synchronous/korg-paper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more

Browse Source
This commit is contained in:
Your Name
2025-02-23 17:28:08 -05:00
parent cc322832e2
commit 965446ee62
20 changed files with 6464 additions and 10312 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6142
.latexrun.db
View File

File diff suppressed because it is too large Load Diff

6347
IEEEtran.cls
View File

File diff suppressed because it is too large Load Diff

205
main.aux
View File

@@ -3,75 +3,87 @@
\providecommand\hyper@newdestlabel[2]{}
\providecommand\HyField@AuxAddToFields[1]{}
\providecommand\HyField@AuxAddToCoFields[2]{}
\citation{Lamport_1994,Holzmann_1997,Clarke_Wang}
\citation{Basin_Cremers_Dreier_Sasse_2022,Kobeissi_Nicolas_Tiwari,Blanchet_Jacomme,Basin_Linker_Sasse}
\citation{Hippel2022_anonym}
\citation{Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson,Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016,Ongaro_Ousterhout}
\citation{Delzanno_Tatarek_Traverso_2014,ironfleet,Rahli_Vukotic_Völp_Esteves-Verissimo_2018}
\citation{Sergey_Wilcox_Tatlock_2018,ironfleet}
\citation{Smith_1997,Narayana_Chen_Zhao_Chen_Fu_Zhou_2006,Arun_Arashloo_Saeed_Alizadeh_Balakrishnan_2021,Beurdouche}
\providecommand \oddpage@label [2]{}
\@writefile{toc}{\contentsline {section}{\numberline {I}Introduction}{1}{section.1}\protected@file@percent }
\newlabel{sec:introduction}{{I}{1}{Introduction}{section.1}{}}
\@writefile{toc}{\contentsline {section}{\numberline {II}\textsc {Korg}\xspace Architecture}{1}{section.2}\protected@file@percent }
\newlabel{sec:design}{{II}{1}{\korg Architecture}{section.2}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {II-A}}Mathematical Preliminaries}{1}{subsection.2.1}\protected@file@percent }
\newlabel{sub:Mathematical Preliminaries}{{\mbox {II-A}}{1}{Mathematical Preliminaries}{subsection.2.1}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {II-B}}High-level design}{2}{subsection.2.2}\protected@file@percent }
\newlabel{sub:High-level design}{{\mbox {II-B}}{2}{High-level design}{subsection.2.2}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces A high-level overview of the \textsc {Korg}\xspace workflow}}{2}{figure.caption.1}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{1}{section.1}\protected@file@percent }
\newlabel{sec:introduction}{{1}{1}{Introduction}{section.1}{}}
\citation{Hippel2022}
\@writefile{toc}{\contentsline {section}{\numberline {2}Attacker Gadgets}{2}{section.2}\protected@file@percent }
\newlabel{sec:Attacker Gadgets}{{2}{2}{Attacker Gadgets}{section.2}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces high-level state machine diagram of the \textit {drop} attacker gadget, attacking a channel \texttt {chan}. A natural number \texttt {lim} is pre-defined.}}{2}{figure.caption.1}\protected@file@percent }
\providecommand*\caption@xref[2]{\@setref\relax\@undefined{#1}}
\newlabel{fig:korg_workflow}{{1}{2}{A high-level overview of the \korg workflow}{figure.caption.1}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {II-C}}Supported Attacker Models}{2}{subsection.2.3}\protected@file@percent }
\newlabel{sub:Supported Attacker Models}{{\mbox {II-C}}{2}{Supported Attacker Models}{subsection.2.3}{}}
\newlabel{lst:korg_drop}{{1}{2}{Example dropping attacker model gadget with drop limit of 3, targetting channel "cn"}{lstlisting.1}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {1}{\ignorespaces Example dropping attacker model gadget with drop limit of 3, targetting channel "cn"}}{2}{lstlisting.1}\protected@file@percent }
\newlabel{fig:drop}{{1}{2}{high-level state machine diagram of the \textit {drop} attacker gadget, attacking a channel \texttt {chan}. A natural number \texttt {lim} is pre-defined}{figure.caption.1}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces High-level state machine diagram of the \textit {replay} attacker gadget, attacking a channel \texttt {chan}. A natural number \texttt {lim} is pre-defined. \texttt {buf} is a simple FIFO buffer of length \texttt {lim}.}}{2}{figure.caption.2}\protected@file@percent }
\newlabel{fig:replay}{{2}{2}{High-level state machine diagram of the \textit {replay} attacker gadget, attacking a channel \texttt {chan}. A natural number \texttt {lim} is pre-defined. \texttt {buf} is a simple FIFO buffer of length \texttt {lim}}{figure.caption.2}{}}
\citation{Holzmann_2014}
\citation{Holzmann_Smith_2000}
\citation{mcp}
\newlabel{lst:korg_replay}{{2}{3}{Example replay attacker model gadget with the selected replay limit as 3, targetting channel "cn"}{lstlisting.2}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {2}{\ignorespaces Example replay attacker model gadget with the selected replay limit as 3, targetting channel "cn"}}{3}{lstlisting.2}\protected@file@percent }
\newlabel{lst:korg_reordering}{{3}{3}{Example reordering attacker model gadget with the selected replay limit as 3, targetting channel "cn"}{lstlisting.3}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {3}{\ignorespaces Example reordering attacker model gadget with the selected replay limit as 3, targetting channel "cn"}}{3}{lstlisting.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {II-D}}\textsc {Korg}\xspace Implementation}{3}{subsection.2.4}\protected@file@percent }
\newlabel{sub:impl}{{\mbox {II-D}}{3}{\korg Implementation}{subsection.2.4}{}}
\newlabel{lst:io-file}{{4}{4}{Example I/O file targetting channel "cn"}{lstlisting.4}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {4}{\ignorespaces Example I/O file targetting channel "cn"}}{4}{lstlisting.4}\protected@file@percent }
\newlabel{lst:io-file-synth}{{5}{4}{Example gadget synthesized from an I/O file targetting the channel "cn"}{lstlisting.5}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {5}{\ignorespaces Example gadget synthesized from an I/O file targetting the channel "cn"}}{4}{lstlisting.5}\protected@file@percent }
\newlabel{lst:spin-model}{{6}{4}{Example \promela model of peers communicating over a channel. \texttt {!} indicates sending a message onto a channel, \texttt {?} indicates receiving a message from a channel}{lstlisting.6}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {6}{\ignorespaces Example \textsc {Promela}\xspace model of peers communicating over a channel. \texttt {!} indicates sending a message onto a channel, \texttt {?} indicates receiving a message from a channel.}}{4}{lstlisting.6}\protected@file@percent }
\newlabel{lst:drop_passer}{{7}{4}{Example dropping attacker model gadget with message skipping}{lstlisting.7}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {7}{\ignorespaces Example dropping attacker model gadget with message skipping}}{4}{lstlisting.7}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {II-E}}Usage}{4}{subsection.2.5}\protected@file@percent }
\newlabel{sub:Usage}{{\mbox {II-E}}{4}{Usage}{subsection.2.5}{}}
\citation{message_queues_TLA}
\citation{Hsieh_Mitra_2019}
\citation{mCRL2}
\@writefile{lof}{\contentsline {figure}{\numberline {3}{\ignorespaces High-level state machine diagram of the \textit {reorder} attacker gadget, attacking a channel \texttt {chan}. A natural number \texttt {lim} is pre-defined. \texttt {buf} is a simple FIFO buffer of length \texttt {lim}.}}{3}{figure.caption.3}\protected@file@percent }
\newlabel{fig:reorder}{{3}{3}{High-level state machine diagram of the \textit {reorder} attacker gadget, attacking a channel \texttt {chan}. A natural number \texttt {lim} is pre-defined. \texttt {buf} is a simple FIFO buffer of length \texttt {lim}}{figure.caption.3}{}}
\@writefile{toc}{\contentsline {section}{\numberline {3}\textsc {Panda}\xspace Architecture}{3}{section.3}\protected@file@percent }
\newlabel{sec:design}{{3}{3}{\korg Architecture}{section.3}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}High-level design}{3}{subsection.3.1}\protected@file@percent }
\newlabel{sub:High-level design}{{3.1}{3}{High-level design}{subsection.3.1}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}\textsc {Panda}\xspace Implementation}{3}{subsection.3.2}\protected@file@percent }
\newlabel{sub:impl}{{3.2}{3}{\korg Implementation}{subsection.3.2}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {4}{\ignorespaces A high-level overview of the \textsc {Panda}\xspace workflow}}{3}{figure.caption.4}\protected@file@percent }
\newlabel{fig:korg_workflow}{{4}{3}{A high-level overview of the \korg workflow}{figure.caption.4}{}}
\newlabel{lst:spin-model}{{1}{3}{Example \promela model of peers communicating over a channel. \texttt {!} indicates sending a message onto a channel, \texttt {?} indicates receiving a message from a channel}{lstlisting.1}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {1}{\ignorespaces Example \textsc {Promela}\xspace model of peers communicating over a channel. \texttt {!} indicates sending a message onto a channel, \texttt {?} indicates receiving a message from a channel.}}{3}{lstlisting.1}\protected@file@percent }
\newlabel{lst:korg_drop}{{\caption@xref {lst:korg_drop}{ on input line 117}}{4}{\korg Implementation}{figure.caption.5}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {5}{\ignorespaces Example dropping attacker model gadget with drop limit of 3, targetting channel "cn"}}{4}{figure.caption.5}\protected@file@percent }
\newlabel{lst:korg_drop}{{5}{4}{Example dropping attacker model gadget with drop limit of 3, targetting channel "cn"}{figure.caption.5}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {6}{\ignorespaces Example replay attacker model gadget with the selected replay limit as 3, targetting channel "cn"}}{4}{figure.caption.6}\protected@file@percent }
\newlabel{lst:korg_replay}{{6}{4}{Example replay attacker model gadget with the selected replay limit as 3, targetting channel "cn"}{figure.caption.6}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {7}{\ignorespaces Example reordering attacker model gadget with the selected replay limit as 3, targetting channel "cn"}}{5}{figure.caption.7}\protected@file@percent }
\newlabel{lst:korg_reordering}{{7}{5}{Example reordering attacker model gadget with the selected replay limit as 3, targetting channel "cn"}{figure.caption.7}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Usage}{5}{subsection.3.3}\protected@file@percent }
\newlabel{sub:Usage}{{3.3}{5}{Usage}{subsection.3.3}{}}
\citation{Cluzel_Georgiou_Moy_Zeller_2021,Smith_1997,Pacheco2022}
\citation{Pacheco2022}
\citation{Pacheco2022}
\citation{Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016,Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson,Ongaro}
\citation{Ongaro}
\citation{Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson}
\newlabel{lst:abp}{{8}{5}{Example (simplified) \promela model of the alternating bit protocol}{lstlisting.8}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {8}{\ignorespaces Example (simplified) \textsc {Promela}\xspace model of the alternating bit protocol.}}{5}{lstlisting.8}\protected@file@percent }
\newlabel{lst:korg-shell}{{\mbox {II-E}}{5}{}{lstlisting.-1}{}}
\@writefile{toc}{\contentsline {section}{\numberline {III}Case Studies}{5}{section.3}\protected@file@percent }
\newlabel{sec:case_studies}{{III}{5}{Case Studies}{section.3}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {III-A}}TCP}{5}{subsection.3.1}\protected@file@percent }
\newlabel{sub:TCP}{{\mbox {III-A}}{5}{TCP}{subsection.3.1}{}}
\newlabel{res:tcp-table}{{\caption@xref {res:tcp-table}{ on input line 28}}{5}{TCP}{figure.caption.7}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces Automatically discovered attacks against our TCP model for $\phi _1$ through $\phi _4$. "x" indicates an attack was discovered, and no "x" indicates \textsc {Korg}\xspace proved the absence of an attack via an exhaustive search. These experiments were ran on a laptop with an eighth generation i7 and 16gb of memory. Full attack traces are available in the artifact.}}{5}{figure.caption.7}\protected@file@percent }
\newlabel{res:tcp-table}{{2}{5}{Automatically discovered attacks against our TCP model for $\phi _1$ through $\phi _4$. "x" indicates an attack was discovered, and no "x" indicates \korg proved the absence of an attack via an exhaustive search. These experiments were ran on a laptop with an eighth generation i7 and 16gb of memory. Full attack traces are available in the artifact}{figure.caption.7}{}}
\newlabel{lst:abp}{{2}{6}{Example (simplified) \promela model of the alternating bit protocol}{lstlisting.2}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {2}{\ignorespaces Example (simplified) \textsc {Promela}\xspace model of the alternating bit protocol.}}{6}{lstlisting.2}\protected@file@percent }
\newlabel{lst:korg-shell}{{3.3}{6}{}{lstlisting.-5}{}}
\@writefile{toc}{\contentsline {section}{\numberline {4}Case Studies}{6}{section.4}\protected@file@percent }
\newlabel{sec:case_studies}{{4}{6}{Case Studies}{section.4}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}TCP}{6}{subsection.4.1}\protected@file@percent }
\newlabel{sub:TCP}{{4.1}{6}{TCP}{subsection.4.1}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Raft}{6}{subsection.4.2}\protected@file@percent }
\newlabel{sub:Raft}{{4.2}{6}{Raft}{subsection.4.2}{}}
\citation{Ongaro}
\citation{Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016}
\citation{Hippel2022_anonym}
\citation{Hippel2022_anonym}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {III-B}}Raft}{6}{subsection.3.2}\protected@file@percent }
\newlabel{sub:Raft}{{\mbox {III-B}}{6}{Raft}{subsection.3.2}{}}
\newlabel{res:raft_table}{{\caption@xref {res:raft_table}{ on input line 91}}{6}{Raft}{figure.caption.8}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {3}{\ignorespaces Breakdown of the attacker scenarios assessed with \textsc {Korg}\xspace against our buggy Raft \textsc {Promela}\xspace model, \texttt {raft-bug.pml}. In all experiments, the Raft model was set to five peers and the drop/replay limits of the gadgets \textsc {Korg}\xspace synthesized were set to two. We conducted our experiments on a research computing cluster, allocating 250GB of memory to each verification run. The full models and attacker traces are included in the artifact.}}{6}{figure.caption.8}\protected@file@percent }
\newlabel{res:raft_table}{{3}{6}{Breakdown of the attacker scenarios assessed with \korg against our buggy Raft \promela model, \texttt {raft-bug.pml}. In all experiments, the Raft model was set to five peers and the drop/replay limits of the gadgets \korg synthesized were set to two. We conducted our experiments on a research computing cluster, allocating 250GB of memory to each verification run. The full models and attacker traces are included in the artifact}{figure.caption.8}{}}
\@writefile{toc}{\contentsline {section}{\numberline {IV}Proofs of Soundness and Completeness}{6}{section.4}\protected@file@percent }
\newlabel{sec:proofs}{{IV}{6}{Proofs of Soundness and Completeness}{section.4}{}}
\citation{Hippel2022_anonym}
\citation{Hippel2022_anonym}
\citation{Ginesin2024}
\newlabel{res:tcp-table}{{\caption@xref {res:tcp-table}{ on input line 28}}{7}{TCP}{figure.caption.8}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {8}{\ignorespaces Automatically discovered attacks against our TCP model for $\phi _1$ through $\phi _4$. "x" indicates an attack was discovered, and no "x" indicates \textsc {Panda}\xspace proved the absence of an attack via an exhaustive search. These experiments were ran on a laptop with an eighth generation i7 and 16gb of memory. Full attack traces are available in the artifact.}}{7}{figure.caption.8}\protected@file@percent }
\newlabel{res:tcp-table}{{8}{7}{Automatically discovered attacks against our TCP model for $\phi _1$ through $\phi _4$. "x" indicates an attack was discovered, and no "x" indicates \korg proved the absence of an attack via an exhaustive search. These experiments were ran on a laptop with an eighth generation i7 and 16gb of memory. Full attack traces are available in the artifact}{figure.caption.8}{}}
\newlabel{res:raft_table}{{\caption@xref {res:raft_table}{ on input line 91}}{7}{Raft}{figure.caption.9}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {9}{\ignorespaces Breakdown of the attacker scenarios assessed with \textsc {Panda}\xspace against our buggy Raft \textsc {Promela}\xspace model, \texttt {raft-bug.pml}. In all experiments, the Raft model was set to five peers and the drop/replay limits of the gadgets \textsc {Panda}\xspace synthesized were set to two. We conducted our experiments on a research computing cluster, allocating 250GB of memory to each verification run. The full models and attacker traces are included in the artifact.}}{7}{figure.caption.9}\protected@file@percent }
\newlabel{res:raft_table}{{9}{7}{Breakdown of the attacker scenarios assessed with \korg against our buggy Raft \promela model, \texttt {raft-bug.pml}. In all experiments, the Raft model was set to five peers and the drop/replay limits of the gadgets \korg synthesized were set to two. We conducted our experiments on a research computing cluster, allocating 250GB of memory to each verification run. The full models and attacker traces are included in the artifact}{figure.caption.9}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}SCTP}{7}{subsection.4.3}\protected@file@percent }
\newlabel{sub:SCTP}{{4.3}{7}{SCTP}{subsection.4.3}{}}
\@writefile{toc}{\contentsline {section}{\numberline {5}Theoretical Foundations of \textsc {Panda}\xspace }{7}{section.5}\protected@file@percent }
\newlabel{sec:proofs}{{5}{7}{Theoretical Foundations of \korg }{section.5}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.1}Mathematical Preliminaries}{7}{subsection.5.1}\protected@file@percent }
\newlabel{sub:Mathematical Preliminaries}{{5.1}{7}{Mathematical Preliminaries}{subsection.5.1}{}}
\citation{Hippel2022}
\citation{Hippel2022}
\citation{Hippel2022}
\citation{Hippel2022}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.2}Proofs of Soundness and Completeness}{8}{subsection.5.2}\protected@file@percent }
\newlabel{sub:Proofs of Soundness and Completeness}{{5.2}{8}{Proofs of Soundness and Completeness}{subsection.5.2}{}}
\citation{Hippel2022}
\citation{Holzmann_1997}
\citation{Hippel2022_anonym}
\citation{Hippel2022}
\citation{Kozen_1977}
\citation{Kobeissi_Nicolas_Tiwari,Proverif,Tamarin,Cremers}
\citation{Blanchet_Jacomme,Pereira}
@@ -81,43 +93,50 @@
\citation{Henda}
\citation{Ginesin}
\citation{TCPwn}
\@writefile{toc}{\contentsline {section}{\numberline {V}Related Work}{7}{section.5}\protected@file@percent }
\newlabel{sec:Related Work}{{V}{7}{Related Work}{section.5}{}}
\@writefile{toc}{\contentsline {section}{\numberline {VI}Conclusion}{7}{section.6}\protected@file@percent }
\newlabel{sec:conclusion}{{VI}{7}{Conclusion}{section.6}{}}
\bibstyle{IEEEtran}
\citation{Hippel2022}
\bibstyle{plain}
\bibdata{main}
\bibcite{Lamport_1994}{1}
\bibcite{Holzmann_1997}{2}
\bibcite{Clarke_Wang}{3}
\bibcite{Basin_Cremers_Dreier_Sasse_2022}{4}
\bibcite{Kobeissi_Nicolas_Tiwari}{5}
\bibcite{Blanchet_Jacomme}{6}
\bibcite{Basin_Linker_Sasse}{7}
\bibcite{Hippel2022_anonym}{8}
\bibcite{Holzmann_2014}{9}
\bibcite{Holzmann_Smith_2000}{10}
\bibcite{mcp}{11}
\bibcite{Arun_Arashloo_Saeed_Alizadeh_Balakrishnan_2021}{1}
\bibcite{ParnoSOK}{2}
\bibcite{Tamarin}{3}
\@writefile{toc}{\contentsline {section}{\numberline {6}Related Work}{9}{section.6}\protected@file@percent }
\newlabel{sec:Related Work}{{6}{9}{Related Work}{section.6}{}}
\@writefile{toc}{\contentsline {section}{\numberline {7}Conclusion}{9}{section.7}\protected@file@percent }
\newlabel{sec:conclusion}{{7}{9}{Conclusion}{section.7}{}}
\bibcite{Basin_Cremers_Meadows_2018}{4}
\bibcite{Henda}{5}
\bibcite{Beurdouche}{6}
\bibcite{Blanchet_Jacomme}{7}
\bibcite{Proverif}{8}
\bibcite{mCRL2}{9}
\bibcite{Castro_Liskov_2002}{10}
\bibcite{Clarke_Wang}{11}
\bibcite{Cluzel_Georgiou_Moy_Zeller_2021}{12}
\bibcite{Smith_1997}{13}
\bibcite{Pacheco2022}{14}
\bibcite{Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016}{15}
\bibcite{Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson}{16}
\bibcite{Ongaro}{17}
\bibcite{Kozen_1977}{18}
\bibcite{Proverif}{19}
\bibcite{Tamarin}{20}
\bibcite{Cremers}{21}
\bibcite{Pereira}{22}
\bibcite{ParnoSOK}{23}
\bibcite{Basin_Cremers_Meadows_2018}{24}
\bibcite{Khan_Mukund_Suresh_2005}{25}
\bibcite{wayne_adversaries}{26}
\bibcite{Narayana_Chen_Zhao_Chen_Fu_Zhou_2006}{27}
\bibcite{Delzanno_Tatarek_Traverso_2014}{28}
\bibcite{Castro_Liskov_2002}{29}
\bibcite{Henda}{30}
\bibcite{Ginesin}{31}
\bibcite{TCPwn}{32}
\@writefile{toc}{\contentsline {section}{References}{8}{section*.9}\protected@file@percent }
\gdef \@abspage@last{8}
\bibcite{Cremers}{13}
\bibcite{Delzanno_Tatarek_Traverso_2014}{14}
\bibcite{Ginesin2024}{15}
\bibcite{Ginesin}{16}
\bibcite{ironfleet}{17}
\bibcite{Holzmann_2014}{18}
\bibcite{Holzmann_Smith_2000}{19}
\bibcite{Holzmann_1997}{20}
\bibcite{Hsieh_Mitra_2019}{21}
\bibcite{TCPwn}{22}
\bibcite{Khan_Mukund_Suresh_2005}{23}
\bibcite{Kobeissi_Nicolas_Tiwari}{24}
\bibcite{Kozen_1977}{25}
\bibcite{Narayana_Chen_Zhao_Chen_Fu_Zhou_2006}{26}
\bibcite{Ongaro}{27}
\bibcite{Ongaro_Ousterhout}{28}
\bibcite{Pacheco2022}{29}
\bibcite{Pereira}{30}
\bibcite{Rahli_Vukotic_Völp_Esteves-Verissimo_2018}{31}
\bibcite{Sergey_Wilcox_Tatlock_2018}{32}
\bibcite{Smith_1997}{33}
\bibcite{mcp}{34}
\bibcite{Hippel2022}{35}
\bibcite{message_queues_TLA}{36}
\bibcite{wayne_adversaries}{37}
\bibcite{Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson}{38}
\bibcite{Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016}{39}
\gdef \@abspage@last{11}

448
main.bbl
View File

@@ -1,241 +1,235 @@
% Generated by IEEEtran.bst, version: 1.14 (2015/08/26)
\begin{thebibliography}{10}
\providecommand{\url}[1]{#1}
\csname url@samestyle\endcsname
\providecommand{\newblock}{\relax}
\providecommand{\bibinfo}[2]{#2}
\providecommand{\BIBentrySTDinterwordspacing}{\spaceskip=0pt\relax}
\providecommand{\BIBentryALTinterwordstretchfactor}{4}
\providecommand{\BIBentryALTinterwordspacing}{\spaceskip=\fontdimen2\font plus
\BIBentryALTinterwordstretchfactor\fontdimen3\font minus
\fontdimen4\font\relax}
\providecommand{\BIBforeignlanguage}[2]{{%
\expandafter\ifx\csname l@#1\endcsname\relax
\typeout{** WARNING: IEEEtran.bst: No hyphenation pattern has been}%
\typeout{** loaded for the language `#1'. Using the pattern for}%
\typeout{** the default language instead.}%
\else
\language=\csname l@#1\endcsname
\fi
#2}}
\providecommand{\BIBdecl}{\relax}
\BIBdecl
\bibitem{Lamport_1994}
L.~Lamport, ``\BIBforeignlanguage{en}{The temporal logic of actions},''
\emph{\BIBforeignlanguage{en}{ACM Transactions on Programming Languages and
Systems}}, vol.~16, no.~3, p. 872923, May 1994.
\bibitem{Holzmann_1997}
G.~Holzmann, ``\BIBforeignlanguage{en}{The model checker spin},''
\emph{\BIBforeignlanguage{en}{IEEE Transactions on Software Engineering}},
vol.~23, no.~5, p. 279295, May 1997.
\bibitem{Clarke_Wang}
E.~M. Clarke and Q.~Wang, ``\BIBforeignlanguage{en}{25 years of model
checking}.''
\bibitem{Basin_Cremers_Dreier_Sasse_2022}
D.~Basin, C.~Cremers, J.~Dreier, and R.~Sasse,
``\BIBforeignlanguage{en}{Tamarin: Verification of large-scale, real-world,
cryptographic protocols},'' \emph{\BIBforeignlanguage{en}{IEEE Security \&
Privacy}}, vol.~20, no.~3, p. 2432, May 2022.
\bibitem{Kobeissi_Nicolas_Tiwari}
N.~Kobeissi, G.~Nicolas, and M.~Tiwari, ``\BIBforeignlanguage{en}{Verifpal:
Cryptographic protocol analysis for the real world}.''
\bibitem{Blanchet_Jacomme}
B.~Blanchet and C.~Jacomme, ``\BIBforeignlanguage{en}{Cryptoverif: a
computationally-sound security protocol verifier}.''
\bibitem{Basin_Linker_Sasse}
D.~Basin, F.~Linker, and R.~Sasse, ``\BIBforeignlanguage{en}{A formal analysis
of the imessage pq3 messaging protocol}.''
\bibitem{Hippel2022_anonym}
Anonym, ``Anonymized for blinded submission,'' XXX.
\bibitem{Holzmann_2014}
G.~J. Holzmann, ``\BIBforeignlanguage{en}{Mars code},''
\emph{\BIBforeignlanguage{en}{Communications of the ACM}}, vol.~57, no.~2, p.
6473, Feb. 2014.
\bibitem{Holzmann_Smith_2000}
G.~J. Holzmann and M.~H. Smith, ``\BIBforeignlanguage{en}{Automating software
feature verification},'' \emph{\BIBforeignlanguage{en}{Bell Labs Technical
Journal}}, vol.~5, no.~2, p. 7287, 2000.
\bibitem{mcp}
\BIBentryALTinterwordspacing
W.~Visser, K.~Havelund, G.~Brat, and S.~Park, ``\BIBforeignlanguage{en}{Model
checking programs},'' in \emph{\BIBforeignlanguage{en}{Proceedings ASE 2000.
Fifteenth IEEE International Conference on Automated Software
Engineering}}.\hskip 1em plus 0.5em minus 0.4em\relax Grenoble, France: IEEE,
2000, p. 311. [Online]. Available:
\url{http://ieeexplore.ieee.org/document/873645/}
\BIBentrySTDinterwordspacing
\bibitem{Cluzel_Georgiou_Moy_Zeller_2021}
\BIBentryALTinterwordspacing
G.~Cluzel, K.~Georgiou, Y.~Moy, and C.~Zeller,
``\BIBforeignlanguage{en}{Layered formal verification of a tcp stack},'' in
\emph{\BIBforeignlanguage{en}{2021 IEEE Secure Development Conference
(SecDev)}}.\hskip 1em plus 0.5em minus 0.4em\relax Atlanta, GA, USA: IEEE,
Oct. 2021, p. 8693. [Online]. Available:
\url{https://ieeexplore.ieee.org/document/9652642/}
\BIBentrySTDinterwordspacing
\bibitem{Smith_1997}
\BIBentryALTinterwordspacing
M.~A.~S. Smith, ``\BIBforeignlanguage{eng}{Formal verification of tcp and
t/tcp},'' Thesis, Massachusetts Institute of Technology, 1997, accepted:
2008-09-03T18:09:43Z. [Online]. Available:
\url{https://dspace.mit.edu/handle/1721.1/42779}
\BIBentrySTDinterwordspacing
\bibitem{Pacheco2022}
\BIBentryALTinterwordspacing
M.~L. Pacheco, M.~V. Hippel, B.~Weintraub, D.~Goldwasser, and C.~Nita-Rotaru,
``\BIBforeignlanguage{en}{Automated attack synthesis by extracting finite
state machines from protocol specification documents},'' in
\emph{\BIBforeignlanguage{en}{2022 IEEE Symposium on Security and Privacy
(SP)}}.\hskip 1em plus 0.5em minus 0.4em\relax San Francisco, CA, USA: IEEE,
May 2022, p. 5168. [Online]. Available:
\url{https://ieeexplore.ieee.org/document/9833673/}
\BIBentrySTDinterwordspacing
\bibitem{Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016}
\BIBentryALTinterwordspacing
D.~Woos, J.~R. Wilcox, S.~Anton, Z.~Tatlock, M.~D. Ernst, and T.~Anderson,
``\BIBforeignlanguage{en}{Planning for change in a formal verification of the
raft consensus protocol},'' in \emph{\BIBforeignlanguage{en}{Proceedings of
the 5th ACM SIGPLAN Conference on Certified Programs and Proofs}}.\hskip 1em
plus 0.5em minus 0.4em\relax St. Petersburg FL USA: ACM, Jan. 2016, p.
154165. [Online]. Available:
\url{https://dl.acm.org/doi/10.1145/2854065.2854081}
\BIBentrySTDinterwordspacing
\bibitem{Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson}
J.~R. Wilcox, D.~Woos, P.~Panchekha, Z.~Tatlock, X.~Wang, M.~D. Ernst, and
T.~Anderson, ``\BIBforeignlanguage{en}{Verdi: A framework for implementing
and formally verifying distributed systems}.''
\bibitem{Ongaro}
D.~Ongaro, ``\BIBforeignlanguage{en}{Consensus: Bridging theory and
practice}.''
\bibitem{Kozen_1977}
\BIBentryALTinterwordspacing
D.~Kozen, ``\BIBforeignlanguage{en}{Lower bounds for natural proof systems},''
in \emph{\BIBforeignlanguage{en}{18th Annual Symposium on Foundations of
Computer Science (sfcs 1977)}}.\hskip 1em plus 0.5em minus 0.4em\relax
Providence, RI, USA: IEEE, Sep. 1977, p. 254266. [Online]. Available:
\url{http://ieeexplore.ieee.org/document/4567949/}
\BIBentrySTDinterwordspacing
\bibitem{Proverif}
B.~Blanchet, B.~Smyth, V.~Cheval, and M.~Sylvestre,
``\BIBforeignlanguage{en}{Proverif 2.05: Automatic cryptographic protocol
verifier, user manual and tutorial}.''
\bibitem{Tamarin}
D.~Basin, C.~Cremers, J.~Dreier, and R.~Sasse,
``\BIBforeignlanguage{en}{Tamarin: Verification of large-scale, real-world,
cryptographic protocols},'' \emph{\BIBforeignlanguage{en}{IEEE Security \&
Privacy}}, vol.~20, no.~3, p. 2432, May 2022.
\bibitem{Cremers}
\BIBentryALTinterwordspacing
C.~J.~F. Cremers, \emph{\BIBforeignlanguage{en}{The Scyther Tool: Verification,
Falsification, and Analysis of Security Protocols}}, ser. Lecture Notes in
Computer Science.\hskip 1em plus 0.5em minus 0.4em\relax Berlin, Heidelberg:
Springer Berlin Heidelberg, 2008, vol. 5123, p. 414418. [Online].
Available: \url{http://link.springer.com/10.1007/978-3-540-70545-1_38}
\BIBentrySTDinterwordspacing
\bibitem{Pereira}
V.~Pereira, ``\BIBforeignlanguage{en}{Easycrypt - a (brief) tutorial}.''
\bibitem{Arun_Arashloo_Saeed_Alizadeh_Balakrishnan_2021}
Venkat Arun, Mina~Tahmasbi Arashloo, Ahmed Saeed, Mohammad Alizadeh, and Hari
Balakrishnan.
\newblock Toward formally verifying congestion control behavior.
\newblock In {\em Proceedings of the 2021 ACM SIGCOMM 2021 Conference}, page
116, Virtual Event USA, August 2021. ACM.
\bibitem{ParnoSOK}
\BIBentryALTinterwordspacing
M.~Barbosa, G.~Barthe, K.~Bhargavan, B.~Blanchet, C.~Cremers, K.~Liao, and
B.~Parno, ``Sok: Computer-aided cryptography,'' in \emph{2021 IEEE Symposium
on Security and Privacy (SP)}, May 2021, p. 777795. [Online]. Available:
\url{https://ieeexplore.ieee.org/document/9519449/?arnumber=9519449}
\BIBentrySTDinterwordspacing
Manuel Barbosa, Gilles Barthe, Karthik Bhargavan, Bruno Blanchet, Cas Cremers,
Kevin Liao, and Bryan Parno.
\newblock Sok: Computer-aided cryptography.
\newblock In {\em 2021 IEEE Symposium on Security and Privacy (SP)}, page
777795, May 2021.
\bibitem{Tamarin}
David Basin, Cas Cremers, Jannik Dreier, and Ralf Sasse.
\newblock Tamarin: Verification of large-scale, real-world, cryptographic
protocols.
\newblock {\em IEEE Security \& Privacy}, 20(3):2432, May 2022.
\bibitem{Basin_Cremers_Meadows_2018}
\BIBentryALTinterwordspacing
D.~Basin, C.~Cremers, and C.~Meadows, \emph{\BIBforeignlanguage{en}{Model
Checking Security Protocols}}.\hskip 1em plus 0.5em minus 0.4em\relax Cham:
Springer International Publishing, 2018, p. 727762. [Online]. Available:
\url{http://link.springer.com/10.1007/978-3-319-10575-8_22}
\BIBentrySTDinterwordspacing
\bibitem{Khan_Mukund_Suresh_2005}
\BIBentryALTinterwordspacing
A.~S. Khan, M.~Mukund, and S.~P. Suresh, \emph{\BIBforeignlanguage{en}{Generic
Verification of Security Protocols}}, ser. Lecture Notes in Computer
Science.\hskip 1em plus 0.5em minus 0.4em\relax Berlin, Heidelberg: Springer
Berlin Heidelberg, 2005, vol. 3639, p. 221235. [Online]. Available:
\url{http://link.springer.com/10.1007/11537328_18}
\BIBentrySTDinterwordspacing
\bibitem{wayne_adversaries}
\BIBentryALTinterwordspacing
H.~Wayne, ``Modeling adversaries with tla+,''
\url{https://www.hillelwayne.com/post/adversaries/}, 2019, accessed:
2024-12-03. [Online]. Available:
\url{https://www.hillelwayne.com/post/adversaries/}
\BIBentrySTDinterwordspacing
\bibitem{Narayana_Chen_Zhao_Chen_Fu_Zhou_2006}
\BIBentryALTinterwordspacing
P.~Narayana, R.~Chen, Y.~Zhao, Y.~Chen, Z.~Fu, and H.~Zhou, ``Automatic
vulnerability checking of ieee 802.16 wimax protocols through tla+,'' in
\emph{2006 2nd IEEE Workshop on Secure Network Protocols}, Nov. 2006, p.
4449. [Online]. Available:
\url{https://ieeexplore.ieee.org/document/4110436/?arnumber=4110436}
\BIBentrySTDinterwordspacing
\bibitem{Delzanno_Tatarek_Traverso_2014}
G.~Delzanno, M.~Tatarek, and R.~Traverso, ``\BIBforeignlanguage{en}{Model
checking paxos in spin},'' \emph{\BIBforeignlanguage{en}{Electronic
Proceedings in Theoretical Computer Science}}, vol. 161, p. 131146, Aug.
2014.
\bibitem{Castro_Liskov_2002}
M.~Castro and B.~Liskov, ``\BIBforeignlanguage{en}{Practical byzantine fault
tolerance and proactive recovery},'' \emph{\BIBforeignlanguage{en}{ACM
Transactions on Computer Systems}}, vol.~20, no.~4, p. 398461, Nov. 2002.
David Basin, Cas Cremers, and Catherine Meadows.
\newblock {\em Model Checking Security Protocols}, page 727762.
\newblock Springer International Publishing, Cham, 2018.
\bibitem{Henda}
\BIBentryALTinterwordspacing
N.~Ben~Henda, ``\BIBforeignlanguage{en}{Generic and efficient attacker models
in spin},'' in \emph{\BIBforeignlanguage{en}{Proceedings of the 2014
International SPIN Symposium on Model Checking of Software}}.\hskip 1em plus
0.5em minus 0.4em\relax San Jose CA USA: ACM, Jul. 2014, p. 7786.
[Online]. Available: \url{https://dl.acm.org/doi/10.1145/2632362.2632378}
\BIBentrySTDinterwordspacing
Noomene Ben~Henda.
\newblock Generic and efficient attacker models in spin.
\newblock In {\em Proceedings of the 2014 International SPIN Symposium on Model
Checking of Software}, page 7786, San Jose CA USA, July 2014. ACM.
\bibitem{Beurdouche}
Benjamin Beurdouche.
\newblock Formal verification for high assurance security software in fstar.
\bibitem{Blanchet_Jacomme}
Bruno Blanchet and Charlie Jacomme.
\newblock Cryptoverif: a computationally-sound security protocol verifier.
\bibitem{Proverif}
Bruno Blanchet, Ben Smyth, Vincent Cheval, and Marc Sylvestre.
\newblock Proverif 2.05: Automatic cryptographic protocol verifier, user manual
and tutorial.
\bibitem{mCRL2}
Olav Bunte, Jan~Friso Groote, Jeroen J.~A. Keiren, Maurice Laveaux, Thomas
Neele, Erik~P. De~Vink, Wieger Wesselink, Anton Wijs, and Tim A.~C. Willemse.
\newblock {\em The mCRL2 Toolset for Analysing Concurrent Systems: Improvements
in Expressivity and Usability}, volume 11428 of {\em Lecture Notes in
Computer Science}, page 2139.
\newblock Springer International Publishing, Cham, 2019.
\bibitem{Castro_Liskov_2002}
Miguel Castro and Barbara Liskov.
\newblock Practical byzantine fault tolerance and proactive recovery.
\newblock {\em ACM Transactions on Computer Systems}, 20(4):398461, November
2002.
\bibitem{Clarke_Wang}
Edmund~M Clarke and Qinsi Wang.
\newblock 25 years of model checking.
\bibitem{Cluzel_Georgiou_Moy_Zeller_2021}
Guillaume Cluzel, Kyriakos Georgiou, Yannick Moy, and Clément Zeller.
\newblock Layered formal verification of a tcp stack.
\newblock In {\em 2021 IEEE Secure Development Conference (SecDev)}, page
8693, Atlanta, GA, USA, October 2021. IEEE.
\bibitem{Cremers}
Cas J.~F. Cremers.
\newblock {\em The Scyther Tool: Verification, Falsification, and Analysis of
Security Protocols}, volume 5123 of {\em Lecture Notes in Computer Science},
page 414418.
\newblock Springer Berlin Heidelberg, Berlin, Heidelberg, 2008.
\bibitem{Delzanno_Tatarek_Traverso_2014}
Giorgio Delzanno, Michele Tatarek, and Riccardo Traverso.
\newblock Model checking paxos in spin.
\newblock {\em Electronic Proceedings in Theoretical Computer Science},
161:131146, August 2014.
\bibitem{Ginesin2024}
Jacob Ginesin, Max von Hippel, Evan Defloor, Cristina Nita-Rotaru, and Michael
Tüxen.
\newblock A formal analysis of sctp: Attack synthesis and patch verification.
\newblock (arXiv:2403.05663), March 2024.
\newblock arXiv:2403.05663 [cs].
\bibitem{Ginesin}
\BIBentryALTinterwordspacing
J.~Ginesin, M.~von Hippel, E.~Defloor, C.~Nita-Rotaru, and M.~Tüxen, ``A
formal analysis of sctp: Attack synthesis and patch verification,'' no.
arXiv:2403.05663, Mar. 2024, arXiv:2403.05663 [cs]. [Online]. Available:
\url{http://arxiv.org/abs/2403.05663}
\BIBentrySTDinterwordspacing
Jacob Ginesin, Max von Hippel, Evan Defloor, Cristina Nita-Rotaru, and Michael
Tüxen.
\newblock A formal analysis of sctp: Attack synthesis and patch verification.
\newblock (arXiv:2403.05663), March 2024.
\newblock arXiv:2403.05663 [cs].
\bibitem{ironfleet}
Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob~R. Lorch, Bryan Parno,
Michael~L. Roberts, Srinath Setty, and Brian Zill.
\newblock Ironfleet: proving practical distributed systems correct.
\newblock In {\em Proceedings of the 25th Symposium on Operating Systems
Principles}, page 117, Monterey California, October 2015. ACM.
\bibitem{Holzmann_2014}
Gerard~J. Holzmann.
\newblock Mars code.
\newblock {\em Communications of the ACM}, 57(2):6473, February 2014.
\bibitem{Holzmann_Smith_2000}
Gerard~J. Holzmann and Margaret~H. Smith.
\newblock Automating software feature verification.
\newblock {\em Bell Labs Technical Journal}, 5(2):7287, 2000.
\bibitem{Holzmann_1997}
G.J. Holzmann.
\newblock The model checker spin.
\newblock {\em IEEE Transactions on Software Engineering}, 23(5):279295, May
1997.
\bibitem{Hsieh_Mitra_2019}
Chiao Hsieh and Sayan Mitra.
\newblock {\em Dione: A Protocol Verification System Built with Dafny for I/O
Automata}, volume 11918 of {\em Lecture Notes in Computer Science}, page
227245.
\newblock Springer International Publishing, Cham, 2019.
\bibitem{TCPwn}
\BIBentryALTinterwordspacing
S.~Jero, E.~Hoque, D.~Choffnes, A.~Mislove, and C.~Nita-Rotaru,
``\BIBforeignlanguage{en}{Automated attack discovery in tcp congestion
control using a model-guided approach},'' in
\emph{\BIBforeignlanguage{en}{Proceedings 2018 Network and Distributed System
Security Symposium}}.\hskip 1em plus 0.5em minus 0.4em\relax San Diego, CA:
Internet Society, 2018. [Online]. Available:
\url{https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_02A-1_Jero_paper.pdf}
\BIBentrySTDinterwordspacing
Samuel Jero, Endadul Hoque, David Choffnes, Alan Mislove, and Cristina
Nita-Rotaru.
\newblock Automated attack discovery in tcp congestion control using a
model-guided approach.
\newblock In {\em Proceedings 2018 Network and Distributed System Security
Symposium}, San Diego, CA, 2018. Internet Society.
\bibitem{Khan_Mukund_Suresh_2005}
Abdul~Sahid Khan, Madhavan Mukund, and S.~P. Suresh.
\newblock {\em Generic Verification of Security Protocols}, volume 3639 of {\em
Lecture Notes in Computer Science}, page 221235.
\newblock Springer Berlin Heidelberg, Berlin, Heidelberg, 2005.
\bibitem{Kobeissi_Nicolas_Tiwari}
Nadim Kobeissi, Georgio Nicolas, and Mukesh Tiwari.
\newblock Verifpal: Cryptographic protocol analysis for the real world.
\bibitem{Kozen_1977}
Dexter Kozen.
\newblock Lower bounds for natural proof systems.
\newblock In {\em 18th Annual Symposium on Foundations of Computer Science
(sfcs 1977)}, page 254266, Providence, RI, USA, September 1977. IEEE.
\bibitem{Narayana_Chen_Zhao_Chen_Fu_Zhou_2006}
Prasad Narayana, Ruiming Chen, Yao Zhao, Yan Chen, Zhi Fu, and Hai Zhou.
\newblock Automatic vulnerability checking of ieee 802.16 wimax protocols
through tla+.
\newblock In {\em 2006 2nd IEEE Workshop on Secure Network Protocols}, page
4449, November 2006.
\bibitem{Ongaro}
Diego Ongaro.
\newblock Consensus: Bridging theory and practice.
\bibitem{Ongaro_Ousterhout}
Diego Ongaro and John Ousterhout.
\newblock In search of an understandable consensus algorithm.
\bibitem{Pacheco2022}
Maria~Leonor Pacheco, Max~Von Hippel, Ben Weintraub, Dan Goldwasser, and
Cristina Nita-Rotaru.
\newblock Automated attack synthesis by extracting finite state machines from
protocol specification documents.
\newblock In {\em 2022 IEEE Symposium on Security and Privacy (SP)}, page
5168, San Francisco, CA, USA, May 2022. IEEE.
\bibitem{Pereira}
Vitor Pereira.
\newblock Easycrypt - a (brief) tutorial.
\bibitem{Rahli_Vukotic_Völp_Esteves-Verissimo_2018}
Vincent Rahli, Ivana Vukotic, Marcus Völp, and Paulo Esteves-Verissimo.
\newblock {\em Velisarios: Byzantine Fault-Tolerant Protocols Powered by Coq},
volume 10801 of {\em Lecture Notes in Computer Science}, page 619650.
\newblock Springer International Publishing, Cham, 2018.
\bibitem{Sergey_Wilcox_Tatlock_2018}
Ilya Sergey, James~R. Wilcox, and Zachary Tatlock.
\newblock Programming and proving with distributed protocols.
\newblock {\em Proceedings of the ACM on Programming Languages},
2(POPL):130, January 2018.
\bibitem{Smith_1997}
Mark Anthony~Shawn Smith.
\newblock {\em Formal verification of TCP and T/TCP}.
\newblock Thesis, Massachusetts Institute of Technology, 1997.
\newblock Accepted: 2008-09-03T18:09:43Z.
\bibitem{mcp}
W.~Visser, K.~Havelund, G.~Brat, and Seungjoon Park.
\newblock Model checking programs.
\newblock In {\em Proceedings ASE 2000. Fifteenth IEEE International Conference
on Automated Software Engineering}, page 311, Grenoble, France, 2000.
IEEE.
\bibitem{Hippel2022}
Max von Hippel, Cole Vick, Stavros Tripakis, and Cristina Nita-Rotaru.
\newblock Automated attacker synthesis for distributed protocols.
\newblock (arXiv:2004.01220), April 2022.
\newblock arXiv:2004.01220 [cs].
\bibitem{message_queues_TLA}
Hillel Wayne.
\newblock Tla+ message passing, October 2018.
\bibitem{wayne_adversaries}
Hillel Wayne.
\newblock Modeling adversaries with tla+.
\newblock \url{https://www.hillelwayne.com/post/adversaries/}, 2019.
\newblock Accessed: 2024-12-03.
\bibitem{Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson}
James~R Wilcox, Doug Woos, Pavel Panchekha, Zachary Tatlock, Xi~Wang, Michael~D
Ernst, and Thomas Anderson.
\newblock Verdi: A framework for implementing and formally verifying
distributed systems.
\bibitem{Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016}
Doug Woos, James~R. Wilcox, Steve Anton, Zachary Tatlock, Michael~D. Ernst, and
Thomas Anderson.
\newblock Planning for change in a formal verification of the raft consensus
protocol.
\newblock In {\em Proceedings of the 5th ACM SIGPLAN Conference on Certified
Programs and Proofs}, page 154165, St. Petersburg FL USA, January 2016.
ACM.
\end{thebibliography}

29
main.bib
View File

@@ -118,3 +118,32 @@ concurrent finite-state programs.}, publisher={IEEE Computer Society}, author={V
@inproceedings{Narayana_Chen_Zhao_Chen_Fu_Zhou_2006, title={Automatic Vulnerability Checking of IEEE 802.16 WiMAX Protocols through TLA+}, url={https://ieeexplore.ieee.org/document/4110436/?arnumber=4110436}, DOI={10.1109/NPSEC.2006.320346}, abstractNote={Vulnerability analysis is indispensably the first step towards securing a network protocol, but currently remains mostly a best effort manual process with no completeness guarantee. Formal methods are proposed for vulnerability analysis and most existing work focus on security properties such as perfect forwarding secrecy and correctness of authentication. However, it remains unclear how to apply these methods to analyze more subtle vulnerabilities such as denial-of-service (DoS) attacks. To address this challenge, in this paper, we propose use of TLA+ to automatically check DoS vulnerability of network protocols with completeness guarantee. In particular, we develop new schemes to avoid state space explosion in property checking and to model attackers capabilities for finding realistic attacks. As a case study, we successfully identify threats to IEEE 802.16 air interface protocols.}, booktitle={2006 2nd IEEE Workshop on Secure Network Protocols}, author={Narayana, Prasad and Chen, Ruiming and Zhao, Yao and Chen, Yan and Fu, Zhi and Zhou, Hai}, year={2006}, month=nov, pages={4449} }
@article{Delzanno_Tatarek_Traverso_2014, title={Model Checking Paxos in Spin}, volume={161}, ISSN={2075-2180}, DOI={10.4204/EPTCS.161.13}, journal={Electronic Proceedings in Theoretical Computer Science}, author={Delzanno, Giorgio and Tatarek, Michele and Traverso, Riccardo}, year={2014}, month=aug, pages={131146}, language={en} }
@article{Sergey_Wilcox_Tatlock_2018, title={Programming and proving with distributed protocols}, volume={2}, ISSN={2475-1421}, DOI={10.1145/3158116}, abstractNote={Distributed systems play a crucial role in modern infrastructure, but are notoriously difficult to implement correctly. This difficulty arises from two main challenges: (a) correctly implementing core system components (e.g., two-phase commit), so all their internal invariants hold, and (b) correctly composing standalone system components into functioning trustworthy applications (e.g., persistent storage built on top of a two-phase commit instance). Recent work has developed several approaches for addressing (a) by means of mechanically verifying implementations of core distributed components, but no methodology exists to address (b) by composing such verified components into larger verified applications. As a result, expensive verification efforts for key system components are not easily reusable, which hinders further verification efforts. In this paper, we present Disel, the first framework for implementation and compositional verification of distributed systems and their clients, all within the mechanized, foundational context of the Coq proof assistant. In Disel, users implement distributed systems using a domain specific language shallowly embedded in Coq and providing both high-level programming constructs as well as low-level communication primitives. Components of composite systems are specified in Disel as protocols, which capture system-specific logic and disentangle system definitions from implementation details. By virtue of Disels dependent type system, well-typed implementations always satisfy their protocols invariants and never go wrong, allowing users to verify system implementations interactively using Disels Hoare-style program logic, which extends state-of-the-art techniques for concurrency verification to the distributed setting. By virtue of the substitution principle and frame rule provided by Disels logic, system components can be composed leading to modular, reusable verified distributed systems. We describe Disel, illustrate its use with a series of examples, outline its logic and metatheory, and report on our experience using it as a framework for implementing, specifying, and verifying distributed systems.}, number={POPL}, journal={Proceedings of the ACM on Programming Languages}, author={Sergey, Ilya and Wilcox, James R. and Tatlock, Zachary}, year={2018}, month=jan, pages={130}, language={en} }
@inproceedings{ironfleet, address={Monterey California}, title={IronFleet: proving practical distributed systems correct}, ISBN={978-1-4503-3834-9}, url={https://dl.acm.org/doi/10.1145/2815400.2815428}, DOI={10.1145/2815400.2815428}, abstractNote={Distributed systems are notorious for harboring subtle bugs. Verification can, in principle, eliminate these bugs a priori, but verification has historically been difficult to apply at fullprogram scale, much less distributed-system scale.}, booktitle={Proceedings of the 25th Symposium on Operating Systems Principles}, publisher={ACM}, author={Hawblitzel, Chris and Howell, Jon and Kapritsos, Manos and Lorch, Jacob R. and Parno, Bryan and Roberts, Michael L. and Setty, Srinath and Zill, Brian}, year={2015}, month=oct, pages={117}, language={en} }
@inbook{Rahli_Vukotic_Völp_Esteves-Verissimo_2018, address={Cham}, series={Lecture Notes in Computer Science}, title={Velisarios: Byzantine Fault-Tolerant Protocols Powered by Coq}, volume={10801}, ISBN={978-3-319-89883-4}, url={http://link.springer.com/10.1007/978-3-319-89884-1_22}, DOI={10.1007/978-3-319-89884-1_22}, abstractNote={Our increasing dependence on complex and critical information infrastructures and the emerging threat of sophisticated attacks, ask for extended efforts to ensure the correctness and security of these systems. Byzantine fault-tolerant state-machine replication (BFT-SMR) provides a way to harden such systems. It ensures that they maintain correctness and availability in an application-agnostic way, provided that the replication protocol is correct and at least n f out of n replicas survive arbitrary faults. This paper presents Velisarios, a logic-of-events based framework implemented in Coq, which we developed to implement and reason about BFT-SMR protocols. As a case study, we present the first machine-checked proof of a crucial safety property of an implementation of the areas reference protocol: PBFT.}, booktitle={Programming Languages and Systems}, publisher={Springer International Publishing}, author={Rahli, Vincent and Vukotic, Ivana and Völp, Marcus and Esteves-Verissimo, Paulo}, editor={Ahmed, Amal}, year={2018}, pages={619650}, collection={Lecture Notes in Computer Science}, language={en} }
@article{Ongaro_Ousterhout, title={In Search of an Understandable Consensus Algorithm}, abstractNote={Raft is a consensus algorithm for managing a replicated log. It produces a result equivalent to (multi-)Paxos, and it is as efficient as Paxos, but its structure is different from Paxos; this makes Raft more understandable than Paxos and also provides a better foundation for building practical systems. In order to enhance understandability, Raft separates the key elements of consensus, such as leader election, log replication, and safety, and it enforces a stronger degree of coherency to reduce the number of states that must be considered. Results from a user study demonstrate that Raft is easier for students to learn than Paxos. Raft also includes a new mechanism for changing the cluster membership, which uses overlapping majorities to guarantee safety.}, author={Ongaro, Diego and Ousterhout, John}, language={en} }
@inproceedings{Arun_Arashloo_Saeed_Alizadeh_Balakrishnan_2021, address={Virtual Event USA}, title={Toward formally verifying congestion control behavior}, ISBN={978-1-4503-8383-7}, url={https://dl.acm.org/doi/10.1145/3452296.3472912}, DOI={10.1145/3452296.3472912}, abstractNote={The diversity of paths on the Internet makes it difficult for designers and operators to confidently deploy new congestion control algorithms (CCAs) without extensive real-world experiments, but such capabilities are not available to most of the networking community. And even when they are available, understanding why a CCA under-performs by trawling through massive amounts of statistical data from network connections is challenging. The history of congestion control is replete with many examples of surprising and unanticipated behaviors unseen in simulation but observed on realworld paths. In this paper, we propose initial steps toward modeling and improving our confidence in a CCAs behavior. We have developed Congestion Control Anxiety Controller (CCAC),1 a tool that uses formal verification to establish certain properties of CCAs. It is able to prove hypotheses about CCAs or generate counterexamples for invalid hypotheses. With CCAC, a designer can not only gain greater confidence prior to deployment to avoid unpleasant surprises, but can also use the counterexamples to iteratively improve their algorithm. We have modeled additive-increase/multiplicativedecrease (AIMD), Copa, and BBR with CCAC, and describe some surprising results from the exercise.}, booktitle={Proceedings of the 2021 ACM SIGCOMM 2021 Conference}, publisher={ACM}, author={Arun, Venkat and Arashloo, Mina Tahmasbi and Saeed, Ahmed and Alizadeh, Mohammad and Balakrishnan, Hari}, year={2021}, month=aug, pages={116}, language={en} }
@article{Beurdouche, title={Formal Verification for High Assurance Security Software in FStar}, author={Beurdouche, Benjamin}, language={en} }
@inbook{Hsieh_Mitra_2019, address={Cham}, series={Lecture Notes in Computer Science}, title={Dione: A Protocol Verification System Built with Dafny for I/O Automata}, volume={11918}, ISBN={978-3-030-34967-7}, url={http://link.springer.com/10.1007/978-3-030-34968-4_13}, DOI={10.1007/978-3-030-34968-4_13}, abstractNote={Input/Output Automata (IOA) is an expressive specification framework with built-in properties for compositional reasoning. It has been shown to be effective in specifying and analyzing distributed and networked systems. The available verification engines for IOA are based on interactive theorem provers such as Isabelle, Larch, PVS, and Coq, and are expressive but require heavy human interaction. Motivated by the advances in SMT solvers, in this work we explore a different expressivity-automation tradeoff for IOA. We present Dione, the first IOA analysis system built with Dafny and its SMT-powered toolchain and demonstrate its effectiveness on four distributed applications. Our translator tool converts Python-esque Dione language specification of IOA and their properties to parameterized Dafny modules. Dione automatically generates the relevant compatibility and composition lemmas for the IOA specifications, which can then be checked with Dafny on a per module-basis. We ensure that all resulting formulas are expressed mostly in fragments solvable by SMT solvers and hence enables Bounded Model Checking and k-induction-based invariant checking using Z3. We present successful applications of Dione in verification of an asynchronous leader election algorithm, two self-stabilizing mutual exclusion algorithms, and CAN bus Arbitration. We automatically prove key invariants of all four protocols; for the last three this involves reasoning about arbitrary number of participants. These analyses are largely automatic with minimal manual inputs needed, and they demonstrate the effectiveness of this approach in analyzing networked and distributed systems.}, booktitle={Integrated Formal Methods}, publisher={Springer International Publishing}, author={Hsieh, Chiao and Mitra, Sayan}, editor={Ahrendt, Wolfgang and Tapia Tarifa, Silvia Lizeth}, year={2019}, pages={227245}, collection={Lecture Notes in Computer Science}, language={en} }
@misc{message_queues_TLA, title={TLA+ Message Passing}, author={Hillel Wayne}, url={https://www.hillelwayne.com/post/tla-messages/}, abstractNote={I recently did a corporate TLA+ workshop and some people asked what TLA+ specs look like in practice. If you looked at the most common public examples, youd probably come away thinking that people only used it for critical consensus algorithms. This is a problem for two reasons: first, it makes it harder to learn TLA+, as there arent simpler examples to experiment with. Second, it makes it hard for people to see how TLA+ is useful for them.}, journal={Hillel Wayne}, year={2018}, month=oct, language={en} }
@inbook{TLSMIN, address={Berlin, Heidelberg}, series={Lecture Notes in Computer Science}, title={LTSmin: High-Performance Language-Independent Model Checking}, volume={9035}, rights={http://www.springer.com/tdm}, ISBN={978-3-662-46680-3}, url={http://link.springer.com/10.1007/978-3-662-46681-0_61}, DOI={10.1007/978-3-662-46681-0_61}, abstractNote={In recent years, the LTSmin model checker has been extended with support for several new modelling languages, including probabilistic (Mapa) and timed systems (Uppaal). Also, connecting additional language front-ends or ad-hoc state-space generators to LTSmin was simplified using custom C-code. From symbolic and distributed reachability analysis and minimisation, LTSmins functionality has developed into a model checker with multi-core algorithms for on-the-fly LTL checking with partial-order reduction, and multi-core symbolic checking for the modal µ-calculus, based on the multi-core decision diagram package Sylvan.}, booktitle={Tools and Algorithms for the Construction and Analysis of Systems}, publisher={Springer Berlin Heidelberg}, author={Kant, Gijs and Laarman, Alfons and Meijer, Jeroen and Van De Pol, Jaco and Blom, Stefan and Van Dijk, Tom}, editor={Baier, Christel and Tinelli, Cesare}, year={2015}, pages={692707}, collection={Lecture Notes in Computer Science}, language={en} }
@inbook{mCRL2, address={Cham}, series={Lecture Notes in Computer Science}, title={The mCRL2 Toolset for Analysing Concurrent Systems: Improvements in Expressivity and Usability}, volume={11428}, ISBN={978-3-030-17464-4}, url={http://link.springer.com/10.1007/978-3-030-17465-1_2}, DOI={10.1007/978-3-030-17465-1_2}, abstractNote={Reasoning about the correctness of parallel and distributed systems requires automated tools. By now, the mCRL2 toolset and language have been developed over a course of more than fifteen years. In this paper, we report on the progress and advancements over the past six years. Firstly, the mCRL2 language has been extended to support the modelling of probabilistic behaviour. Furthermore, the usability has been improved with the addition of refinement checking, counterexample generation and a user-friendly GUI. Finally, several performance improvements have been made in the treatment of behavioural equivalences. Besides the changes to the toolset itself, we cover recent applications of mCRL2 in software product line engineering and the use of domain specific languages (DSLs).}, booktitle={Tools and Algorithms for the Construction and Analysis of Systems}, publisher={Springer International Publishing}, author={Bunte, Olav and Groote, Jan Friso and Keiren, Jeroen J. A. and Laveaux, Maurice and Neele, Thomas and De Vink, Erik P. and Wesselink, Wieger and Wijs, Anton and Willemse, Tim A. C.}, editor={Vojnar, Tomáš and Zhang, Lijun}, year={2019}, pages={2139}, collection={Lecture Notes in Computer Science}, language={en} }
@article{Ginesin2024, title={A Formal Analysis of SCTP: Attack Synthesis and Patch Verification}, url={http://arxiv.org/abs/2403.05663}, abstractNote={SCTP is a transport protocol offering features such as multi-homing, multi-streaming, and message-oriented delivery. Its two main implementations were subjected to conformance tests using the PacketDrill tool. Conformance testing is not exhaustive and a recent vulnerability (CVE-2021-3772) showed SCTP is not immune to attacks. Changes addressing the vulnerability were implemented, but the question remains whether other flaws might persist in the protocol design. We study the security of the SCTP design, taking a rigorous approach rooted in formal methods. We create a formal Promela model of SCTP, and define 10 properties capturing the essential protocol functionality based on its RFC specification and consultation with the lead RFC author. Then we show using the Spin model checker that our model satisfies these properties. We define 4 attacker models - Off-Path, where the attacker is an outsider that can spoof the port and IP of a peer; Evil-Server, where the attacker is a malicious peer; Replay, where an attacker can capture and replay, but not modify, packets; and On-Path, where the attacker controls the channel between peers. We modify an attack synthesis tool designed for transport protocols, Korg, to support our SCTP model and four attacker models. We synthesize 14 unique attacks using the attacker models - including the CVE vulnerability in the Off-Path attacker model, 4 attacks in the Evil-Server attacker model, an opportunistic ABORT attack in the Replay attacker model, and eight connection manipulation attacks in the On-Path attacker model. We show that the proposed patch eliminates the vulnerability and does not introduce new ones according to our model and protocol properties. Finally, we identify and analyze an ambiguity in the RFC, which we show can be interpreted insecurely. We propose an erratum and show that it eliminates the ambiguity.}, note={arXiv:2403.05663 [cs]}, number={arXiv:2403.05663}, publisher={arXiv}, author={Ginesin, Jacob and von Hippel, Max and Defloor, Evan and Nita-Rotaru, Cristina and Tüxen, Michael}, year={2024}, month=mar }

122
main.blg
View File

@@ -1,75 +1,77 @@
This is BibTeX, Version 0.99d (TeX Live 2024/Arch Linux)
Capacity: max_strings=200000, hash_size=200000, hash_prime=170003
The top-level auxiliary file: main.aux
The style file: IEEEtran.bst
Reallocated singl_function (elt_size=8) to 100 items from 50.
Reallocated singl_function (elt_size=8) to 100 items from 50.
Reallocated singl_function (elt_size=8) to 100 items from 50.
Reallocated wiz_functions (elt_size=8) to 6000 items from 3000.
Reallocated singl_function (elt_size=8) to 100 items from 50.
The style file: plain.bst
Database file #1: main.bib
-- IEEEtran.bst version 1.14 (2015/08/26) by Michael Shell.
-- http://www.michaelshell.org/tex/ieeetran/bibtex/
-- See the "IEEEtran_bst_HOWTO.pdf" manual for usage information.
Warning--empty journal in Clarke_Wang
Warning--empty year in Clarke_Wang
Warning--empty journal in Kobeissi_Nicolas_Tiwari
Warning--empty year in Kobeissi_Nicolas_Tiwari
Warning--can't use both author and editor fields in Basin_Cremers_Meadows_2018
Warning--empty journal in Beurdouche
Warning--empty year in Beurdouche
Warning--empty journal in Blanchet_Jacomme
Warning--empty year in Blanchet_Jacomme
Warning--empty journal in Basin_Linker_Sasse
Warning--empty year in Basin_Linker_Sasse
Warning--empty journal in Hippel2022_anonym
Warning--empty journal in Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson
Warning--empty year in Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson
Warning--empty journal in Ongaro
Warning--empty year in Ongaro
Warning--empty journal in Proverif
Warning--empty year in Proverif
Warning--can't use both author and editor fields in mCRL2
Warning--empty journal in Clarke_Wang
Warning--empty year in Clarke_Wang
Warning--can't use both author and editor fields in Cremers
Warning--empty journal in Ginesin2024
Warning--there's a number but no volume in Ginesin2024
Warning--empty journal in Ginesin
Warning--there's a number but no volume in Ginesin
Warning--can't use both author and editor fields in Hsieh_Mitra_2019
Warning--can't use both author and editor fields in Khan_Mukund_Suresh_2005
Warning--empty journal in Kobeissi_Nicolas_Tiwari
Warning--empty year in Kobeissi_Nicolas_Tiwari
Warning--empty journal in Ongaro
Warning--empty year in Ongaro
Warning--empty journal in Ongaro_Ousterhout
Warning--empty year in Ongaro_Ousterhout
Warning--empty journal in Pereira
Warning--empty year in Pereira
Warning--empty journal in Ginesin
Done.
You've used 32 entries,
4087 wiz_defined-function locations,
1047 strings with 13945 characters,
and the built_in function-call counts, 19759 in all, are:
= -- 1710
> -- 401
< -- 37
+ -- 190
- -- 95
* -- 1049
:= -- 3038
add.period$ -- 71
call.type$ -- 32
change.case$ -- 32
Warning--can't use both author and editor fields in Rahli_Vukotic_Völp_Esteves-Verissimo_2018
Warning--empty journal in Hippel2022
Warning--there's a number but no volume in Hippel2022
Warning--empty journal in Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson
Warning--empty year in Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson
You've used 39 entries,
2118 wiz_defined-function locations,
749 strings with 11613 characters,
and the built_in function-call counts, 15161 in all, are:
= -- 1482
> -- 756
< -- 21
+ -- 304
- -- 260
* -- 1006
:= -- 2339
add.period$ -- 121
call.type$ -- 39
change.case$ -- 241
chr.to.int$ -- 0
cite$ -- 50
duplicate$ -- 1683
empty$ -- 1664
format.name$ -- 116
if$ -- 4620
cite$ -- 69
duplicate$ -- 723
empty$ -- 1045
format.name$ -- 260
if$ -- 3308
int.to.chr$ -- 0
int.to.str$ -- 32
missing$ -- 301
newline$ -- 149
num.names$ -- 32
pop$ -- 755
int.to.str$ -- 39
missing$ -- 42
newline$ -- 193
num.names$ -- 78
pop$ -- 331
preamble$ -- 1
purify$ -- 0
quote$ -- 2
skip$ -- 1598
purify$ -- 208
quote$ -- 0
skip$ -- 609
stack$ -- 0
substring$ -- 339
swap$ -- 1240
text.length$ -- 37
substring$ -- 612
swap$ -- 311
text.length$ -- 21
text.prefix$ -- 0
top$ -- 5
type$ -- 32
warning$ -- 18
while$ -- 51
width$ -- 34
write$ -- 345
(There were 18 warnings)
top$ -- 0
type$ -- 144
warning$ -- 30
while$ -- 101
width$ -- 41
write$ -- 426
(There were 30 warnings)

685
main.fls
View File

@@ -3,126 +3,114 @@ INPUT /usr/share/texmf-dist/web2c/texmf.cnf
INPUT /var/lib/texmf/web2c/pdftex/pdflatex.fmt
INPUT ./main.tex
OUTPUT ./main.log
INPUT ./IEEEtran.cls
INPUT ./IEEEtran.cls
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ot1ptm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ot1ptm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ot1ptm.fd
INPUT /usr/share/texmf-dist/tex/latex/base/article.cls
INPUT /usr/share/texmf-dist/tex/latex/base/article.cls
INPUT /usr/share/texmf-dist/tex/latex/base/size10.clo
INPUT /usr/share/texmf-dist/tex/latex/base/size10.clo
INPUT /usr/share/texmf-dist/tex/latex/base/size10.clo
INPUT ./usenix.sty
INPUT ./usenix.sty
INPUT /usr/share/texmf-dist/tex/latex/psnfss/mathptmx.sty
INPUT /usr/share/texmf-dist/tex/latex/psnfss/mathptmx.sty
INPUT /usr/share/texmf-dist/tex/latex/base/fontenc.sty
INPUT /usr/share/texmf-dist/tex/latex/base/fontenc.sty
INPUT /usr/share/texmf-dist/tex/latex/psnfss/t1ptm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/t1ptm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/t1ptm.fd
INPUT /usr/share/texmf-dist/fonts/map/fontname/texfonts.map
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi7t.tfm
INPUT /usr/share/texmf-dist/tex/latex/cite/cite.sty
INPUT /usr/share/texmf-dist/tex/latex/cite/cite.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsmath.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsmath.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsopn.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amstext.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amstext.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsgen.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsgen.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsbsy.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsbsy.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsopn.sty
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/amssymb.sty
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/amssymb.sty
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/amsfonts.sty
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/amsfonts.sty
INPUT /usr/share/texmf-dist/tex/latex/algorithms/algorithmic.sty
INPUT /usr/share/texmf-dist/tex/latex/algorithms/algorithmic.sty
INPUT /usr/share/texmf-dist/tex/latex/base/ifthen.sty
INPUT /usr/share/texmf-dist/tex/latex/base/ifthen.sty
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8t.tfm
INPUT /usr/share/texmf-dist/tex/latex/base/inputenc.sty
INPUT /usr/share/texmf-dist/tex/latex/base/inputenc.sty
INPUT /usr/share/texmf-dist/tex/latex/pslatex/pslatex.sty
INPUT /usr/share/texmf-dist/tex/latex/pslatex/pslatex.sty
INPUT /usr/share/texmf-dist/tex/latex/microtype/microtype.sty
INPUT /usr/share/texmf-dist/tex/latex/microtype/microtype.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/keyval.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/keyval.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/graphicx.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/graphicx.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/graphics.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/graphics.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/trig.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/trig.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
INPUT /usr/share/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
INPUT /usr/share/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
INPUT /usr/share/texmf-dist/tex/latex/graphics-def/pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/graphics-def/pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/graphics-def/pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/base/textcomp.sty
INPUT /usr/share/texmf-dist/tex/latex/base/textcomp.sty
INPUT /usr/share/texmf-dist/tex/latex/etoolbox/etoolbox.sty
INPUT /usr/share/texmf-dist/tex/latex/etoolbox/etoolbox.sty
INPUT /usr/share/texmf-dist/tex/latex/microtype/microtype-pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/microtype/microtype-pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/microtype/microtype-pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/microtype/microtype.cfg
INPUT /usr/share/texmf-dist/tex/latex/microtype/microtype.cfg
INPUT /usr/share/texmf-dist/tex/latex/microtype/microtype.cfg
INPUT /usr/share/texmf-dist/tex/latex/cite/cite.sty
INPUT /usr/share/texmf-dist/tex/latex/cite/cite.sty
INPUT /usr/share/texmf-dist/tex/latex/breakurl/breakurl.sty
INPUT /usr/share/texmf-dist/tex/latex/breakurl/breakurl.sty
INPUT /usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
INPUT /usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
INPUT /usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex
INPUT /usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex
INPUT /usr/share/texmf-dist/tex/generic/iftex/ifpdf.sty
INPUT /usr/share/texmf-dist/tex/generic/iftex/ifpdf.sty
INPUT /usr/share/texmf-dist/tex/generic/iftex/iftex.sty
INPUT /usr/share/texmf-dist/tex/generic/iftex/iftex.sty
INPUT /usr/share/texmf-dist/tex/latex/url/url.sty
INPUT /usr/share/texmf-dist/tex/latex/url/url.sty
INPUT /usr/share/texmf-dist/tex/latex/xcolor/xcolor.sty
INPUT /usr/share/texmf-dist/tex/latex/xcolor/xcolor.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics-cfg/color.cfg
INPUT /usr/share/texmf-dist/tex/latex/graphics-cfg/color.cfg
INPUT /usr/share/texmf-dist/tex/latex/graphics-cfg/color.cfg
INPUT /usr/share/texmf-dist/tex/latex/graphics-def/pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/graphics-def/pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/graphics-def/pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/graphics/mathcolor.ltx
INPUT /usr/share/texmf-dist/tex/latex/graphics/mathcolor.ltx
INPUT /usr/share/texmf-dist/tex/latex/graphics/mathcolor.ltx
INPUT /usr/share/texmf-dist/tex/latex/amscls/amsthm.sty
INPUT /usr/share/texmf-dist/tex/latex/amscls/amsthm.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/xspace.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/xspace.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/array.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/array.sty
INPUT /usr/share/texmf-dist/tex/latex/comment/comment.sty
INPUT /usr/share/texmf-dist/tex/latex/comment/comment.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/color.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/enumerate.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/enumerate.sty
INPUT /usr/share/texmf-dist/tex/latex/oberdiek/centernot.sty
INPUT /usr/share/texmf-dist/tex/latex/oberdiek/centernot.sty
INPUT /usr/share/texmf-dist/tex/latex/multirow/multirow.sty
INPUT /usr/share/texmf-dist/tex/latex/multirow/multirow.sty
INPUT /usr/share/texmf-dist/tex/latex/float/float.sty
INPUT /usr/share/texmf-dist/tex/latex/float/float.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/caption.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/caption.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/caption3.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/caption3.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/subcaption.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/subcaption.sty
INPUT /usr/share/texmf-dist/tex/latex/pgfplots/pgfplots.sty
INPUT /usr/share/texmf-dist/tex/latex/pgfplots/pgfplots.sty
INPUT /usr/share/texmf-dist/tex/generic/pgfplots/pgfplots.revision.tex
INPUT /usr/share/texmf-dist/tex/generic/pgfplots/pgfplots.revision.tex
INPUT /usr/share/texmf-dist/tex/generic/pgfplots/pgfplots.revision.tex
INPUT /usr/share/texmf-dist/tex/generic/pgf/systemlayer/pgfsys-luatex.def
INPUT /usr/share/texmf-dist/tex/generic/pgf/systemlayer/pgfsys-luatex.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/hyperref.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/hyperref.sty
INPUT /usr/share/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty
INPUT /usr/share/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty
INPUT /usr/share/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty
INPUT /usr/share/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty
INPUT /usr/share/texmf-dist/tex/generic/pdfescape/pdfescape.sty
INPUT /usr/share/texmf-dist/tex/generic/pdfescape/pdfescape.sty
INPUT /usr/share/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
INPUT /usr/share/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
INPUT /usr/share/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
INPUT /usr/share/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
INPUT /usr/share/texmf-dist/tex/generic/infwarerr/infwarerr.sty
INPUT /usr/share/texmf-dist/tex/generic/infwarerr/infwarerr.sty
INPUT /usr/share/texmf-dist/tex/latex/hycolor/hycolor.sty
INPUT /usr/share/texmf-dist/tex/latex/hycolor/hycolor.sty
INPUT /usr/share/texmf-dist/tex/latex/auxhook/auxhook.sty
INPUT /usr/share/texmf-dist/tex/latex/auxhook/auxhook.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/nameref.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/nameref.sty
INPUT /usr/share/texmf-dist/tex/latex/refcount/refcount.sty
INPUT /usr/share/texmf-dist/tex/latex/refcount/refcount.sty
INPUT /usr/share/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty
INPUT /usr/share/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty
INPUT /usr/share/texmf-dist/tex/latex/kvoptions/kvoptions.sty
INPUT /usr/share/texmf-dist/tex/latex/kvoptions/kvoptions.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/pd1enc.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/pd1enc.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/pd1enc.def
INPUT /usr/share/texmf-dist/tex/generic/intcalc/intcalc.sty
INPUT /usr/share/texmf-dist/tex/generic/intcalc/intcalc.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/puenc.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/puenc.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/puenc.def
INPUT /usr/share/texmf-dist/tex/generic/bitset/bitset.sty
INPUT /usr/share/texmf-dist/tex/generic/bitset/bitset.sty
INPUT /usr/share/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty
INPUT /usr/share/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty
INPUT /usr/share/texmf-dist/tex/generic/atbegshi/atbegshi.sty
INPUT /usr/share/texmf-dist/tex/latex/base/atbegshi-ltx.sty
INPUT /usr/share/texmf-dist/tex/latex/base/atbegshi-ltx.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/hpdftex.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/hpdftex.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/hpdftex.def
INPUT /usr/share/texmf-dist/tex/latex/atveryend/atveryend.sty
INPUT /usr/share/texmf-dist/tex/latex/base/atveryend-ltx.sty
INPUT /usr/share/texmf-dist/tex/latex/base/atveryend-ltx.sty
INPUT /usr/share/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
INPUT /usr/share/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
INPUT /usr/share/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty
INPUT /usr/share/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty
INPUT /usr/share/texmf-dist/tex/latex/pgf/frontendlayer/tikz.sty
INPUT /usr/share/texmf-dist/tex/latex/pgf/frontendlayer/tikz.sty
INPUT /usr/share/texmf-dist/tex/latex/pgf/basiclayer/pgf.sty
@@ -138,6 +126,15 @@ INPUT /usr/share/texmf-dist/tex/generic/pgf/pgf.revision.tex
INPUT /usr/share/texmf-dist/tex/generic/pgf/pgf.revision.tex
INPUT /usr/share/texmf-dist/tex/latex/pgf/basiclayer/pgfcore.sty
INPUT /usr/share/texmf-dist/tex/latex/pgf/basiclayer/pgfcore.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/graphicx.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/graphicx.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/graphics.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/graphics.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/trig.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/trig.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
INPUT /usr/share/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
INPUT /usr/share/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
INPUT /usr/share/texmf-dist/tex/latex/pgf/systemlayer/pgfsys.sty
INPUT /usr/share/texmf-dist/tex/latex/pgf/systemlayer/pgfsys.sty
INPUT /usr/share/texmf-dist/tex/generic/pgf/systemlayer/pgfsys.code.tex
@@ -219,6 +216,58 @@ INPUT /usr/share/texmf-dist/tex/generic/pgf/libraries/pgflibraryplothandlers.cod
INPUT /usr/share/texmf-dist/tex/generic/pgf/modules/pgfmodulematrix.code.tex
INPUT /usr/share/texmf-dist/tex/generic/pgf/frontendlayer/tikz/libraries/tikzlibrarytopaths.code.tex
INPUT /usr/share/texmf-dist/tex/generic/pgf/frontendlayer/tikz/libraries/tikzlibrarytopaths.code.tex
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsmath.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsmath.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsopn.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amstext.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amstext.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsgen.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsgen.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsbsy.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsbsy.sty
INPUT /usr/share/texmf-dist/tex/latex/amsmath/amsopn.sty
INPUT /usr/share/texmf-dist/tex/latex/filecontents/filecontents.sty
INPUT /usr/share/texmf-dist/tex/latex/filecontents/filecontents.sty
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/amssymb.sty
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/amssymb.sty
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/amsfonts.sty
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/amsfonts.sty
INPUT /usr/share/texmf-dist/tex/latex/algorithms/algorithmic.sty
INPUT /usr/share/texmf-dist/tex/latex/algorithms/algorithmic.sty
INPUT /usr/share/texmf-dist/tex/latex/base/ifthen.sty
INPUT /usr/share/texmf-dist/tex/latex/base/ifthen.sty
INPUT /usr/share/texmf-dist/tex/latex/base/textcomp.sty
INPUT /usr/share/texmf-dist/tex/latex/base/textcomp.sty
INPUT /usr/share/texmf-dist/tex/latex/amscls/amsthm.sty
INPUT /usr/share/texmf-dist/tex/latex/amscls/amsthm.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/xspace.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/xspace.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/array.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/array.sty
INPUT /usr/share/texmf-dist/tex/latex/comment/comment.sty
INPUT /usr/share/texmf-dist/tex/latex/comment/comment.sty
INPUT /usr/share/texmf-dist/tex/latex/float/float.sty
INPUT /usr/share/texmf-dist/tex/latex/float/float.sty
INPUT /usr/share/texmf-dist/tex/latex/graphics/color.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/enumerate.sty
INPUT /usr/share/texmf-dist/tex/latex/tools/enumerate.sty
INPUT /usr/share/texmf-dist/tex/latex/oberdiek/centernot.sty
INPUT /usr/share/texmf-dist/tex/latex/oberdiek/centernot.sty
INPUT /usr/share/texmf-dist/tex/latex/multirow/multirow.sty
INPUT /usr/share/texmf-dist/tex/latex/multirow/multirow.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/caption.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/caption.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/caption3.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/caption3.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/subcaption.sty
INPUT /usr/share/texmf-dist/tex/latex/caption/subcaption.sty
INPUT /usr/share/texmf-dist/tex/latex/pgfplots/pgfplots.sty
INPUT /usr/share/texmf-dist/tex/latex/pgfplots/pgfplots.sty
INPUT /usr/share/texmf-dist/tex/generic/pgfplots/pgfplots.revision.tex
INPUT /usr/share/texmf-dist/tex/generic/pgfplots/pgfplots.revision.tex
INPUT /usr/share/texmf-dist/tex/generic/pgfplots/pgfplots.revision.tex
INPUT /usr/share/texmf-dist/tex/generic/pgf/systemlayer/pgfsys-luatex.def
INPUT /usr/share/texmf-dist/tex/generic/pgf/systemlayer/pgfsys-luatex.def
INPUT /usr/share/texmf-dist/tex/generic/pgfplots/pgfplots.code.tex
INPUT /usr/share/texmf-dist/tex/generic/pgfplots/pgfplotscore.code.tex
INPUT /usr/share/texmf-dist/tex/generic/pgfplots/sys/pgfplotssysgeneric.code.tex
@@ -289,10 +338,6 @@ INPUT /usr/share/texmf-dist/tex/latex/listings/listings.cfg
INPUT /usr/share/texmf-dist/tex/latex/listings/listings.cfg
INPUT /usr/share/texmf-dist/tex/latex/adjustbox/adjustbox.sty
INPUT /usr/share/texmf-dist/tex/latex/adjustbox/adjustbox.sty
INPUT /usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
INPUT /usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
INPUT /usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex
INPUT /usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex
INPUT /usr/share/texmf-dist/tex/latex/adjustbox/adjcalc.sty
INPUT /usr/share/texmf-dist/tex/latex/adjustbox/adjcalc.sty
INPUT /usr/share/texmf-dist/tex/latex/adjustbox/trimclip.sty
@@ -310,36 +355,18 @@ INPUT /usr/share/texmf-dist/tex/latex/varwidth/varwidth.sty
INPUT /usr/share/texmf-dist/tex/latex/varwidth/varwidth.sty
INPUT /usr/share/texmf-dist/tex/latex/mdframed/mdframed.sty
INPUT /usr/share/texmf-dist/tex/latex/mdframed/mdframed.sty
INPUT /usr/share/texmf-dist/tex/latex/kvoptions/kvoptions.sty
INPUT /usr/share/texmf-dist/tex/latex/kvoptions/kvoptions.sty
INPUT /usr/share/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
INPUT /usr/share/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
INPUT /usr/share/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty
INPUT /usr/share/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty
INPUT /usr/share/texmf-dist/tex/latex/l3packages/xparse/xparse.sty
INPUT /usr/share/texmf-dist/tex/latex/l3packages/xparse/xparse.sty
INPUT /usr/share/texmf-dist/tex/latex/l3kernel/expl3.sty
INPUT /usr/share/texmf-dist/tex/latex/l3kernel/expl3.sty
INPUT /usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
INPUT /usr/share/texmf-dist/tex/latex/etoolbox/etoolbox.sty
INPUT /usr/share/texmf-dist/tex/latex/etoolbox/etoolbox.sty
INPUT /usr/share/texmf-dist/tex/latex/zref/zref-abspage.sty
INPUT /usr/share/texmf-dist/tex/latex/zref/zref-abspage.sty
INPUT /usr/share/texmf-dist/tex/latex/zref/zref-base.sty
INPUT /usr/share/texmf-dist/tex/latex/zref/zref-base.sty
INPUT /usr/share/texmf-dist/tex/generic/infwarerr/infwarerr.sty
INPUT /usr/share/texmf-dist/tex/generic/infwarerr/infwarerr.sty
INPUT /usr/share/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty
INPUT /usr/share/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty
INPUT /usr/share/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
INPUT /usr/share/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
INPUT /usr/share/texmf-dist/tex/generic/iftex/iftex.sty
INPUT /usr/share/texmf-dist/tex/generic/iftex/iftex.sty
INPUT /usr/share/texmf-dist/tex/generic/etexcmds/etexcmds.sty
INPUT /usr/share/texmf-dist/tex/generic/etexcmds/etexcmds.sty
INPUT /usr/share/texmf-dist/tex/latex/auxhook/auxhook.sty
INPUT /usr/share/texmf-dist/tex/latex/auxhook/auxhook.sty
INPUT /usr/share/texmf-dist/tex/latex/needspace/needspace.sty
INPUT /usr/share/texmf-dist/tex/latex/needspace/needspace.sty
INPUT /usr/share/texmf-dist/tex/latex/mdframed/md-frame-0.mdf
@@ -349,47 +376,6 @@ INPUT /usr/share/texmf-dist/tex/latex/changepage/changepage.sty
INPUT /usr/share/texmf-dist/tex/latex/changepage/changepage.sty
INPUT /usr/share/texmf-dist/tex/latex/algorithms/algorithm.sty
INPUT /usr/share/texmf-dist/tex/latex/algorithms/algorithm.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/hyperref.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/hyperref.sty
INPUT /usr/share/texmf-dist/tex/generic/pdfescape/pdfescape.sty
INPUT /usr/share/texmf-dist/tex/generic/pdfescape/pdfescape.sty
INPUT /usr/share/texmf-dist/tex/latex/hycolor/hycolor.sty
INPUT /usr/share/texmf-dist/tex/latex/hycolor/hycolor.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/nameref.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/nameref.sty
INPUT /usr/share/texmf-dist/tex/latex/refcount/refcount.sty
INPUT /usr/share/texmf-dist/tex/latex/refcount/refcount.sty
INPUT /usr/share/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty
INPUT /usr/share/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/pd1enc.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/pd1enc.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/pd1enc.def
INPUT /usr/share/texmf-dist/tex/generic/intcalc/intcalc.sty
INPUT /usr/share/texmf-dist/tex/generic/intcalc/intcalc.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/puenc.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/puenc.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/puenc.def
INPUT /usr/share/texmf-dist/tex/latex/url/url.sty
INPUT /usr/share/texmf-dist/tex/latex/url/url.sty
INPUT /usr/share/texmf-dist/tex/generic/bitset/bitset.sty
INPUT /usr/share/texmf-dist/tex/generic/bitset/bitset.sty
INPUT /usr/share/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty
INPUT /usr/share/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty
INPUT /usr/share/texmf-dist/tex/generic/atbegshi/atbegshi.sty
INPUT /usr/share/texmf-dist/tex/latex/base/atbegshi-ltx.sty
INPUT /usr/share/texmf-dist/tex/latex/base/atbegshi-ltx.sty
INPUT /usr/share/texmf-dist/tex/latex/hyperref/hpdftex.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/hpdftex.def
INPUT /usr/share/texmf-dist/tex/latex/hyperref/hpdftex.def
INPUT /usr/share/texmf-dist/tex/latex/atveryend/atveryend.sty
INPUT /usr/share/texmf-dist/tex/latex/base/atveryend-ltx.sty
INPUT /usr/share/texmf-dist/tex/latex/base/atveryend-ltx.sty
INPUT /usr/share/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
INPUT /usr/share/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
INPUT /usr/share/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty
INPUT /usr/share/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty
INPUT /usr/share/texmf-dist/tex/latex/filecontents/filecontents.sty
INPUT /usr/share/texmf-dist/tex/latex/filecontents/filecontents.sty
INPUT /usr/share/texmf-dist/tex/latex/xurl/xurl.sty
INPUT /usr/share/texmf-dist/tex/latex/xurl/xurl.sty
INPUT /usr/share/texmf-dist/tex/latex/cryptocode/cryptocode.sty
@@ -440,6 +426,12 @@ INPUT ./main.aux
INPUT ./main.aux
INPUT ./main.aux
OUTPUT ./main.aux
INPUT /usr/share/texmf-dist/tex/latex/psnfss/omspzccm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/omspzccm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/omspzccm.fd
INPUT /usr/share/texmf-dist/tex/latex/microtype/mt-ptm.cfg
INPUT /usr/share/texmf-dist/tex/latex/microtype/mt-ptm.cfg
INPUT /usr/share/texmf-dist/tex/latex/microtype/mt-ptm.cfg
INPUT /usr/share/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
INPUT /usr/share/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
INPUT /usr/share/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
@@ -456,148 +448,277 @@ OUTPUT ./main.pdf
INPUT ./main.out
INPUT ./main.out
OUTPUT ./main.out
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmrc7t.tfm
INPUT ./sections/abstract.tex
INPUT ./sections/abstract.tex
INPUT ./sections/abstract.tex
INPUT ./sections/abstract.tex
INPUT ./sections/abstract.tex
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbc7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmrc7t.tfm
INPUT ./sections/introduction.tex
INPUT ./sections/introduction.tex
INPUT ./sections/introduction.tex
INPUT ./sections/introduction.tex
INPUT ./sections/introduction.tex
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/cmextra/cmex7.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/cmextra/cmex7.tfm
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/umsa.fd
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/umsa.fd
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/umsa.fd
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbc8t.tfm
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ot1ptmcm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ot1ptmcm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ot1ptmcm.fd
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmr.tfm
INPUT /usr/share/texmf-dist/tex/latex/psnfss/omlptmcm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/omlptmcm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/omlptmcm.fd
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmrm.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmrm.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmrm.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpzccmry.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpzccmry.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpzccmry.tfm
INPUT /usr/share/texmf-dist/tex/latex/psnfss/omxpsycm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/omxpsycm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/omxpsycm.fd
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpsycmrv.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpsycmrv.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpsycmrv.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam10.tfm
INPUT /usr/share/texmf-dist/tex/latex/microtype/mt-msa.cfg
INPUT /usr/share/texmf-dist/tex/latex/microtype/mt-msa.cfg
INPUT /usr/share/texmf-dist/tex/latex/microtype/mt-msa.cfg
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam7.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam5.tfm
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/umsb.fd
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/umsb.fd
INPUT /usr/share/texmf-dist/tex/latex/amsfonts/umsb.fd
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm7.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm5.tfm
INPUT ./sections/design.tex
INPUT ./sections/design.tex
INPUT ./sections/design.tex
INPUT ./sections/design.tex
INPUT ./sections/design.tex
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmrc7t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/tex/latex/microtype/mt-msb.cfg
INPUT /usr/share/texmf-dist/tex/latex/microtype/mt-msb.cfg
INPUT /usr/share/texmf-dist/tex/latex/microtype/mt-msb.cfg
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmrm.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmrm.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpzccmry.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpzccmry.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpsycmrv.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpsycmrv.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmrc8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmrm.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmrm.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmrm.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpzccmry.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpzccmry.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpzccmry.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpsycmrv.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpsycmrv.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpsycmrv.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8t.tfm
INPUT ./sections/abstract.tex
INPUT ./sections/abstract.tex
INPUT ./sections/abstract.tex
INPUT ./sections/abstract.tex
INPUT ./sections/abstract.tex
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmrc8t.tfm
INPUT ./sections/introduction.tex
INPUT ./sections/introduction.tex
INPUT ./sections/introduction.tex
INPUT ./sections/introduction.tex
INPUT ./sections/introduction.tex
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ts1ptm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ts1ptm.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ts1ptm.fd
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8c.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmbc8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8r.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8r.tfm
INPUT /var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map
INPUT /usr/share/texmf-dist/fonts/enc/dvips/base/8r.enc
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr7t.vf
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr7t.vf
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmb8t.vf
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zpzccmry.vf
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmsy10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/symbol/psyr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/zapfchan/pzcmi8r.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmri7t.vf
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmri8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmbi7t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbi8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmb7t.vf
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmb8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmbc7t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmrc7t.vf
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmri8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmrc8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr7t.vf
INPUT ./assets/diagram3.png
INPUT ./assets/diagram3.png
INPUT ./assets/diagram3.png
INPUT ./assets/diagram3.png
INPUT ./assets/diagram3.png
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ot1pcr.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ot1pcr.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ot1pcr.fd
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/courier/pcrr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/courier/pcrr7t.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmb7t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/courier/pcrr7t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/courier/pcrr8r.tfm
INPUT ./sections/examples.tex
INPUT ./sections/examples.tex
INPUT ./sections/examples.tex
INPUT ./sections/examples.tex
INPUT ./sections/examples.tex
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmr8.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmr6.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmmi8.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmmi6.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmsy8.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmsy6.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/cmextra/cmex8.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/cmextra/cmex7.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr8c.vf
INPUT /usr/share/texmf-dist/fonts/tfm/public/pslatex/pcrr8tn.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmrm.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zptmcmrm.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpzccmry.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpzccmry.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpsycmrv.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/zpsycmrv.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msam7.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm7.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbc7t.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr7t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/courier/pcrr7t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/courier/pcrr8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmbc7t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/symbols/msbm10.tfm
INPUT ./sections/gadgets.tex
INPUT ./sections/gadgets.tex
INPUT ./sections/gadgets.tex
INPUT ./sections/gadgets.tex
INPUT ./sections/gadgets.tex
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8t.tfm
INPUT ./figures/drop.tex
INPUT ./figures/drop.tex
INPUT ./figures/drop.tex
INPUT ./figures/drop.tex
INPUT ./figures/drop.tex
INPUT ./figures/replay.tex
INPUT ./figures/replay.tex
INPUT ./figures/replay.tex
INPUT ./figures/replay.tex
INPUT ./figures/replay.tex
INPUT ./figures/reorder.tex
INPUT ./figures/reorder.tex
INPUT ./figures/reorder.tex
INPUT ./figures/reorder.tex
INPUT ./figures/reorder.tex
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/pslatex/pcrr8tn.tfm
INPUT /usr/share/texmf-dist/fonts/vf/public/pslatex/pcrr8tn.vf
INPUT /usr/share/texmf-dist/fonts/tfm/public/pslatex/pcrr8rn.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmb8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr7t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbc8t.tfm
INPUT ./sections/design.tex
INPUT ./sections/design.tex
INPUT ./sections/design.tex
INPUT ./sections/design.tex
INPUT ./sections/design.tex
INPUT ./assets/diagram3.png
INPUT ./assets/diagram3.png
INPUT ./assets/diagram3.png
INPUT ./assets/diagram3.png
INPUT ./assets/diagram3.png
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/pslatex/pcrr8tn.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr7t.vf
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ts1pcr.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ts1pcr.fd
INPUT /usr/share/texmf-dist/tex/latex/psnfss/ts1pcr.fd
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/courier/pcrr8c.tfm
INPUT /usr/share/texmf-dist/fonts/vf/public/pslatex/pcrr8tn.vf
INPUT /usr/share/texmf-dist/fonts/tfm/public/pslatex/pcrr8rn.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmbc8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/public/pslatex/pcrr8tn.vf
INPUT /usr/share/texmf-dist/fonts/tfm/public/pslatex/pcrr8rn.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmbc8t.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmbc8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmb8r.tfm
INPUT ./sections/case_studies.tex
INPUT ./sections/case_studies.tex
INPUT ./sections/case_studies.tex
INPUT ./sections/case_studies.tex
INPUT ./sections/case_studies.tex
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/courier/pcrr7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/courier/pcrr7t.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/courier/pcrr8c.vf
INPUT /usr/share/texmf-dist/fonts/tfm/public/pslatex/pcrr8tn.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/pslatex/pcrr8tn.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8t.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zptmcmrm.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/symbol/psyr.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zptmcmr.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/symbol/psyr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmr10.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zptmcmr.vf
INPUT ./sections/proofs.tex
INPUT ./sections/proofs.tex
INPUT ./sections/proofs.tex
INPUT ./sections/proofs.tex
INPUT ./sections/proofs.tex
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmrc7t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmrc7t.tfm
INPUT ./sections/related_work.tex
INPUT ./sections/related_work.tex
INPUT ./sections/related_work.tex
INPUT ./sections/related_work.tex
INPUT ./sections/related_work.tex
INPUT ./sections/conclusion.tex
INPUT ./sections/conclusion.tex
INPUT ./sections/conclusion.tex
INPUT ./sections/conclusion.tex
INPUT ./sections/conclusion.tex
INPUT ./main.bbl
INPUT ./main.bbl
INPUT ./main.bbl
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmri7t.vf
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr8t.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zptmcmrm.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/symbol/psyr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri8r.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmmi10.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zptmcmr.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/symbol/psyr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmr8r.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmr10.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/ptmr8t.vf
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zpzccmry.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/zapfchan/pzcmi8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zptmcmrm.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri8r.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmmi10.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zpzccmry.vf
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmsy10.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/zapfchan/pzcmi8r.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zpsycmrv.vf
INPUT /usr/share/texmf-dist/fonts/tfm/public/amsfonts/cmextra/cmex9.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/symbol/psyr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmrc8t.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmrc8t.tfm
INPUT ./sections/related_work.tex
INPUT ./sections/related_work.tex
INPUT ./sections/related_work.tex
INPUT ./sections/related_work.tex
INPUT ./sections/related_work.tex
INPUT ./sections/conclusion.tex
INPUT ./sections/conclusion.tex
INPUT ./sections/conclusion.tex
INPUT ./sections/conclusion.tex
INPUT ./sections/conclusion.tex
INPUT ./main.bbl
INPUT ./main.bbl
INPUT ./main.bbl
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zptmcmr.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/symbol/psyr.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmr10.tfm
INPUT /usr/share/texmf-dist/fonts/vf/adobe/times/zptmcmrm.vf
INPUT /usr/share/texmf-dist/fonts/tfm/adobe/times/ptmri8r.tfm
INPUT /usr/share/texmf-dist/fonts/tfm/public/cm/cmmi10.tfm
INPUT ./main.aux
INPUT ./main.out
INPUT ./main.out
INPUT /usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmex10.pfb
INPUT /usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmmi10.pfb
INPUT /usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmmi5.pfb
INPUT /usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmmi7.pfb
INPUT /usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb
INPUT /usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmr5.pfb
INPUT /usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmr7.pfb
INPUT /usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmsy10.pfb
INPUT /usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmsy7.pfb
INPUT /usr/share/texmf-dist/fonts/type1/urw/courier/ucrr8a.pfb
INPUT /usr/share/texmf-dist/fonts/type1/urw/symbol/usyr.pfb
INPUT /usr/share/texmf-dist/fonts/type1/urw/times/utmb8a.pfb
INPUT /usr/share/texmf-dist/fonts/type1/urw/times/utmbi8a.pfb
INPUT /usr/share/texmf-dist/fonts/type1/urw/times/utmr8a.pfb
INPUT /usr/share/texmf-dist/fonts/type1/urw/times/utmri8a.pfb

2154
main.log
View File

File diff suppressed because it is too large Load Diff

27
main.out
View File

@@ -1,14 +1,15 @@
\BOOKMARK [1][-]{section.1}{\376\377\000I\000n\000t\000r\000o\000d\000u\000c\000t\000i\000o\000n}{}% 1
\BOOKMARK [1][-]{section.2}{\376\377\000K\000o\000r\000g\000\040\000A\000r\000c\000h\000i\000t\000e\000c\000t\000u\000r\000e}{}% 2
\BOOKMARK [2][-]{subsection.2.1}{\376\377\000M\000a\000t\000h\000e\000m\000a\000t\000i\000c\000a\000l\000\040\000P\000r\000e\000l\000i\000m\000i\000n\000a\000r\000i\000e\000s}{section.2}% 3
\BOOKMARK [2][-]{subsection.2.2}{\376\377\000H\000i\000g\000h\000-\000l\000e\000v\000e\000l\000\040\000d\000e\000s\000i\000g\000n}{section.2}% 4
\BOOKMARK [2][-]{subsection.2.3}{\376\377\000S\000u\000p\000p\000o\000r\000t\000e\000d\000\040\000A\000t\000t\000a\000c\000k\000e\000r\000\040\000M\000o\000d\000e\000l\000s}{section.2}% 5
\BOOKMARK [2][-]{subsection.2.4}{\376\377\000K\000o\000r\000g\000\040\000I\000m\000p\000l\000e\000m\000e\000n\000t\000a\000t\000i\000o\000n}{section.2}% 6
\BOOKMARK [2][-]{subsection.2.5}{\376\377\000U\000s\000a\000g\000e}{section.2}% 7
\BOOKMARK [1][-]{section.3}{\376\377\000C\000a\000s\000e\000\040\000S\000t\000u\000d\000i\000e\000s}{}% 8
\BOOKMARK [2][-]{subsection.3.1}{\376\377\000T\000C\000P}{section.3}% 9
\BOOKMARK [2][-]{subsection.3.2}{\376\377\000R\000a\000f\000t}{section.3}% 10
\BOOKMARK [1][-]{section.4}{\376\377\000P\000r\000o\000o\000f\000s\000\040\000o\000f\000\040\000S\000o\000u\000n\000d\000n\000e\000s\000s\000\040\000a\000n\000d\000\040\000C\000o\000m\000p\000l\000e\000t\000e\000n\000e\000s\000s}{}% 11
\BOOKMARK [1][-]{section.5}{\376\377\000R\000e\000l\000a\000t\000e\000d\000\040\000W\000o\000r\000k}{}% 12
\BOOKMARK [1][-]{section.6}{\376\377\000C\000o\000n\000c\000l\000u\000s\000i\000o\000n}{}% 13
\BOOKMARK [1][-]{section*.9}{\376\377\000R\000e\000f\000e\000r\000e\000n\000c\000e\000s}{}% 14
\BOOKMARK [1][-]{section.2}{\376\377\000A\000t\000t\000a\000c\000k\000e\000r\000\040\000G\000a\000d\000g\000e\000t\000s}{}% 2
\BOOKMARK [1][-]{section.3}{\376\377\000P\000a\000n\000d\000a\000\040\000A\000r\000c\000h\000i\000t\000e\000c\000t\000u\000r\000e}{}% 3
\BOOKMARK [2][-]{subsection.3.1}{\376\377\000H\000i\000g\000h\000-\000l\000e\000v\000e\000l\000\040\000d\000e\000s\000i\000g\000n}{section.3}% 4
\BOOKMARK [2][-]{subsection.3.2}{\376\377\000P\000a\000n\000d\000a\000\040\000I\000m\000p\000l\000e\000m\000e\000n\000t\000a\000t\000i\000o\000n}{section.3}% 5
\BOOKMARK [2][-]{subsection.3.3}{\376\377\000U\000s\000a\000g\000e}{section.3}% 6
\BOOKMARK [1][-]{section.4}{\376\377\000C\000a\000s\000e\000\040\000S\000t\000u\000d\000i\000e\000s}{}% 7
\BOOKMARK [2][-]{subsection.4.1}{\376\377\000T\000C\000P}{section.4}% 8
\BOOKMARK [2][-]{subsection.4.2}{\376\377\000R\000a\000f\000t}{section.4}% 9
\BOOKMARK [2][-]{subsection.4.3}{\376\377\000S\000C\000T\000P}{section.4}% 10
\BOOKMARK [1][-]{section.5}{\376\377\000T\000h\000e\000o\000r\000e\000t\000i\000c\000a\000l\000\040\000F\000o\000u\000n\000d\000a\000t\000i\000o\000n\000s\000\040\000o\000f\000\040\000P\000a\000n\000d\000a}{}% 11
\BOOKMARK [2][-]{subsection.5.1}{\376\377\000M\000a\000t\000h\000e\000m\000a\000t\000i\000c\000a\000l\000\040\000P\000r\000e\000l\000i\000m\000i\000n\000a\000r\000i\000e\000s}{section.5}% 12
\BOOKMARK [2][-]{subsection.5.2}{\376\377\000P\000r\000o\000o\000f\000s\000\040\000o\000f\000\040\000S\000o\000u\000n\000d\000n\000e\000s\000s\000\040\000a\000n\000d\000\040\000C\000o\000m\000p\000l\000e\000t\000e\000n\000e\000s\000s}{section.5}% 13
\BOOKMARK [1][-]{section.6}{\376\377\000R\000e\000l\000a\000t\000e\000d\000\040\000W\000o\000r\000k}{}% 14
\BOOKMARK [1][-]{section.7}{\376\377\000C\000o\000n\000c\000l\000u\000s\000i\000o\000n}{}% 15

BIN
main.pdf
View File

Binary file not shown.

BIN
main.synctex.gz
View File

Binary file not shown.

70
main.tex
View File

@@ -1,6 +1,13 @@
\documentclass[conference]{IEEEtran}
\IEEEoverridecommandlockouts
% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.
\documentclass[letterpaper,twocolumn,10pt]{article}
\usepackage{usenix}
% to be able to draw some self-contained figs
\usepackage{tikz}
\usepackage{amsmath}
% inlined bib file
\usepackage{filecontents}
\usepackage{cite}
\usepackage{amsmath,amssymb,amsfonts}
\usepackage{algorithmic}
@@ -11,6 +18,8 @@
\usepackage{xspace}
\usepackage{array}
\usepackage{comment}
\usepackage{tikz}
\usepackage{float}
\usepackage{xcolor,color,xspace,enumerate,centernot,multirow,float,graphicx,
xcolor,caption,subcaption,textcomp,pgfplots,pgf-pie,tikz,listings,
@@ -25,13 +34,17 @@ comment,adjustbox,mdframed,changepage,algorithm,algorithmic}
\usepackage{xurl}
%\usepackage{csvsimple}
\renewcommand{\topfraction}{0.9} % Allow more figures at the top
\renewcommand{\textfraction}{0.1} % Allow more text alongside figures
\renewcommand{\floatpagefraction}{0.8} % Reduce the likelihood of figures moving to the end
\newtheorem{definition}{Definition}
\newcommand{\cnr}[1]{\textcolor{blue}{Cristina says: {#1}}}
\newcommand{\mvh}[1]{\textcolor{magenta}{Max says: {#1}}}
\newcommand{\jg}[1]{\textcolor{purple}{Jake says: {#1}}}
\newcommand{\spin}[0]{\textsc{Spin}\xspace}
\newcommand{\korg}[0]{\textsc{Korg}\xspace}
\newcommand{\korg}[0]{\textsc{Panda}\xspace}
\newcommand{\promela}[0]{\textsc{Promela}\xspace}
\usepackage{listings}
@@ -62,22 +75,33 @@ comment,adjustbox,mdframed,changepage,algorithm,algorithmic}
\def\BibTeX{{\rm B\kern-.05em{\sc i\kern-.025em b}\kern-.08em
T\kern-.1667em\lower.7ex\hbox{E}\kern-.125emX}}
%-------------------------------------------------------------------------------
\begin{document}
%-------------------------------------------------------------------------------
\title{\korg: An Attack Synthesis Tool\\ for Distributed Protocols\\\\
\LARGE Tool Paper
}
%don't want date printed
\date{}
% make title bold and 14 pt font (Latex default is non-bold, 16 pt)
\title{\korg: An Attack Synthesis Tool\\ for Distributed Protocols\footnote{\korg is an anonymized name for double-blind submission.}}
\author{\IEEEauthorblockN{Jacob Ginesin}
\IEEEauthorblockA{\textit{Northeastern University}}
%for single author (just remove % characters)
\author{
{\rm Jacob Ginesin}\\
Northeastern University
\and
\IEEEauthorblockN{Max von Hippel}
\IEEEauthorblockA{\textit{Northeastern University}}
{\rm Max von Hippel}\\
Benchify
\and
\IEEEauthorblockN{Cristina Nita-Rotaru}
\IEEEauthorblockA{\textit{Northeastern University}}
}
{\rm Cristina Nita-Rotaru}\\
Northeastern University
% copy the following lines to add more authors
% \and
% {\rm Name}\\
%Name Institution
} % end author
\maketitle
@@ -86,14 +110,15 @@ comment,adjustbox,mdframed,changepage,algorithm,algorithmic}
\input{sections/abstract}
\end{abstract}
\begin{IEEEkeywords}
Protocols, Attack Synthesis, Denial of Service, Model Checking
\end{IEEEkeywords}
\section{Introduction}
\label{sec:introduction}
\input{sections/introduction}
\section{Attacker Gadgets}%
\label{sec:Attacker Gadgets}
\input{sections/gadgets}
\section{\korg Architecture}
\label{sec:design}
\input{sections/design}
@@ -106,7 +131,7 @@ Protocols, Attack Synthesis, Denial of Service, Model Checking
\label{sec:case_studies}
\input{sections/case_studies}
\section{Proofs of Soundness and Completeness}
\section{Theoretical Foundations of \korg}
\label{sec:proofs}
\input{sections/proofs}
@@ -119,12 +144,13 @@ Protocols, Attack Synthesis, Denial of Service, Model Checking
\input{sections/conclusion}
\bibliographystyle{IEEEtran}
\bibliographystyle{plain}
\bibliography{main}
%\section{Appendix}%
%\label{sec:Appendix}
%\input{sections/appendix}
\end{document}
%% LocalWords: endnotes includegraphics fread ptr nobj noindent
%% LocalWords: pdflatex acks

25
sections/abstract.tex
View File

@@ -1 +1,24 @@
Distributed protocols underpin the modern internet, making their correctness and security critical. Formal methods provide rigorous tools for analyzing protocol correctness and cryptographic security, yet existing tools fall short for denial of service (DoS) analysis. We introduce \korg, a tool that synthesizes attacks on distributed protocols by targeting communication channels to violate linear temporal logic (LTL) specifications. \korg provides sound, complete analysis, synthesizing attacks or proving their absence through exhaustive state-space search. With support for pre-defined and custom attacker models, \korg enables targeted DoS analysis and broader LTL-based verification, demonstrated through various case studies.
Distributed protocols are the lynchpin of the modern internet,
underpinning every internet service.
This has in turn motivated a massive amount of research ensuring the security,
reliability, and performance of distributed protocols.
A wide-ranging assumption in these works is assuming distributed
protocols operate over \textit{faulty} or
\textit{attacker-controlled} channels, where messages can be arbitrarily
inserted, dropped, replayed, or reordered.
Formal methods work formally verifying distributed protocols
typically defines their own notion of imperfect or malicious channels,
then constructively proves their protocol is correct with respect to it.
In this work we take a fundamentally different approach:
we develop a rigorous methodology for
automatically discovering \textit{attack traces}
on distributed protocols with respect to imperfect channels,
and we introduce \korg, a highly generalizable tool for synthesizing
attacks on distributed protocols that implements our methodology.
\korg provides sound, complete analysis, synthesizing attacks on arbitrary
linear temporal logic (LTL) protocol specifications
or proving the absence of such through an exhaustive state-space search.
We demonstrate the applicability of \korg by employing to study TCP, SCTP, and Raft.
% ===== OLD ABSTRACT ======
%Distributed protocols underpin the modern internet, making their correctness and security critical. Formal methods provide rigorous tools for analyzing protocol correctness and cryptographic security, yet existing tools fall short for denial of service (DoS) analysis. We introduce \korg, a tool that synthesizes attacks on distributed protocols by targeting communication channels to violate linear temporal logic (LTL) specifications. \korg provides sound, complete analysis, synthesizing attacks or proving their absence through exhaustive state-space search. With support for pre-defined and custom attacker models, \korg enables targeted DoS analysis and broader LTL-based verification, demonstrated through various case studies.

4
sections/case_studies.tex
View File

@@ -109,6 +109,10 @@ Dropping AppendEntryResponse messages & no \\
\end{figure}
In our experiments, we found just one attack on our \texttt{raft-bug.pml} \promela model, violating election safety in particular. In this scenario, peer A and peer B are candidates for election. Peer A receives three votes, one from itself and two from other peers, and Peer B receives two votes, one from itself and one from another peer. The replay attacker simply replays the vote sent to peer B. Then, both Peer A and Peer B are convinced they won the election and change their state to leader. Following this, leader completeness is also naturally violated. In this scenario, \korg demonstrates its ability to discover subtle bugs in protocol logic, exploiting the buggy Raft implementation.
\subsection{SCTP}%
\label{sub:SCTP}
SCTP is a transport-layer protocol proposed as an alternative to TCP, featuring a four-way handshake, multi-homing, and multi-streaming. Among other use cases, SCTP is the data transfer protocol for various telecoms signaling protocols as well as WebRTC. For our analysis, we borrow the ten LTL properties and \promela models derived from the SCTP RFCs as described in \cite{Ginesin2024}. We evaluated the SCTP \promela model against \korg's drop, replay, and reordering attacker models on a single uni-directional communication channel. SCTP is designed to resist these attacker models, and we employ \korg to exhaustively demonstrate this is the case.
%our Raft model satisfies $\phi_1$-$\phi_5$ assuming perfect channels, and \korg allowed us to reason precisely about the effect of imperfect, vulnerable channels.

2
sections/conclusion.tex
View File

@@ -1 +1 @@
In conclusion, \korg addresses a critical gap in the formal verification of distributed protocols by enabling the synthesis of communication channel-based attacks against arbitrary linear temporal logic specifications. By leveraging \spin, \korg ensures soundness and completeness in attack synthesis. Its modular support for pre-defined attacker models enhances its versatility, enabling thorough protocol analysis across diverse and interesting scenarios. We demonstrate the effectiveness of \korg by employing it to study TCP and Raft, marking it as an invaluable tool for ensuring the validity and security of distributed protocols.
In conclusion, \korg addresses a critical gap in the formal verification of distributed protocols by enabling the synthesis of communication channel-based attacks against arbitrary linear temporal logic specifications. By leveraging \spin, \korg ensures soundness and completeness in attack synthesis. Its modular support for pre-defined attacker models enhances its versatility, enabling thorough protocol analysis across diverse and interesting scenarios. We demonstrate the effectiveness of \korg by employing it to study TCP, Raft, and SCTP, marking it as an invaluable tool for ensuring the validity and security of distributed protocols.

442
sections/design.tex
View File

@@ -1,21 +1,11 @@
%!TEX root = ../main.tex
In this section we discuss the details behind the design, formal guarantees, implementation, and usage of \korg.
\subsection{Mathematical Preliminaries}%
\label{sub:Mathematical Preliminaries}
Linear Temporal Logic (LTL) is a model logic for reasoning about program executions. In LTL, we say a program $P$ \textit{models} a property $\phi$ (notationally, $P \models \phi$). That is, $\phi$ holds over every execution of $P$. If $\phi$ does not hold over every execution of $P$, we say $P \not\models \phi$. The LTL language is given by predicates over a first-order logic with additional temporal operators: \textit{next}, \textit{always}, \textit{eventually}, and \textit{until}.
An LTL model checker is a tool that, given $P$ and $\phi$, can automatically check whether or not $P \models \phi$; in general, LTL is a \textit{decidable} logic, and LTL model checkers will always be able to decide whether $P \models \phi$ given enough time and resources.
We use $\mid \mid$ to denote rendezvous composition. That is, if $S = P \mid \mid Q$, processes $P$ and $Q$ are composed together into a singular state machine by matching their equivalent transitions.
\textit{LTL program synthesis} is the problem of, given an LTL specification $\phi$, automatically deriving a program $P$ that satisfies $\phi$ (that is, $P \models \phi$). \textit{LTL attack synthesis} is logically dual to LTL program synthesis. In attack synthesis, the problem is flipped: given a program $P$ and a property $\phi$ such that $P \models \phi$, we ask whether there exists some "attack" $A$ such that $(P \mid \mid A) \not\models \phi$. Fundamentally, \korg is a synthesizer for such an $A$.
\subsection{High-level design}%
\label{sub:High-level design}
As aforementioned, \korg is based on \textit{LTL attack synthesis}; in particular, \korg synthesizes attacks with respect to \textit{imperfect} channels. That is, \korg is designed to synthesize attacks that involve replaying, dropping, reordering, or inserting messages on one or more communication channels.
%As aforementioned, \korg is based on \textit{LTL attack synthesis};
\korg is designed to synthesize attacks with respect to \textit{imperfect} channels. That is, \korg is designed to synthesize attacks that involve replaying, dropping or reordering messages on one or more communication channels relied upon by the victim protocol.
%The methodology behind the construction of \korg is based on \textit{LTL attack synthesis}.
@@ -36,180 +26,11 @@ A high-level visual overview of the \korg pipeline is given in Figure \ref{fig:k
\end{figure}
\subsection{Supported Attacker Models}%
\label{sub:Supported Attacker Models}
%\korg supports the automatic synthesis of attacks with respect to four general pre-defined attacker models applicable to any communication channel:
%\begin{itemize}
%\item \textbf{Drop Attacker Model}. Drop attackers are capable of dropping a finite number of messages off a channel.
%\item \textbf{Replay Attacker Model}. Replay attackers are capable of replaying previously seen messages back onto a channel.
%\item \textbf{Reorder Attacker Model}. Reorder attackers are capable of reordering messages on a channel.
%\item \textbf{Insert Attacker Model}. Insert attackers are capable of inserting arbitrary messages (as specifiable by the user) onto a channel.
%\end{itemize}
\korg supports four general attacker models: an attacker that can drop, replay, reorder, or insert messages on a channel. In this section we discuss the various details that went into the implementation of the gadgets that encapsulate the behavior of the respective attacker models.
% Additionally, \korg supports user-defined attacker that insert arbitrary messages onto a channel. In this section we discuss the various details that go into each attacker model.
\textbf{Drop Attacker Model Gadget}
The most simple attacker model \korg supports is an attacker that can \textit{drop} messages from a channel. The user specifies a "drop limit" value that limits the number of packets the attacker can drop from the channel. Note, a higher drop limit will increase the search space of possible attacks, thereby increasing execution time.
The dropper attacker model gadget \korg synthesizes works as follows. The gadget will nondeterministically choose to observe a message on a channel. Then, if the drop limit variable is not zero, it will consume the message. An example is shown in Figure \ref{lst:korg_drop}.
\begin{figure}[h]
\begin{lstlisting}[caption={Example dropping attacker model gadget with drop limit of 3, targetting channel "cn"}, label={lst:korg_drop}]
chan cn = [8] of { int, int, int };
active proctype attacker_drop() {
int b_0, b_1, b_2;
byte lim = 3; // drop limit
MAIN:
do
:: cn ? [b_0, b_1, b_2] -> atomic {
if
:: lim == 0 -> goto BREAK;
:: else ->
cn ? b_0, b_1, b_2; // consume message on the channel
lim = lim - 1;
goto MAIN;
fi
}
od
BREAK:
}
\end{lstlisting}
\end{figure}
\textbf{Replay Attacker Model Gadget}
The next attacker model \korg supports is an attacker that can observe and \textit{replay} messages back onto a channel. Similarly to the drop limit for the dropping attacker model, the user can specify a "replay limit" that caps the number of observed messages the attacker can replay back onto the specified channel.
The replay attacker model gadget \korg employs works as follows. The gadget has two states, \textsc{Consume} and \textsc{Replay}. The gadget starts in the \textsc{Consume} state and nondeterministically reads (but not consumes) messages on the target channel, sending them into a local storage buffer. Once the gadget read the number of messages on the channel equivalent to the defined replay limit, its state changes to \textsc{Replay}. In the \textsc{Replay} state, the gadget nondeterministically selects messages from its storage buffer to replay onto the channel until out of messages. An example is shown in Figure \ref{lst:korg_replay}.
\begin{figure}[h]
\begin{lstlisting}[caption={Example replay attacker model gadget with the selected replay limit as 3, targetting channel "cn"}, label={lst:korg_replay}]
chan cn = [8] of { int, int, int };
// local memory for the gadget
chan gadget_mem = [3] of { int, int, int };
active proctype attacker_replay() {
int b_0, b_1, b_2; int i = 3;
CONSUME:
do
// read messages until the limit is passed
:: cn ? [b_0, b_1, b_2] -> atomic {
cn ? <b_0, b_1, b_2> -> gadget_mem ! b_0, b_1, b_2;
i--;
if
:: i == 0 -> goto REPLAY;
:: i != 0 -> goto CONSUME;
fi }
od
REPLAY:
do
:: atomic {
// nondeterministically select a random value from the storage buffer
int am;
select(am : 0 .. len(gadget_mem)-1);
do
:: am != 0 ->
am = am-1;
gadget_mem ? b_0, b_1, b_2 -> gadget_mem ! b_0, b_1, b_2;
:: am == 0 ->
gadget_mem ? b_0, b_1, b_2 -> cn ! b_0, b_1, b_2;
break;
od }
// doesn't need to use all messages on the channel
:: atomic {gadget_mem ? b_0, b_1, b_2; }
// once mem has no more messages, we're done
:: empty(gadget_mem) -> goto BREAK;
od
BREAK:
}
\end{lstlisting}
\end{figure}
% \subsection{Supported Attacker Models}%
% \label{sub:Supported Attacker Models}
\textbf{Reorder Attacker Model Gadget}
\korg supports synthesizing attackers that can \textit{reorder} messages on a channel. Like the drop and replay attacker model gadgets, the user can specify a "reordering limit" that caps the number of messages that can be reordered by the attacker on the specified channel.
The reordering attacker model gadget \korg synthesizes works as follows. The gadget has three states, \textsc{Init}, \textsc{Consume}, and \textsc{Replay}. The gadget begins in the \textsc{Init} state, where it arbitrarily chooses a message to start consuming by transitioning to the \textsc{Consume} state. When in the \textsc{Consume} state, the gadget consumes all messages that appear on the channel, filling up a local buffer, until hitting the defined reordering limit. Once this limit is hit, the gadget transitions into the \textsc{Replay} state. In the \textsc{Replay} state, the gadget nondeterministically selects messages from its storage buffer to replay onto the channel until out of messages. An example is shown in Figure \ref{lst:korg_reordering}.
\begin{figure}[h]
\begin{lstlisting}[caption={Example reordering attacker model gadget with the selected replay limit as 3, targetting channel "cn"}, label={lst:korg_reordering}]
chan cn = [8] of { int, int, int };
chan gadget_mem = [3] of { int, int, int };
active proctype attacker_reordering() priority 255 {
byte b_0, b_1, b_2, blocker; int i = 3;
INIT:
do
:: { // arbitrarily choose a message to start consuming on
blocker = len(cn);
do :: b != len(c) -> goto INIT; od
}
:: goto CONSUME;
od
CONSUME:
do
// consume messages with high priority
:: c ? [b_0] -> atomic {
c ? b_0 -> gadget_mem ! b_0; i--;
if
:: i == 0 -> goto REPLAY;
:: i != 0 -> goto CONSUME;
fi }
od
REPLAY:
do
// replay messages back onto the channel, also with priority
:: atomic {
int am;
select(am : 0 .. len(gadget_mem)-1);
do
:: am != 0 ->
am = am-1;
gadget_mem ? b_0 -> attacker_mem_0 ! b_0;
:: am == 0 ->
gadget_mem ? b_0 -> c ! b_0;
break;
od }
:: atomic { empty(gadget_mem) -> goto BREAK; }
od
BREAK:
}
\end{lstlisting}
\end{figure}
\begin{figure}[h]
\begin{lstlisting}[caption={Example I/O file targetting channel "cn"}, label={lst:io-file}]
cn:
I:
O:1-1-1, 1-2-3, 3-4-5
\end{lstlisting}
\begin{lstlisting}[caption={Example gadget synthesized from an I/O file targetting the channel "cn"}, label={lst:io-file-synth}]
chan cn = [8] of { int, int, int };
active proctype daisy() {
INIT:
do
:: cn ! 1,1,1;
:: cn ! 1,2,3;
:: cn ! 3,4,5;
:: goto RECOVERY;
od
RECOVERY:
}
\end{lstlisting}
\end{figure}
\textbf{Insert Attacker Models}
\korg supports the synthesis of attackers that can simply insert messages onto a channel. While the drop, replay, and reordering attacker model gadgets as previously described have complex gadgets that \korg synthesizes with respect to a user-specified channel, the insert attacker model gadget is synthesized with respect to a user-defined \textit{IO-file}. This file denotes the specific outputs and channels the attacker is capable of sending, and \korg generates a gadget capable of synthesizing attacks using the given inputs. An example I/O file is given in Figure \ref{lst:io-file}, and the generated gadget is given in Figure \ref{lst:io-file-synth}.
These attacker models can be mixed and matched as desired by the \korg user. For example, a user can specify a drop attacker and replay attacker to target channel 1, a reordering attacker to target channel 2, and an insert attacker to target channel 3. If multiple attacker models are declared, \korg will synthesize attacks where the attackers on different channel \textit{coordinate} to construct a unifying attack.
\input{sections/examples}
% \input{sections/examples}
@@ -247,7 +68,10 @@ These attacker models can be mixed and matched as desired by the \korg user. For
\subsection{\korg Implementation}%
\label{sub:impl}
We implemented \korg on top of the \spin, a popular and robust model checker for reasoning about distributed and concurrent systems. \spin has existed for over 40 years, and has been applied to dozens of real systems including the Mars Rover \cite{Holzmann_2014}, Path-Star Access server \cite{Holzmann_Smith_2000}, and an avionics operating system \cite{mcp}. Additionally, \spin has spawned a dedicated formal methods symposium, currently in its 32nd year\footnote{\url{https://spin-web.github.io/SPIN2025/}}, and earned the 2002 ACM Software System award.
\textbf{The SPIN Model Checker}.
We choose to implement \korg on top of the \spin, a popular and robust model checker for reasoning about distributed and concurrent systems. \spin has existed for over 40 years, and has been applied to dozens of real systems including the Mars Rover \cite{Holzmann_2014}, Path-Star Access server \cite{Holzmann_Smith_2000}, and an avionics operating system \cite{mcp}. Additionally, \spin has spawned a dedicated formal methods symposium, currently in its 32nd year\footnote{\url{https://spin-web.github.io/SPIN2025/}}, and earned the 2002 ACM Software System award. Alternatively, the \korg could easily be built on top of other automated reasoning tools besides \spin, including TLA+ using the methodology described in \cite{message_queues_TLA}, Dafny using the formulation of I/O automata described in \cite{Hsieh_Mitra_2019}, and mCRL2 using its process algebra-based modeling framework \cite{mCRL2}. We choose \spin over these options due to its historical popularity and robustness.
%TLSMIN \cite{TLSMIN}, and mCRL2 \cite{mCRL2}
Intuitively, models written in \promela, the modeling language of \spin, are communicating state machines whose messages are passed over defined \textit{channels}. Channels in \promela can either be unbuffered \textit{synchronous} channels, or buffered \textit{asynchronous} channels. \korg generates attacks \textit{with respect} to these defined channels.
@@ -269,21 +93,33 @@ active proctype Peer2() {
%Additionally, users can explicitly define which messages a generated gadget can send and receive.
Once one or multiple gadgets are generated, \korg invokes \spin to check if a given property of interest remains satisfied in the presence of the attacker gadgets.
\textbf{Preventing \korg Livelocks}
In general, there are two types of LTL properties: safety, and liveness. Informally, safety properties state "a bad thing never happens," and liveness properties state "a good thing always happens."
Therefore, safety properties can be violated by finite traces, while liveness properties require infinite traces to be violated.
When evaluating a \korg attacker model gadget against a \promela model and a liveness property, it is crucial to ensure the gadget has no cyclic behavior. If a \korg gadget has cyclic behavior in any way, it will trivially violate the liveness
property and produce a garbage attack trace. To prevent this, we make the following considerations.
%\korg supports the automatic synthesis of attacks with respect to four general pre-defined attacker models applicable to any communication channel:
First, we design our \korg gadgets such that they never arbitrarily send and consume messages to a single channel. Second, we allow \korg gadgets,
which are always processing messages on channels, to arbitrarily "skip" messages on a channel if need be. To demonstrate the latter, consider the extension of the drop attacker model gadget in Figure \ref{lst:drop_passer}. We implement message skipping by arbitrarily stopping and waiting after observing a message on a channel; once the channel is observed changing lengths, the message is considered skipped and future messages can be consumed.
\textbf{Attacker Gadget Implementations}.
\korg supports synthesizing three general attackers, implementing the gadgets as described in section \ref{sec:Attacker Gadgets}: attackers that can drop, replay, or reorder messages on a channel. We now discuss the various details that went into the implementations of the various attacker gadgets within \spin.
% an attacker that can drop, replay, reorder, or insert messages on a channel. As aforementioned, they
% In this section we discuss the various details that went into the implementation of the gadgets that encapsulate the behavior of the respective attacker models.
% Additionally, \korg supports user-defined attacker that insert arbitrary messages onto a channel. In this section we discuss the various details that go into each attacker model.
\textbf{Drop Attacker Gadget Implementation}.
The most simple model \korg implements is an attacker that can \textit{drop} messages from a channel. The gadget works as follows. A pre-defined limit value \texttt{lim} is set, and the attacker begins in the \texttt{MAIN} state. Whenever a message is observed on a channel, if \texttt{lim == 0} the gadget progresses to the \texttt{BREAK} state. Otherwise, the observed message is consumed, \texttt{lim} is decremented, and the gadget returns to the \texttt{MAIN} state. An example \textit{drop} gadget automatically synthesized with \korg against the channel \texttt{cn} is shown in figure \ref{lst:korg_drop}.
% An example of a gadget attacking a channel transmitting three integers is shown in Figure \ref{lst:korg_drop}.
% The most simple attacker model \korg supports is an attacker that can \textit{drop} messages from a channel. The user specifies a "drop limit" value that limits the number of packets the attacker can drop from the channel. Note, a higher drop limit will increase the search space of possible attacks, thereby increasing execution time.
% The dropper attacker model gadget \korg synthesizes works as follows. The gadget will nondeterministically choose to observe a message on a channel. Then, if the drop limit variable is not zero, it will consume the message. An example is shown in Figure \ref{lst:korg_drop}.
\begin{figure}[h]
\begin{lstlisting}[caption={Example dropping attacker model gadget with message skipping}, label={lst:drop_passer}]
\label{lst:korg_drop}
\begin{lstlisting}[]
chan cn = [8] of { int, int, int };
active proctype attacker_drop() {
int b_0, b_1, b_2, blocker;
int b_0, b_1, b_2;
byte lim = 3; // drop limit
MAIN:
do
@@ -292,25 +128,213 @@ MAIN:
:: lim == 0 -> goto BREAK;
:: else ->
cn ? b_0, b_1, b_2; // consume message on the channel
lim = lim - 1;
goto MAIN;
fi
}
// pass over a message on a channel as needed
lim = lim - 1; goto MAIN;
fi }
od
BREAK: }
\end{lstlisting}
\caption{Example dropping attacker model gadget with drop limit of 3, targetting channel "cn"}
\label{lst:korg_drop}
\end{figure}
\textbf{Replay Attacker Gadget Implementation}.
The next model \korg implements is an attacker that can \textit{replay} messages on a channel. The gadget works as follows. The attacker model gadget comes with a pre-defined message limit value \texttt{lim}, which defines the length of the gadget storage FIFO buffer \texttt{gadget\_mem}. Then, the gadget enters the \texttt{CONSUME} state and nondeterministically chooses messages on the channel \texttt{cn} to copy into \texttt{gadget\_mem}. Once \texttt{lim=0}, the gadget transitions into the state \texttt{REPLAY}, where items are randomly selected from \texttt{gadget\_mem} to be replayed back onto the channel. Note, because \texttt{gadget\_mem} is a FIFO buffer, we must rotate messages within the channel in order to randomly select a value from it. Additionally, messages can also be nondeterministically removed from \texttt{gadget\_mem}, as all messages do not necessarily need to be replayed. Once \texttt{gadget\_mem} is empty, the gadget transitions to the \texttt{BREAK} state. An example gadget automatically synthesized with \korg against the channel \texttt{cn} is shown in figure \ref{lst:korg_replay}.
% The next attacker model \korg supports is an attacker that can observe and \textit{replay} messages back onto a channel. Similarly to the drop limit for the dropping attacker model, the user can specify a "replay limit" that caps the number of observed messages the attacker can replay back onto the specified channel.
% The replay attacker model gadget \korg employs works as follows. The gadget has two states, \textsc{Consume} and \textsc{Replay}. The gadget starts in the \textsc{Consume} state and nondeterministically reads (but not consumes) messages on the target channel, sending them into a local storage buffer. Once the gadget read the number of messages on the channel equivalent to the defined replay limit, its state changes to \textsc{Replay}. In the \textsc{Replay} state, the gadget nondeterministically selects messages from its storage buffer to replay onto the channel until out of messages. An example is shown in Figure \ref{lst:korg_replay}.
\begin{figure}[h]
\begin{lstlisting}[]
chan cn = [8] of { int, int, int };
// local memory for the gadget
chan gadget_mem = [3] of { int, int, int };
active proctype attacker_replay() {
int b_0, b_1, b_2; int lim = 3;
CONSUME:
do
// read messages until the limit is passed
:: cn ? [b_0, b_1, b_2] -> atomic {
// wait for the channel to change lengths
// then, once it does, go to MAIN
cn ? <b_0, b_1, b_2> -> gadget_mem ! b_0, b_1, b_2;
lim--;
if
:: lim == 0 -> goto REPLAY;
:: lim != 0 -> goto CONSUME;
fi }
od
REPLAY:
do
:: atomic {
// nondeterministically select a random value from the storage buffer
int am;
select(am : 0 .. len(gadget_mem)-1);
do
:: am != 0 ->
am = am-1;
gadget_mem ? b_0, b_1, b_2 -> gadget_mem ! b_0, b_1, b_2;
:: am == 0 ->
gadget_mem ? b_0, b_1, b_2 -> cn ! b_0, b_1, b_2;
break;
od }
// doesn't need to replay all stored msgs
:: atomic {gadget_mem ? b_0, b_1, b_2; }
// once mem has no more messages, we're done
:: empty(gadget_mem) -> goto BREAK;
od
BREAK: }
\end{lstlisting}
\caption{Example replay attacker model gadget with the selected replay limit as 3, targetting channel "cn"}
\label{lst:korg_replay}
\end{figure}
\textbf{Reorder Attacker Gadget Implementation}.
The final and most complex gadget \korg implements is an attacker that can \textit{reorder} messages on a channel. The gadget works as follows. The attacker model gadget comes with a pre-defined message limit value \texttt{lim}, which defines the length of the gadget storage FIFO buffer \texttt{gadget\_mem}. The gadget also has the highest \textit{execution priority} in the system, which ensures the gadget can always reorder messages on the victim channel without other processes interfering. The gadget first enters the \texttt{INIT} state --- in this state, the gadget non-deterministically chooses to pass messages on the victim channel, or transition to the \texttt{CONSUME} state. In the \texttt{CONSUME} state, the gadget consumes each message it sees and stores them in \texttt{gadget\_mem}, a FIFO buffer. Upon consuming each message from the victim channel, \texttt{lim} is decremented. Once \texttt{lim=0}, the gadget transitions to \texttt{REPLAY}. Then, messages are randomly selected from \texttt{gadget\_mem} to be replayed back onto the channel. Note, because \texttt{gadget\_mem} is a FIFO buffer, we must rotate messages within the channel in order to randomly select a value from it. Additionally, messages can also be nondeterministically removed from \texttt{gadget\_mem}, as all messages do not necessarily need to be replayed. Once \texttt{gadget\_mem} is empty, the gadget transitions to the \texttt{BREAK} state. An example gadget automatically synthesized with \korg against the channel \texttt{cn} is shown in figure \ref{lst:korg_reordering}.
% The attacker model gadget comes with a pre-defined message limit value \texttt{lim}, which defines the length of the gadget storage FIFO buffer \texttt{gadget\_mem}. Then, the gadget enters the \texttt{CONSUME} state and nondeterministically chooses messages on the channel \texttt{cn} to copy into \texttt{gadget\_mem}. Once \texttt{lim=0}, the gadget transitions into the state \texttt{REPLAY}, where items are randomly selected from \texttt{gadget\_mem} to be replayed back onto the channel. Note, because \texttt{gadget\_mem} is a FIFO buffer, we must rotate messages within the channel in order to randomly select a value from it. Additionally, messages can also be nondeterministically removed from \texttt{gadget\_mem}, as all messages do not necessarily need to be replayed. Once \texttt{gadget\_mem} is empty, the gadget transitions to the \texttt{BREAK} state.
% \textbf{Reorder Attacker Model Gadget}
% \korg supports synthesizing attackers that can \textit{reorder} messages on a channel. Like the drop and replay attacker model gadgets, the user can specify a "reordering limit" that caps the number of messages that can be reordered by the attacker on the specified channel.
% The reordering attacker model gadget \korg synthesizes works as follows. The gadget has three states, \textsc{Init}, \textsc{Consume}, and \textsc{Replay}. The gadget begins in the \textsc{Init} state, where it arbitrarily chooses a message to start consuming by transitioning to the \textsc{Consume} state. When in the \textsc{Consume} state, the gadget consumes all messages that appear on the channel, filling up a local buffer, until hitting the defined reordering limit. Once this limit is hit, the gadget transitions into the \textsc{Replay} state. In the \textsc{Replay} state, the gadget nondeterministically selects messages from its storage buffer to replay onto the channel until out of messages. An example is shown in Figure \ref{lst:korg_reordering}.
\begin{figure}[h]
\begin{lstlisting}[]
chan cn = [8] of { int, int, int };
// local memory for the gadget
chan gadget_mem = [3] of { int, int, int };
active proctype attacker_reordering() priority 255 {
byte b_0, b_1, b_2, blocker; int lim = 3;
INIT:
do
:: wait_until_pass(ch);
:: goto CONSUME;
od
CONSUME:
do
// consume messages with high priority
:: c ? [b_0] -> atomic {
c ? b_0 -> gadget_mem ! b_0; lim--;
if
:: lim == 0 -> goto REPLAY;
:: lim != 0 -> goto CONSUME;
fi }
od
REPLAY:
do
// replay messages back onto the channel, also with priority
:: atomic {
int am;
select(am : 0 .. len(gadget_mem)-1);
do
:: am != 0 ->
am = am-1;
gadget_mem ? b_0 -> attacker_mem_0 ! b_0;
:: am == 0 ->
gadget_mem ? b_0 -> c ! b_0;
break;
od }
:: atomic { empty(gadget_mem) -> goto BREAK; }
od
BREAK: }
\end{lstlisting}
\caption{Example reordering attacker model gadget with the selected replay limit as 3, targetting channel "cn"}
\label{lst:korg_reordering}
\end{figure}
% \begin{figure}[h]
% \begin{lstlisting}[caption={Example I/O file targetting channel "cn"}, label={lst:io-file}]
% cn:
% I:
% O:1-1-1, 1-2-3, 3-4-5
% \end{lstlisting}
% \begin{lstlisting}[caption={Example gadget synthesized from an I/O file targetting the channel "cn"}, label={lst:io-file-synth}]
% chan cn = [8] of { int, int, int };
% active proctype daisy() {
% INIT:
% do
% :: cn ! 1,1,1;
% :: cn ! 1,2,3;
% :: cn ! 3,4,5;
% :: goto RECOVERY;
% od
% RECOVERY:
% }
% \end{lstlisting}
% \end{figure}
% \textbf{Insert Attacker Models}
% \korg supports the synthesis of attackers that can simply insert messages onto a channel. While the drop, replay, and reordering attacker model gadgets as previously described have complex gadgets that \korg synthesizes with respect to a user-specified channel, the insert attacker model gadget is synthesized with respect to a user-defined \textit{IO-file}. This file denotes the specific outputs and channels the attacker is capable of sending, and \korg generates a gadget capable of synthesizing attacks using the given inputs. An example I/O file is given in Figure \ref{lst:io-file}, and the generated gadget is given in Figure \ref{lst:io-file-synth}.
% These attacker models can be mixed and matched as desired by the \korg user. For example, a user can specify a drop attacker and replay attacker to target channel 1, a reordering attacker to target channel 2, and an insert attacker to target channel 3. If multiple attacker models are declared, \korg will synthesize attacks where the attackers on different channel \textit{coordinate} to construct a unifying attack.
\textbf{Preventing \korg Livelocks}.
In general, there are two types of LTL properties: safety, and liveness. Informally, safety properties state "a bad thing never happens," and liveness properties state "a good thing always happens."
Therefore, safety properties can be violated by finite traces, while liveness properties require infinite traces to be violated.
When evaluating a \korg attacker model gadget against a \promela model and a liveness property, it is crucial to ensure the gadget has no cyclic behavior. If a \korg gadget has cyclic behavior in any way, it will trivially violate the liveness
property and produce a garbage attack trace. To prevent this, we make the following considerations.
First, we design our \korg gadgets such that they never arbitrarily send and consume messages to a single channel. Second, we allow \korg gadgets,
which are always processing messages on channels, to arbitrarily "skip" messages on a channel if need be. To demonstrate the latter, consider the extension of the drop attacker model gadget in Figure \ref{lst:drop_passer}. We implement message skipping by arbitrarily stopping and waiting after observing a message on a channel; once the channel is observed changing lengths, the message is considered skipped and future messages can be consumed.
\textbf{Passing Messages On Channels}.
In order to arbitrarily pass messages on channels in \spin, required functionality for all three gadgets we present, we exploit the finite channel length assumption. Our \spin gadget is shown below.
\begin{quote}
\begin{lstlisting}
inline wait_until_pass(chan ch){
cn ? [b_0, b_1, b_2] -> {
// wait for chan to change lengths. then, exit the loop
blocker = len(cn);
do
:: blocker != len(cn) -> goto MAIN;
od
}
:: goto BREAK;
od
BREAK:
:: blocker != len(cn) -> break;
od }
}
\end{lstlisting}
\end{figure}
\end{lstlisting}
\end{quote}
That is, when we enter \texttt{wait\_until\_pass}, we track the length of the channel \texttt{cn} and wait until \texttt{len(cn)} changes. This allows us to arbitrarily pass messages on a given channel \texttt{cn} without reasoning directly about the message.
% \begin{figure}[h]
% \begin{lstlisting}[caption={Example dropping attacker model gadget with message skipping}, label={lst:drop_passer}]
% chan cn = [8] of { int, int, int };
% active proctype attacker_drop() {
% int b_0, b_1, b_2, blocker;
% byte lim = 3; // drop limit
% MAIN:
% do
% :: cn ? [b_0, b_1, b_2] -> atomic {
% if
% :: lim == 0 -> goto BREAK;
% :: else ->
% cn ? b_0, b_1, b_2; // consume message on the channel
% lim = lim - 1;
% goto MAIN;
% fi
% }
% // pass over a message on a channel as needed
% :: cn ? [b_0, b_1, b_2] -> atomic {
% // wait for the channel to change lengths
% // then, once it does, go to MAIN
% blocker = len(cn);
% do
% :: blocker != len(cn) -> goto MAIN;
% od
% }
% :: goto BREAK;
% od
% BREAK:
% }
% \end{lstlisting}
% \end{figure}
\subsection{Usage}%

44
sections/introduction.tex
View File

@@ -1,4 +1,46 @@
%!TEX root = ../main.tex
Distributed protocols are the lynchpin of the modern internet,
representing the fundamental communication and coordination backbone
of all modern services over the internet.
The vast importance of distributed protocols has motivated ample
research in ensuring their security, reliability, and
performance. One popular approach in prior literature
has been the employment of
\textit{formal methods}, the use of mathematically rigorous techniques,
to analyze and verify distributed protocols.
Formal methods has been applied to verify Raft \cite{Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson, Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016, Ongaro_Ousterhout},
Paxos \cite{Delzanno_Tatarek_Traverso_2014, ironfleet, Rahli_Vukotic_Völp_Esteves-Verissimo_2018}, PBFT \cite{Sergey_Wilcox_Tatlock_2018, ironfleet}, and countless other distributed protocols \cite{Smith_1997, Narayana_Chen_Zhao_Chen_Fu_Zhou_2006, Arun_Arashloo_Saeed_Alizadeh_Balakrishnan_2021, Beurdouche}.
A common assumption among all the prior formal methods work is assuming
distributed protocols operate over \textit{imperfect} or
\textit{attacker-controlled} communication channels, where
messages can be arbitrarily dropped, replayed, or reordered, then proving
the targeted protocol maintains properties of interest with respect to them.
In this work, we take a fundamentally different approach to studying distributed protocols under imperfect channels. While previous work generally assumes one specific channel configuration and primarily seeks to manually construct proofs with respect to it, we study protocols under various channel configurations and seek to automatically discover interesting attack traces, counterexamples, and guarantees.
We introduce a general methodology for automatically discovering dropping, replay, reordering attacks traces on distributed protocols, and we introduce \korg, a highly generalizable tool for synthesizing attacks on distributed protocols that implements our methodology and the drop, replay, and reordering attacker models. \korg targets the communication channels between the protocol endpoints, and synthesizes attacks to violate general linear temporal logic (LTL) specifications. \korg is designed to either synthesize an attack, or prove the absence of such via an exhaustive state-space search. \korg is sound and complete, meaning if there exists an attack \korg will find it, and \korg will never have false positives. \korg is also designed to be easy to use once the protocol model is constructed: all a user must do is select the victim channels, select the desired attacker models, and invoke \korg.
In this work we take an approach rooted in \textit{formal methods} and \textit{automated reasoning} to construct \korg. In particular, we employ \textit{model checking}, a sub-discipline of formal methods, to decidably and automatically find attacks in protocols or prove the absence of such.
We summarize our contributions:
\begin{itemize}
\item We present generalizable gadgets representing attackers capable of dropping, replaying, and reordering messages on communication channels of distributed protocols.
\item We present \korg, a tool for synthesizing attacks against distributed communication protocols. \korg supports four general attacker models: an attacker that can drop, replay, reorder, or insert messages on a channel.
\item We provide an overview of \korg and demonstrate its usage by walking through applying it to the ABP protocol
\item We present three case studies for three well-known protocols, TCP, Raft, and SCTP, illustrating the usefulness of \korg.
\end{itemize}
We release our code and our models as open source at \url{https://anonymous.4open.science/r/attacksynth-artifact-1B5D}.
%Formal methods work typically assumes the communication channe
%One common assumption among all the prior work is assuming or explicitly defining some notion of an \textit{imperfect} or \textit{malicious} communication channel, then proving the target protocol maintains certain properties with respect to them.
% ======= OLD INTRODUCTION ========
\begin{comment}
Distributed protocols are the foundation for the modern internet, and therefore ensuring their correctness and security is paramount. To this end, formal methods, the use of mathematically rigorous techniques for reasoning about software, has been increasingly employed to analyze and study distributed protocols. Historically, formal methods has been employed for reasoning about concurrency and distributed algorithms \cite{Lamport_1994, Holzmann_1997, Clarke_Wang}, and in recent years formal methods have been employed at scale to reason about the security of cryptographic protocols and primitives \cite{Basin_Cremers_Dreier_Sasse_2022, Kobeissi_Nicolas_Tiwari, Blanchet_Jacomme, Basin_Linker_Sasse}.
%, Blanchet_Smyth_Cheval_Sylvestre
@@ -17,3 +59,5 @@ We summarize our contributions:
We release our code and our models as open source at \url{https://anonymous.4open.science/r/attacksynth-artifact-1B5D}.
\end{comment}

24
sections/proofs.tex
View File

@@ -1,4 +1,20 @@
\korg is an implementation of the theoretical attack synthesis framework proposed by \cite{Hippel2022_anonym}. This framework enjoys soundness and completeness guarantees for attacks discovered; that is, if there exists an attack, it is discovered, and if an attack is discovered, it is valid. However, the attack synthesis framework proposed by \cite{Hippel2022_anonym} reasons about an abstracted, theoretical process construct. Therefore, in order to correctly claim \korg is also sound and complete, it is necessary to demonstrate discovering an attack within the theoretical framework reduces to the semantics of \spin, the model checker \korg is built on top of.
In this section we describe the theoretical foundations of \korg, arguments of its soundness, completeness, and complexity.
\subsection{Mathematical Preliminaries}%
\label{sub:Mathematical Preliminaries}
Linear Temporal Logic (LTL) is a model logic for reasoning about program executions. In LTL, we say a program $P$ \textit{models} a property $\phi$ (notationally, $P \models \phi$). That is, $\phi$ holds over every execution of $P$. If $\phi$ does not hold over every execution of $P$, we say $P \not\models \phi$. The LTL language is given by predicates over a first-order logic with additional temporal operators: \textit{next}, \textit{always}, \textit{eventually}, and \textit{until}.
An LTL model checker is a tool that, given $P$ and $\phi$, can automatically check whether or not $P \models \phi$; in general, LTL is a \textit{decidable} logic, and LTL model checkers will always be able to decide whether $P \models \phi$ given enough time and resources.
We use $\mid \mid$ to denote rendezvous composition. That is, if $S = P \mid \mid Q$, processes $P$ and $Q$ are composed together into a singular state machine by matching their equivalent transitions.
\textit{LTL program synthesis} is the problem of, given an LTL specification $\phi$, automatically deriving a program $P$ that satisfies $\phi$ (that is, $P \models \phi$). \textit{LTL attack synthesis} is logically dual to LTL program synthesis. In attack synthesis, the problem is flipped: given a program $P$ and a property $\phi$ such that $P \models \phi$, we ask whether there exists some "attack" $A$ such that $(P \mid \mid A) \not\models \phi$. Fundamentally, \korg is a synthesizer for such an $A$, based upon the distributed systems attacker framework as described in \cite{Hippel2022}.
\subsection{Proofs of Soundness and Completeness}%
\label{sub:Proofs of Soundness and Completeness}
As aforementioned, \korg is an extended implementation of the theoretical attack synthesis framework proposed by \cite{Hippel2022}. This framework enjoys soundness and completeness guarantees for attacks discovered; that is, if there exists an attack, it is discovered, and if an attack is discovered, it is valid. However, the attack synthesis framework proposed by \cite{Hippel2022} reasons about an abstracted, theoretical process construct. Therefore, in order to correctly claim \korg is also sound and complete, it is necessary to demonstrate discovering an attack within the theoretical framework reduces to the semantics of \spin, the model checker \korg is built on top of.
%There exists a semantic gap between the theoretical attack synthesis framework proposed by \cite{Hippel2022_anonym}, and the semantics of \korg. Therefore, in order to correctly claim \korg maintains the soundness and completeness of the theoretical framework it implements, it suffices to demonstrate finding an attack within the theoretical attack synthesis framework precisely reduces to the semantics of \spin.
%the model checker \korg is implemented on top of.
@@ -31,7 +47,7 @@ A transition \( (s, x, s') \in T \) is called an \emph{input transition} if \( x
\setcounter{theorem}{0}
\begin{theorem}
A process, as defined in \cite{Hippel2022_anonym}, always directly corresponds to a \ba.
A process, as defined in \cite{Hippel2022}, always directly corresponds to a \ba.
\end{theorem}
\begin{proof}
@@ -87,7 +103,7 @@ A threat model is a tuple \( (P, (Q_i)_{i=0}^m, \phi) \) where:
\end{definition}
\begin{theorem}
Checking whether there exists an attacker under a given threat model, the R-$\exists$ASP problem as proposed in \cite{Hippel2022_anonym}, is equivalent to B\"uchi Automata language inclusion (which is in turn solved by the \spin model checker).
Checking whether there exists an attacker under a given threat model, the R-$\exists$ASP problem as proposed in \cite{Hippel2022}, is equivalent to B\"uchi Automata language inclusion (which is in turn solved by the \spin model checker).
\end{theorem}
\begin{proof}
@@ -107,7 +123,7 @@ Where rendezvous composition for I/O \ba is precise the same as for I/O Kripke A
\end{proof}
\begin{theorem}
Checking whether there exists an attacker for a given threat model, the R-$\exists$ASP problem as proposed in \cite{Hippel2022_anonym}, is in PSPACE.
Checking whether there exists an attacker for a given threat model, the R-$\exists$ASP problem as proposed in \cite{Hippel2022}, is in PSPACE.
\end{theorem}
\begin{proof}

4
sections/related_work.tex
View File

@@ -1,3 +1,3 @@
\textbf{Similar Tools}. Several formal methods tools reason about attackers on secure protocols, primarily in the cryptographic context: ProVerif, VerifPal, Tamarin, and Scyther are \textit{Symbolic} and abstract away cryptographic primitives as terms \cite{Kobeissi_Nicolas_Tiwari, Proverif, Tamarin, Cremers}, while CryptoVerif and EasyCrypt are \textit{computational} and reason about game-based cryptographic security proofs \cite{Blanchet_Jacomme, Pereira}. For a general overview, see \cite{ParnoSOK, Basin_Cremers_Meadows_2018}. Before \korg, model checker-based approaches for reasoning about secure protocols have typically employed \spin or TLA+ and only reasoned about correctness \cite{Khan_Mukund_Suresh_2005, Clarke_Wang, wayne_adversaries, Narayana_Chen_Zhao_Chen_Fu_Zhou_2006, Delzanno_Tatarek_Traverso_2014}.
\hspace{1em} \textbf{Similar Tools}. Several formal methods tools reason about attackers on secure protocols, primarily in the cryptographic context: ProVerif, VerifPal, Tamarin, and Scyther are \textit{Symbolic} and abstract away cryptographic primitives as terms \cite{Kobeissi_Nicolas_Tiwari, Proverif, Tamarin, Cremers}, while CryptoVerif and EasyCrypt are \textit{computational} and reason about game-based cryptographic security proofs \cite{Blanchet_Jacomme, Pereira}. For a general overview, see \cite{ParnoSOK, Basin_Cremers_Meadows_2018}. Before \korg, model checker-based approaches for reasoning about secure protocols have typically employed \spin or TLA+ and only reasoned about correctness \cite{Khan_Mukund_Suresh_2005, Clarke_Wang, wayne_adversaries, Narayana_Chen_Zhao_Chen_Fu_Zhou_2006, Delzanno_Tatarek_Traverso_2014}.
\textbf{Reasoning About Channels}. There is a long history of using formal methods tools ad-hoc to reason about on-channel attackers, particularly in the context of Byzantine protocols \cite{Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson, Castro_Liskov_2002, Delzanno_Tatarek_Traverso_2014}. Formal methods tools have also been applied to reason about message tampering \cite{Henda}, delays \cite{Ginesin}, and congestion control \cite{TCPwn}.
\textbf{Reasoning About Channels}. There is a long history of using formal methods tools ad-hoc to reason about on-channel attackers, particularly in the context of Byzantine protocols \cite{Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson, Castro_Liskov_2002, Delzanno_Tatarek_Traverso_2014}. Formal methods tools have also been applied to reason about message tampering \cite{Henda}, delays \cite{Ginesin}, and congestion control \cite{TCPwn}. In fact, the mathematical attacker synthesis described in \cite{Hippel2022} comes with a simple implementation in \spin, \textsc{Korg}, which allows a user to manually specify messages to be \textit{inserted} onto a victim channel. Our tool nicely extends \textsc{Korg}, while relieving the user of any specific manual specification.

0
sections/usage.tex
View File