more

sections/introduction.tex

@@ -4,15 +4,15 @@ Distributed protocols are the foundation for the modern internet, and therefore
 %, Blanchet_Smyth_Cheval_Sylvestre
 This myriad of formal methods tooling applicable to secure protocols has enabled reasoning about security-relevant properties involving secrecy, authentication, indistinguishability in addition to concurrency, safety, and liveness. However, no previous formal methods tooling offered an effective solution for rigorously studying an attacker that controls communication channels. That is, how do you reason about an attacker that can arbitrarily drop, reorder, replay, or insert messages onto a communication channel? 
 
-To fill this gap, we introduce \korg \footnote{\korg is a fictitious name for our system, for double-blind submission.}, a tool for synthesizing attacks on distributed protocols that implements and extends the theoretical framework proposed in  \cite{Hippel2022_anonym}. In particular, \korg targets the communication channels between the protocol endpoints, and synthesizes attacks to violate arbitrary linear temporal logic (LTL) specifications. \korg either synthesizes attack, or proves the absence of such via an exhaustive state-space search. \korg is sound and complete, meaning if there exists an attack \korg will find it, and \korg will never have false positives. \korg supports pre-defined attacker models, including attackers that can replay, reorder, or drop messages on channels, as well as custom user-defined attacker models. Although \korg best lends itself for reasoning about denial of service attacks, it can target any specification expressable in LTL. 
+To fill this gap, we introduce \korg, a tool for synthesizing attacks on distributed protocols that implements and extends the theoretical framework proposed in  \cite{Hippel2022_anonym}. In particular, \korg targets the communication channels between the protocol endpoints, and synthesizes attacks to violate arbitrary linear temporal logic (LTL) specifications. \korg either synthesizes attack, or proves the absence of such via an exhaustive state-space search. \korg is sound and complete, meaning if there exists an attack \korg will find it, and \korg will never have false positives. \korg supports pre-defined attacker models, including attackers that can replay, reorder, or drop messages on channels, as well as custom user-defined attacker models. Although \korg best lends itself for reasoning about denial of service attacks, it can target any specification expressable in LTL. 
 
 In this work we take an approach rooted in \textit{formal methods} and \textit{automated reasoning} to construct \korg. In particular, we employ \textit{model checking}, a sub-discipline of formal methods, to decidably and automatically find attacks in protocols or prove the absence of such. 
 
 We summarize our contributions:
 \begin{itemize}
-\item We present \korg,  a tool for synthesizing attacks against communication protocols. \korg supports four general attacker model gadgets: an attacker that can drop, replay, reorder, or insert messages on a channel. 
-\item We provide and overview of \korg and show how it can be used through an example of the ABP protocol.
-\item We present two case studies for two well-known protocols TCP and Raft, illustrating the usefulness of \korg.
+\item We present \korg,  a tool for synthesizing attacks against distributed communication protocols. \korg supports four general attacker models: an attacker that can drop, replay, reorder, or insert messages on a channel. 
+\item We provide an overview of \korg and demonstrate its usage by walking through applying it to the ABP protocol
+\item We present two case studies for two well-known protocols, TCP and Raft, illustrating the usefulness of \korg.
 \end{itemize}
 
 We release our code and our models as open source at \url{https://anonymous.4open.science/r/attacksynth-artifact-1B5D}.