{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:QVFDPBW3TTCKDHNDRGCQJ4XU3O","short_pith_number":"pith:QVFDPBW3","canonical_record":{"source":{"id":"1901.03603","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-11T14:53:42Z","cross_cats_sorted":[],"title_canon_sha256":"f0ad1c3da434d5bd4c79e7dcb1f5e05f96652569315abee4be84a3d10c5d4f2e","abstract_canon_sha256":"cb72bcaf164c255fde1a79cd96d9e2376502c521d1ea4ef99f168350d1cb09cc"},"schema_version":"1.0"},"canonical_sha256":"854a3786db9cc4a19da3898504f2f4dbabb383977b48e8bff2c78ae79674524f","source":{"kind":"arxiv","id":"1901.03603","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1901.03603","created_at":"2026-05-17T23:56:30Z"},{"alias_kind":"arxiv_version","alias_value":"1901.03603v1","created_at":"2026-05-17T23:56:30Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1901.03603","created_at":"2026-05-17T23:56:30Z"},{"alias_kind":"pith_short_12","alias_value":"QVFDPBW3TTCK","created_at":"2026-05-18T12:33:27Z"},{"alias_kind":"pith_short_16","alias_value":"QVFDPBW3TTCKDHND","created_at":"2026-05-18T12:33:27Z"},{"alias_kind":"pith_short_8","alias_value":"QVFDPBW3","created_at":"2026-05-18T12:33:27Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:QVFDPBW3TTCKDHNDRGCQJ4XU3O","target":"record","payload":{"canonical_record":{"source":{"id":"1901.03603","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-11T14:53:42Z","cross_cats_sorted":[],"title_canon_sha256":"f0ad1c3da434d5bd4c79e7dcb1f5e05f96652569315abee4be84a3d10c5d4f2e","abstract_canon_sha256":"cb72bcaf164c255fde1a79cd96d9e2376502c521d1ea4ef99f168350d1cb09cc"},"schema_version":"1.0"},"canonical_sha256":"854a3786db9cc4a19da3898504f2f4dbabb383977b48e8bff2c78ae79674524f","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:56:30.847907Z","signature_b64":"Wcm8ANtD8sbRInICKk1DfTrUHbbycLqxqFrcjtZ4JqZ2zopQCIZcwBa42QK27y4fZh9GA9aVRzDHjBrptPehAA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"854a3786db9cc4a19da3898504f2f4dbabb383977b48e8bff2c78ae79674524f","last_reissued_at":"2026-05-17T23:56:30.847539Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:56:30.847539Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1901.03603","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:56:30Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"ZrsGUh3ZXglLOjBTFc1/luAEB/ComIg+vBwEQ2TqhqIptqyZM3smGkQo+69P8pBUWpMQiZMbH+Vo5SZzzufNAQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-27T21:17:21.563765Z"},"content_sha256":"aef5a4bb06dd89892329db41c5e07b1a3f0f252b1f6bdf19f6b90c1f863ec42a","schema_version":"1.0","event_id":"sha256:aef5a4bb06dd89892329db41c5e07b1a3f0f252b1f6bdf19f6b90c1f863ec42a"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:QVFDPBW3TTCKDHNDRGCQJ4XU3O","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Adwait Nadkarni, Alexandre Bartel, Benjamin Andow, Eric Bodden, Sigmund Albert Gorski III, Sunil Manandhar, William Enck","submitted_at":"2019-01-11T14:53:42Z","abstract_excerpt":"Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1901.03603","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:56:30Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"/yX+zwqK7tG7nZow0uMIuVQLbj8JtDZAUwYPf5G+lE+K3LlWFu89mmxgC/0ns37kEru9k3ebE9bHRQ9FVNPhBg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-27T21:17:21.564468Z"},"content_sha256":"246342fda6fc9502eaedde0b75b5733a1386fdc9570c2e361b31f64aa6cfc481","schema_version":"1.0","event_id":"sha256:246342fda6fc9502eaedde0b75b5733a1386fdc9570c2e361b31f64aa6cfc481"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/QVFDPBW3TTCKDHNDRGCQJ4XU3O/bundle.json","state_url":"https://pith.science/pith/QVFDPBW3TTCKDHNDRGCQJ4XU3O/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/QVFDPBW3TTCKDHNDRGCQJ4XU3O/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-27T21:17:21Z","links":{"resolver":"https://pith.science/pith/QVFDPBW3TTCKDHNDRGCQJ4XU3O","bundle":"https://pith.science/pith/QVFDPBW3TTCKDHNDRGCQJ4XU3O/bundle.json","state":"https://pith.science/pith/QVFDPBW3TTCKDHNDRGCQJ4XU3O/state.json","well_known_bundle":"https://pith.science/.well-known/pith/QVFDPBW3TTCKDHNDRGCQJ4XU3O/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:QVFDPBW3TTCKDHNDRGCQJ4XU3O","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"cb72bcaf164c255fde1a79cd96d9e2376502c521d1ea4ef99f168350d1cb09cc","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-11T14:53:42Z","title_canon_sha256":"f0ad1c3da434d5bd4c79e7dcb1f5e05f96652569315abee4be84a3d10c5d4f2e"},"schema_version":"1.0","source":{"id":"1901.03603","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1901.03603","created_at":"2026-05-17T23:56:30Z"},{"alias_kind":"arxiv_version","alias_value":"1901.03603v1","created_at":"2026-05-17T23:56:30Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1901.03603","created_at":"2026-05-17T23:56:30Z"},{"alias_kind":"pith_short_12","alias_value":"QVFDPBW3TTCK","created_at":"2026-05-18T12:33:27Z"},{"alias_kind":"pith_short_16","alias_value":"QVFDPBW3TTCKDHND","created_at":"2026-05-18T12:33:27Z"},{"alias_kind":"pith_short_8","alias_value":"QVFDPBW3","created_at":"2026-05-18T12:33:27Z"}],"graph_snapshots":[{"event_id":"sha256:246342fda6fc9502eaedde0b75b5733a1386fdc9570c2e361b31f64aa6cfc481","target":"graph","created_at":"2026-05-17T23:56:30Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. ","authors_text":"Adwait Nadkarni, Alexandre Bartel, Benjamin Andow, Eric Bodden, Sigmund Albert Gorski III, Sunil Manandhar, William Enck","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-11T14:53:42Z","title":"ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1901.03603","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:aef5a4bb06dd89892329db41c5e07b1a3f0f252b1f6bdf19f6b90c1f863ec42a","target":"record","created_at":"2026-05-17T23:56:30Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"cb72bcaf164c255fde1a79cd96d9e2376502c521d1ea4ef99f168350d1cb09cc","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-11T14:53:42Z","title_canon_sha256":"f0ad1c3da434d5bd4c79e7dcb1f5e05f96652569315abee4be84a3d10c5d4f2e"},"schema_version":"1.0","source":{"id":"1901.03603","kind":"arxiv","version":1}},"canonical_sha256":"854a3786db9cc4a19da3898504f2f4dbabb383977b48e8bff2c78ae79674524f","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"854a3786db9cc4a19da3898504f2f4dbabb383977b48e8bff2c78ae79674524f","first_computed_at":"2026-05-17T23:56:30.847539Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:56:30.847539Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"Wcm8ANtD8sbRInICKk1DfTrUHbbycLqxqFrcjtZ4JqZ2zopQCIZcwBa42QK27y4fZh9GA9aVRzDHjBrptPehAA==","signature_status":"signed_v1","signed_at":"2026-05-17T23:56:30.847907Z","signed_message":"canonical_sha256_bytes"},"source_id":"1901.03603","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:aef5a4bb06dd89892329db41c5e07b1a3f0f252b1f6bdf19f6b90c1f863ec42a","sha256:246342fda6fc9502eaedde0b75b5733a1386fdc9570c2e361b31f64aa6cfc481"],"state_sha256":"1062f401cacfc57d4240b185e0a8a78c113e4260cabec1690a1999cafa5cb773"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"eNl2e+dlTIeNLWkgeBOdnVoJmQ7T1VQZNQ3d5DN1VTU+Vg2In5mJzb9btStYroa3hOGuFrrGV+CxKHPF4Z67DA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-27T21:17:21.567989Z","bundle_sha256":"6c91efb436268d4d857d6c6b8573f3054cafe365b828dfaf198237ef844dd51b"}}