89dc8f"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"5vEoIkjDNPgM+/d0JUuNBa0yiSlk5dnvK0ENnWydFtFSrnmkcN1+WSlXGpf7icCEpVCauWAavHD/MWDsqgW0Ag==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-26T07:25:06.059777Z","bundle_sha256":"418fe4c851187de542d19e8bbdace6e1ef09fde52169af252069df83bf7fd273"}}