{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:LGWQUEEUSU4ISUKOC5WGOPVYY7","short_pith_number":"pith:LGWQUEEU","canonical_record":{"source":{"id":"1701.01535","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-01-06T03:31:35Z","cross_cats_sorted":[],"title_canon_sha256":"3f5a8202f3d05321785a958c49df78fbf76997e9537f84b8f6e527237fdd567c","abstract_canon_sha256":"af8fb4e9d3b21db858b091d9e20e8312bf5553c497299d9626476b35008a648e"},"schema_version":"1.0"},"canonical_sha256":"59ad0a1094953889514e176c673eb8c7d0e9f9116df6a144cd0097d73da0eb62","source":{"kind":"arxiv","id":"1701.01535","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1701.01535","created_at":"2026-05-18T00:53:16Z"},{"alias_kind":"arxiv_version","alias_value":"1701.01535v1","created_at":"2026-05-18T00:53:16Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1701.01535","created_at":"2026-05-18T00:53:16Z"},{"alias_kind":"pith_short_12","alias_value":"LGWQUEEUSU4I","created_at":"2026-05-18T12:31:28Z"},{"alias_kind":"pith_short_16","alias_value":"LGWQUEEUSU4ISUKO","created_at":"2026-05-18T12:31:28Z"},{"alias_kind":"pith_short_8","alias_value":"LGWQUEEU","created_at":"2026-05-18T12:31:28Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:LGWQUEEUSU4ISUKOC5WGOPVYY7","target":"record","payload":{"canonical_record":{"source":{"id":"1701.01535","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-01-06T03:31:35Z","cross_cats_sorted":[],"title_canon_sha256":"3f5a8202f3d05321785a958c49df78fbf76997e9537f84b8f6e527237fdd567c","abstract_canon_sha256":"af8fb4e9d3b21db858b091d9e20e8312bf5553c497299d9626476b35008a648e"},"schema_version":"1.0"},"canonical_sha256":"59ad0a1094953889514e176c673eb8c7d0e9f9116df6a144cd0097d73da0eb62","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:53:16.587085Z","signature_b64":"ox+s7c1dhtHMUxE9Wo+diU/slv1VvtaM4As2yBJRW/toq0P+EnCkMgqZCJz4qpZff4iXqroaThPxPAR/3L/tBA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"59ad0a1094953889514e176c673eb8c7d0e9f9116df6a144cd0097d73da0eb62","last_reissued_at":"2026-05-18T00:53:16.586376Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:53:16.586376Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1701.01535","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:53:16Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"QSpOvz+IHHx7eRTZh4lrObUt49hYkEBT1PSblwOEWMG+vvIsLTPcGtY1ZVXFXlBFhIma1//AZukr9+dXB9LLDg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-21T22:25:05.445297Z"},"content_sha256":"a3a65c6ab94144d7d2d6bbff73a753d242174e24a72e94119c9e951b98a0a819","schema_version":"1.0","event_id":"sha256:a3a65c6ab94144d7d2d6bbff73a753d242174e24a72e94119c9e951b98a0a819"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:LGWQUEEUSU4ISUKOC5WGOPVYY7","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"High-Assurance Separation Kernels: A Survey on Formal Methods","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.SE","authors_text":"David Sanan, Fuyuan Zhang, Yang Liu, Yongwang Zhao","submitted_at":"2017-01-06T03:31:35Z","abstract_excerpt":"Separation kernels provide temporal/spatial separation and controlled information flow to their hosted applications. They are introduced to decouple the analysis of applications in partitions from the analysis of the kernel itself. More than 20 implementations of separation kernels have been developed and widely applied in critical domains, e.g., avionics/aerospace, military/defense, and medical devices. Formal methods are mandated by the security/safety certification of separation kernels and have been carried out since this concept emerged. However, this field lacks a survey to systematicall"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1701.01535","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:53:16Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"ApBKLS0uynG9sB1ETYnD6OE3EzOVYLMBP2uknOWD754PGjyp2yrK3EcArkSwvGX0U2wILr54mxGfPogknV8KCg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-21T22:25:05.445658Z"},"content_sha256":"d62796abb06eff9e3c60a0aa5f591d757ef4abdb2123e097b723eec74e6d4301","schema_version":"1.0","event_id":"sha256:d62796abb06eff9e3c60a0aa5f591d757ef4abdb2123e097b723eec74e6d4301"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/LGWQUEEUSU4ISUKOC5WGOPVYY7/bundle.json","state_url":"https://pith.science/pith/LGWQUEEUSU4ISUKOC5WGOPVYY7/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/LGWQUEEUSU4ISUKOC5WGOPVYY7/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-21T22:25:05Z","links":{"resolver":"https://pith.science/pith/LGWQUEEUSU4ISUKOC5WGOPVYY7","bundle":"https://pith.science/pith/LGWQUEEUSU4ISUKOC5WGOPVYY7/bundle.json","state":"https://pith.science/pith/LGWQUEEUSU4ISUKOC5WGOPVYY7/state.json","well_known_bundle":"https://pith.science/.well-known/pith/LGWQUEEUSU4ISUKOC5WGOPVYY7/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:LGWQUEEUSU4ISUKOC5WGOPVYY7","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"af8fb4e9d3b21db858b091d9e20e8312bf5553c497299d9626476b35008a648e","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-01-06T03:31:35Z","title_canon_sha256":"3f5a8202f3d05321785a958c49df78fbf76997e9537f84b8f6e527237fdd567c"},"schema_version":"1.0","source":{"id":"1701.01535","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1701.01535","created_at":"2026-05-18T00:53:16Z"},{"alias_kind":"arxiv_version","alias_value":"1701.01535v1","created_at":"2026-05-18T00:53:16Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1701.01535","created_at":"2026-05-18T00:53:16Z"},{"alias_kind":"pith_short_12","alias_value":"LGWQUEEUSU4I","created_at":"2026-05-18T12:31:28Z"},{"alias_kind":"pith_short_16","alias_value":"LGWQUEEUSU4ISUKO","created_at":"2026-05-18T12:31:28Z"},{"alias_kind":"pith_short_8","alias_value":"LGWQUEEU","created_at":"2026-05-18T12:31:28Z"}],"graph_snapshots":[{"event_id":"sha256:d62796abb06eff9e3c60a0aa5f591d757ef4abdb2123e097b723eec74e6d4301","target":"graph","created_at":"2026-05-18T00:53:16Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Separation kernels provide temporal/spatial separation and controlled information flow to their hosted applications. They are introduced to decouple the analysis of applications in partitions from the analysis of the kernel itself. More than 20 implementations of separation kernels have been developed and widely applied in critical domains, e.g., avionics/aerospace, military/defense, and medical devices. Formal methods are mandated by the security/safety certification of separation kernels and have been carried out since this concept emerged. However, this field lacks a survey to systematicall","authors_text":"David Sanan, Fuyuan Zhang, Yang Liu, Yongwang Zhao","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-01-06T03:31:35Z","title":"High-Assurance Separation Kernels: A Survey on Formal Methods"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1701.01535","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:a3a65c6ab94144d7d2d6bbff73a753d242174e24a72e94119c9e951b98a0a819","target":"record","created_at":"2026-05-18T00:53:16Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"af8fb4e9d3b21db858b091d9e20e8312bf5553c497299d9626476b35008a648e","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-01-06T03:31:35Z","title_canon_sha256":"3f5a8202f3d05321785a958c49df78fbf76997e9537f84b8f6e527237fdd567c"},"schema_version":"1.0","source":{"id":"1701.01535","kind":"arxiv","version":1}},"canonical_sha256":"59ad0a1094953889514e176c673eb8c7d0e9f9116df6a144cd0097d73da0eb62","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"59ad0a1094953889514e176c673eb8c7d0e9f9116df6a144cd0097d73da0eb62","first_computed_at":"2026-05-18T00:53:16.586376Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:53:16.586376Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"ox+s7c1dhtHMUxE9Wo+diU/slv1VvtaM4As2yBJRW/toq0P+EnCkMgqZCJz4qpZff4iXqroaThPxPAR/3L/tBA==","signature_status":"signed_v1","signed_at":"2026-05-18T00:53:16.587085Z","signed_message":"canonical_sha256_bytes"},"source_id":"1701.01535","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:a3a65c6ab94144d7d2d6bbff73a753d242174e24a72e94119c9e951b98a0a819","sha256:d62796abb06eff9e3c60a0aa5f591d757ef4abdb2123e097b723eec74e6d4301"],"state_sha256":"803b96dc694e7bd4913cefa28dcbfab00ca37394c4a263bbfa93ac0e77ee1e61"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"FSa/aTAeSaLai9mPJjb1iR36nehf+YdU2ckbTdFG1qIqU1Mw2gLOeACVNGoFlv6/WZRNWkzUczm44zNEbWBYDg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-21T22:25:05.447640Z","bundle_sha256":"db47f39cbc4bf1c74851f35f1ae1551f1b9e9e33e7919ac673866267ff3e2709"}}