{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2019:QTV5I3P4U6IMF372MYSDB3ZNP7","short_pith_number":"pith:QTV5I3P4","schema_version":"1.0","canonical_sha256":"84ebd46dfca790c2effa662430ef2d7fd4dc369eff8941a7c13003701e6ba72c","source":{"kind":"arxiv","id":"1905.08192","version":1},"attestation_state":"computed","paper":{"title":"Secure Extensibility for System State Extraction via Plugin Sandboxing","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.OS","cs.SE"],"primary_cat":"cs.CR","authors_text":"Canturk Isci, Sahil Suneja","submitted_at":"2019-05-20T16:16:17Z","abstract_excerpt":"We introduce a new mechanism to securely extend systems data collection software with potentially untrusted third-party code. Unlike existing tools which run extension modules or plugins directly inside the monitored endpoint (the guest), we run plugins inside a specially crafted sandbox, so as to protect the guest as well as the software core. To get the right mix of accessibility and constraints required for systems data extraction, we create our sandbox by combining multiple features exported by an unmodified kernel. We have tested its applicability by successfully sandboxing plugins of an "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1905.08192","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-20T16:16:17Z","cross_cats_sorted":["cs.OS","cs.SE"],"title_canon_sha256":"895222184839536c8d9a05b56f995ea3e8b207c9b3aecb40c3107e2c84c99891","abstract_canon_sha256":"fb64ef20f05905b41db1663f9889668760d1f0809b22670433b4a13a256677e4"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T03:30:36.407802Z","signature_b64":"eRLMSlVTsvnkccv+qwDZbhYyY5RzCEp6HEvXrZpcdw6+PIFUaLSpglLttNK5N5e6Af3XSYTpHTk1eIJpm7nRDQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"84ebd46dfca790c2effa662430ef2d7fd4dc369eff8941a7c13003701e6ba72c","last_reissued_at":"2026-07-05T03:30:36.407385Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T03:30:36.407385Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Secure Extensibility for System State Extraction via Plugin Sandboxing","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.OS","cs.SE"],"primary_cat":"cs.CR","authors_text":"Canturk Isci, Sahil Suneja","submitted_at":"2019-05-20T16:16:17Z","abstract_excerpt":"We introduce a new mechanism to securely extend systems data collection software with potentially untrusted third-party code. Unlike existing tools which run extension modules or plugins directly inside the monitored endpoint (the guest), we run plugins inside a specially crafted sandbox, so as to protect the guest as well as the software core. To get the right mix of accessibility and constraints required for systems data extraction, we create our sandbox by combining multiple features exported by an unmodified kernel. We have tested its applicability by successfully sandboxing plugins of an "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1905.08192","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/1905.08192/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1905.08192","created_at":"2026-07-05T03:30:36.407450+00:00"},{"alias_kind":"arxiv_version","alias_value":"1905.08192v1","created_at":"2026-07-05T03:30:36.407450+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1905.08192","created_at":"2026-07-05T03:30:36.407450+00:00"},{"alias_kind":"pith_short_12","alias_value":"QTV5I3P4U6IM","created_at":"2026-07-05T03:30:36.407450+00:00"},{"alias_kind":"pith_short_16","alias_value":"QTV5I3P4U6IMF372","created_at":"2026-07-05T03:30:36.407450+00:00"},{"alias_kind":"pith_short_8","alias_value":"QTV5I3P4","created_at":"2026-07-05T03:30:36.407450+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/QTV5I3P4U6IMF372MYSDB3ZNP7","json":"https://pith.science/pith/QTV5I3P4U6IMF372MYSDB3ZNP7.json","graph_json":"https://pith.science/api/pith-number/QTV5I3P4U6IMF372MYSDB3ZNP7/graph.json","events_json":"https://pith.science/api/pith-number/QTV5I3P4U6IMF372MYSDB3ZNP7/events.json","paper":"https://pith.science/paper/QTV5I3P4"},"agent_actions":{"view_html":"https://pith.science/pith/QTV5I3P4U6IMF372MYSDB3ZNP7","download_json":"https://pith.science/pith/QTV5I3P4U6IMF372MYSDB3ZNP7.json","view_paper":"https://pith.science/paper/QTV5I3P4","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1905.08192&json=true","fetch_graph":"https://pith.science/api/pith-number/QTV5I3P4U6IMF372MYSDB3ZNP7/graph.json","fetch_events":"https://pith.science/api/pith-number/QTV5I3P4U6IMF372MYSDB3ZNP7/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/QTV5I3P4U6IMF372MYSDB3ZNP7/action/timestamp_anchor","attest_storage":"https://pith.science/pith/QTV5I3P4U6IMF372MYSDB3ZNP7/action/storage_attestation","attest_author":"https://pith.science/pith/QTV5I3P4U6IMF372MYSDB3ZNP7/action/author_attestation","sign_citation":"https://pith.science/pith/QTV5I3P4U6IMF372MYSDB3ZNP7/action/citation_signature","submit_replication":"https://pith.science/pith/QTV5I3P4U6IMF372MYSDB3ZNP7/action/replication_record"}},"created_at":"2026-07-05T03:30:36.407450+00:00","updated_at":"2026-07-05T03:30:36.407450+00:00"}