{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2018:I22YBPPODJTPFXOFDWIQUPUA5D","short_pith_number":"pith:I22YBPPO","canonical_record":{"source":{"id":"1801.04372","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-13T03:30:33Z","cross_cats_sorted":[],"title_canon_sha256":"cc25e0fa85154237bc869b66a93c081b4eda7d01647ec2a8df49101e7ece03cd","abstract_canon_sha256":"1314fb691d983bdc828ae25f792f9d35cdf940b95bae0a331803e5e0adbea399"},"schema_version":"1.0"},"canonical_sha256":"46b580bdee1a66f2ddc51d910a3e80e8db5a1f2c2c95abac5846ba2ddc693eab","source":{"kind":"arxiv","id":"1801.04372","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1801.04372","created_at":"2026-05-18T00:26:06Z"},{"alias_kind":"arxiv_version","alias_value":"1801.04372v1","created_at":"2026-05-18T00:26:06Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1801.04372","created_at":"2026-05-18T00:26:06Z"},{"alias_kind":"pith_short_12","alias_value":"I22YBPPODJTP","created_at":"2026-05-18T12:32:28Z"},{"alias_kind":"pith_short_16","alias_value":"I22YBPPODJTPFXOF","created_at":"2026-05-18T12:32:28Z"},{"alias_kind":"pith_short_8","alias_value":"I22YBPPO","created_at":"2026-05-18T12:32:28Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2018:I22YBPPODJTPFXOFDWIQUPUA5D","target":"record","payload":{"canonical_record":{"source":{"id":"1801.04372","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-13T03:30:33Z","cross_cats_sorted":[],"title_canon_sha256":"cc25e0fa85154237bc869b66a93c081b4eda7d01647ec2a8df49101e7ece03cd","abstract_canon_sha256":"1314fb691d983bdc828ae25f792f9d35cdf940b95bae0a331803e5e0adbea399"},"schema_version":"1.0"},"canonical_sha256":"46b580bdee1a66f2ddc51d910a3e80e8db5a1f2c2c95abac5846ba2ddc693eab","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:26:06.657354Z","signature_b64":"XqGTzw4WqiE7OMz67TplEdcnPcOzR7BSl8ZLsjcYqnFGSk50EOA4LQJbidr0lamCtVK59mZlG6qk/k2AqTFZCQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"46b580bdee1a66f2ddc51d910a3e80e8db5a1f2c2c95abac5846ba2ddc693eab","last_reissued_at":"2026-05-18T00:26:06.656571Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:26:06.656571Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1801.04372","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:26:06Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"JHnYPKpYogDR2ynYOUcop8FcU4zyFO865aBDsx/Dh8X5ZBZE7KxWkTxpJelWohxJfxTus6BWw/M6Oe/HGBmOBQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-09T07:24:54.565832Z"},"content_sha256":"ddd88b1236b54b4a4b4d59d1653ad156e5bee17327f6928fcc3c7b887ddb0484","schema_version":"1.0","event_id":"sha256:ddd88b1236b54b4a4b4d59d1653ad156e5bee17327f6928fcc3c7b887ddb0484"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2018:I22YBPPODJTPFXOFDWIQUPUA5D","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Daoyuan Wu, Debin Gao, Robert H. Deng, Yao Cheng, Yingjiu Li","submitted_at":"2018-01-13T03:30:33Z","abstract_excerpt":"Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By hijacking a vulnerable component in victim apps, an attack app can escalate its privilege for operations originally prohibited. Many prior studies have been performed to understand and mitigate this issue, but no defense is being deployed in the wild, largely due to the deployment difficulties and performance concerns. In this paper we present SCLib, a secure comp"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1801.04372","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:26:06Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"2FXALuUSLWZ5H5ILU1c4eSEuOz5/q5M2baopJYKmGDNQk25D2ifQOlJWwELx7P+Pj3372J0lAbqD3k6Y3zldAw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-09T07:24:54.566652Z"},"content_sha256":"f1c7da8a5382e3c38039e5384c72241e68fa36c9d6f261b30c7b02044f3bf965","schema_version":"1.0","event_id":"sha256:f1c7da8a5382e3c38039e5384c72241e68fa36c9d6f261b30c7b02044f3bf965"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/I22YBPPODJTPFXOFDWIQUPUA5D/bundle.json","state_url":"https://pith.science/pith/I22YBPPODJTPFXOFDWIQUPUA5D/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/I22YBPPODJTPFXOFDWIQUPUA5D/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-09T07:24:54Z","links":{"resolver":"https://pith.science/pith/I22YBPPODJTPFXOFDWIQUPUA5D","bundle":"https://pith.science/pith/I22YBPPODJTPFXOFDWIQUPUA5D/bundle.json","state":"https://pith.science/pith/I22YBPPODJTPFXOFDWIQUPUA5D/state.json","well_known_bundle":"https://pith.science/.well-known/pith/I22YBPPODJTPFXOFDWIQUPUA5D/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2018:I22YBPPODJTPFXOFDWIQUPUA5D","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"1314fb691d983bdc828ae25f792f9d35cdf940b95bae0a331803e5e0adbea399","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-13T03:30:33Z","title_canon_sha256":"cc25e0fa85154237bc869b66a93c081b4eda7d01647ec2a8df49101e7ece03cd"},"schema_version":"1.0","source":{"id":"1801.04372","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1801.04372","created_at":"2026-05-18T00:26:06Z"},{"alias_kind":"arxiv_version","alias_value":"1801.04372v1","created_at":"2026-05-18T00:26:06Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1801.04372","created_at":"2026-05-18T00:26:06Z"},{"alias_kind":"pith_short_12","alias_value":"I22YBPPODJTP","created_at":"2026-05-18T12:32:28Z"},{"alias_kind":"pith_short_16","alias_value":"I22YBPPODJTPFXOF","created_at":"2026-05-18T12:32:28Z"},{"alias_kind":"pith_short_8","alias_value":"I22YBPPO","created_at":"2026-05-18T12:32:28Z"}],"graph_snapshots":[{"event_id":"sha256:f1c7da8a5382e3c38039e5384c72241e68fa36c9d6f261b30c7b02044f3bf965","target":"graph","created_at":"2026-05-18T00:26:06Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By hijacking a vulnerable component in victim apps, an attack app can escalate its privilege for operations originally prohibited. Many prior studies have been performed to understand and mitigate this issue, but no defense is being deployed in the wild, largely due to the deployment difficulties and performance concerns. In this paper we present SCLib, a secure comp","authors_text":"Daoyuan Wu, Debin Gao, Robert H. Deng, Yao Cheng, Yingjiu Li","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-13T03:30:33Z","title":"SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1801.04372","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ddd88b1236b54b4a4b4d59d1653ad156e5bee17327f6928fcc3c7b887ddb0484","target":"record","created_at":"2026-05-18T00:26:06Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"1314fb691d983bdc828ae25f792f9d35cdf940b95bae0a331803e5e0adbea399","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-13T03:30:33Z","title_canon_sha256":"cc25e0fa85154237bc869b66a93c081b4eda7d01647ec2a8df49101e7ece03cd"},"schema_version":"1.0","source":{"id":"1801.04372","kind":"arxiv","version":1}},"canonical_sha256":"46b580bdee1a66f2ddc51d910a3e80e8db5a1f2c2c95abac5846ba2ddc693eab","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"46b580bdee1a66f2ddc51d910a3e80e8db5a1f2c2c95abac5846ba2ddc693eab","first_computed_at":"2026-05-18T00:26:06.656571Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:26:06.656571Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"XqGTzw4WqiE7OMz67TplEdcnPcOzR7BSl8ZLsjcYqnFGSk50EOA4LQJbidr0lamCtVK59mZlG6qk/k2AqTFZCQ==","signature_status":"signed_v1","signed_at":"2026-05-18T00:26:06.657354Z","signed_message":"canonical_sha256_bytes"},"source_id":"1801.04372","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ddd88b1236b54b4a4b4d59d1653ad156e5bee17327f6928fcc3c7b887ddb0484","sha256:f1c7da8a5382e3c38039e5384c72241e68fa36c9d6f261b30c7b02044f3bf965"],"state_sha256":"c72406216b2c18f0fe60d1fb7e753adf233eea46b516062ba6531092e863f197"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"TtF1bUhySW9RLatnOhEBvQnyPruoQJU1dSglwzdoq78iEktmlGJSBPa070fndoBTSpWnxh1mHL7O2szCu5RiCg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-09T07:24:54.571114Z","bundle_sha256":"8be75124a5e15291946ffdc59dce1e9c92a28734519cfaf1862ec362cac228da"}}