synchronous/korg-distributed
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c28c144fa2ad4b82155f3661525c1f5b61936ead
korg-distributed/tests/paper3.yaml
Jake Ginesin c28c144fa2 moar
2026-03-12 17:29:21 -04:00

134 lines
8.3 KiB
YAML
Raw Blame History

unidirectional-drop-abp:
- command: python src/main.py --model=tests/abp/abp.pml --attacker=drop --chan=AtoB --output=temp.pml --eval --cleanup --mem=1
- intended: no violation
- explanation: abp resists drop, see https://en.wikipedia.org/wiki/Alternating_bit_protocol
bidirectional-drop-abp:
- command: python src/main.py --model=tests/abp/abp.pml --attacker=drop --chan=AtoB,BtoA --output=temp.pml --eval --cleanup --mem=1
- intended: no violation
- explanation: abp resists drop, see https://en.wikipedia.org/wiki/Alternating_bit_protocol
# =============================================================================
# TCP - shared channel model (AtoB, BtoA)
#
# A sends on AtoB, B reads AtoB. B sends on BtoA, A reads BtoA.
# Korg attackers directly interpose on the shared channel.
# =============================================================================
# phi1: safety - half-open prevention
# always (leftClosed implies !rightEstablished)
# Expected: holds. B reaching Established requires A's ACK, which means
# A was also in Established. A cannot reach Closed from Established
# without a full teardown that also moves B out of Established.
tcp-phi1-drop-AtoB:
- command: python src/main.py --model=tests/tcp/tcp-phi1.pml --attacker=drop --chan=AtoB --output=temp.pml --eval --cleanup --mem=1
- intended: no violation
- explanation: dropping A's messages prevents B from reaching Established; no half-open possible
tcp-phi1-drop-bidirectional:
- command: python src/main.py --model=tests/tcp/tcp-phi1.pml --attacker=drop --chan=AtoB,BtoA --output=temp.pml --eval --cleanup --mem=1
- intended: no violation
- explanation: dropping on both channels prevents any handshake completion; neither side reaches Established
tcp-phi1-replay-AtoB:
- command: python src/main.py --model=tests/tcp/tcp-phi1.pml --attacker=replay --chan=AtoB --output=temp.pml --eval --cleanup --mem=1
- intended: property violation
- explanation: replay attacker copies A's message non-destructively, allowing normal handshake and teardown; after A returns to Closed, the replayed stale message drives B through a new handshake into Established, creating a half-open state
tcp-phi1-replay-bidirectional:
- command: python src/main.py --model=tests/tcp/tcp-phi1.pml --attacker=replay --chan=AtoB,BtoA --output=temp.pml --eval --cleanup --mem=1
- intended: property violation
- explanation: replay on both channels injects stale handshake messages in both directions; after A tears down to Closed, replayed messages push B into Established without A's participation
tcp-phi1-reorder-bidirectional:
- command: python src/main.py --model=tests/tcp/tcp-phi1.pml --attacker=reorder --chan=AtoB,BtoA --output=temp.pml --eval --cleanup --mem=2
- intended: no violation
- explanation: reordering cannot bypass the handshake dependency; half-open prevention holds structurally
# phi3: liveness - no infinite stalls/deadlocks
# neither side stuck forever in a non-terminal state
# Expected: drop on both channels can strand both sides post-Established
# (e.g., both in FinWait1 after FINs are dropped)
tcp-phi3-drop-AtoB-nodeadlock:
- command: python src/main.py --model=tests/tcp/tcp-phi3.pml --attacker=drop --chan=AtoB --output=temp.pml --eval --cleanup --mem=0
- intended: no violation
- explanation: with mem=0 the drop attacker cannot consume any messages; it goes straight to BREAK, leaving the model unmodified; timeout transitions prevent permanent stalls in the base model
tcp-phi3-drop-AtoB:
- command: python src/main.py --model=tests/tcp/tcp-phi3.pml --attacker=drop --chan=AtoB --output=temp.pml --eval --cleanup --mem=1
- intended: acceptance cycle
- explanation: handshake completes via nondeterministic pass; then attacker drops A's FIN, stranding both sides in post-Established states with no timeout recovery
tcp-phi3-drop-bidirectional:
- command: python src/main.py --model=tests/tcp/tcp-phi3.pml --attacker=drop --chan=AtoB,BtoA --output=temp.pml --eval --cleanup --mem=1
- intended: acceptance cycle
- explanation: attackers let handshake through, then drop FINs on both channels; both sides stuck in FinWait1 or similar permanently
tcp-phi3-replay-AtoB:
- command: python src/main.py --model=tests/tcp/tcp-phi3.pml --attacker=replay --chan=AtoB --output=temp.pml --eval --cleanup --mem=1
- intended: acceptance cycle
- explanation: replay attacker can consume A's FIN and never replay it, effectively dropping it; B stays in Established, A stuck in FinWait1
tcp-phi3-reorder-bidirectional:
- command: python src/main.py --model=tests/tcp/tcp-phi3.pml --attacker=reorder --chan=AtoB,BtoA --output=temp.pml --eval --cleanup --mem=2
- intended: acceptance cycle
- explanation: reorder attacker consumes teardown messages and delays them indefinitely, stranding both sides
# phi5: liveness - SYN_RECEIVED resolution
# SynReceived implies eventually (Established or FinWait1 or Closed)
# Expected: drop on AtoB traps A in SynReceived (no timeout modeled)
tcp-phi5-replay-BtoA:
- command: python src/main.py --model=tests/tcp/tcp-phi5.pml --attacker=replay --chan=BtoA --output=temp.pml --eval --cleanup --mem=1
- intended: no violation
- explanation: replaying B's messages on BtoA delivers extra SYNs to A; if A enters SynReceived, the replayed messages do not prevent ACK delivery on AtoB (which is unattacked), so SynReceived resolves normally
tcp-phi5-drop-AtoB:
- command: python src/main.py --model=tests/tcp/tcp-phi5.pml --attacker=drop --chan=AtoB --output=temp.pml --eval --cleanup --mem=1
- intended: acceptance cycle
- explanation: A goes to Listen, B's SYN arrives via BtoA, A enters SynReceived and sends SYN+ACK on AtoB; attacker drops it; B never completes handshake, A stuck in SynReceived permanently (no timeout in model)
tcp-phi5-drop-BtoA:
- command: python src/main.py --model=tests/tcp/tcp-phi5.pml --attacker=drop --chan=BtoA --output=temp.pml --eval --cleanup --mem=1
- intended: acceptance cycle
- explanation: B sends SYN on BtoA, attacker drops it; but A can also initiate — if A goes Listen and B goes SynSent, A needs B's SYN which is dropped; however A can enter SynReceived via simultaneous open path and get stuck
tcp-phi5-drop-bidirectional:
- command: python src/main.py --model=tests/tcp/tcp-phi5.pml --attacker=drop --chan=AtoB,BtoA --output=temp.pml --eval --cleanup --mem=1
- intended: acceptance cycle
- explanation: dropping on both channels after SynReceived is entered prevents any ACK from arriving to resolve it
tcp-phi5-replay-AtoB:
- command: python src/main.py --model=tests/tcp/tcp-phi5.pml --attacker=replay --chan=AtoB --output=temp.pml --eval --cleanup --mem=1
- intended: acceptance cycle
- explanation: replay attacker consumes A's SYN+ACK and never replays it (terminates with empty mem), effectively a drop; A stuck in SynReceived
tcp-phi5-reorder-AtoB:
- command: python src/main.py --model=tests/tcp/tcp-phi5.pml --attacker=reorder --chan=AtoB --output=temp.pml --eval --cleanup --mem=2
- intended: acceptance cycle
- explanation: reorder attacker consumes A's SYN+ACK during the handshake; even if replayed later, the ordering disruption can prevent SynReceived resolution
# phi6: safety - strict closing transitions
# Closing implies next(Closing or Closed)
# Expected: violated even without attacker. Closing transitions to
# TimeWait on ACK (not Closed), and TimeWaitState is neither
# ClosingState nor ClosedState.
tcp-phi6-drop-AtoB:
- command: python src/main.py --model=tests/tcp/tcp-phi6.pml --attacker=drop --chan=AtoB --output=temp.pml --eval --cleanup --mem=1
- intended: property violation
- explanation: base model already violates phi6; simultaneous close leads to Closing, then ACK transitions to TimeWait which is not Closing or Closed; attacker goes to BREAK, preserving the pre-existing violation
tcp-phi6-replay-AtoB:
- command: python src/main.py --model=tests/tcp/tcp-phi6.pml --attacker=replay --chan=AtoB --output=temp.pml --eval --cleanup --mem=1
- intended: property violation
- explanation: same base-model violation; Closing -> TimeWait is always reachable once simultaneous close occurs
tcp-phi6-reorder-bidirectional:
- command: python src/main.py --model=tests/tcp/tcp-phi6.pml --attacker=reorder --chan=AtoB,BtoA --output=temp.pml --eval --cleanup --mem=2
- intended: property violation
- explanation: same base-model violation; attacker presence does not affect the Closing -> TimeWait transition path
Reference in New Issue View Git Blame Copy Permalink