\relax 
\citation{Lamport_1994,Holzmann_1997,Clarke_Wang}
\citation{Basin_Cremers_Dreier_Sasse_2022,Blanchet_Smyth_Cheval_Sylvestre,Kobeissi_Nicolas_Tiwari,Blanchet_Jacomme,Basin_Linker_Sasse}
\citation{Hippel2022}
\@writefile{toc}{\contentsline {section}{\numberline {I}Introduction}{1}{}\protected@file@percent }
\newlabel{sec:introduction}{{I}{1}{}{}{}}
\@writefile{toc}{\contentsline {section}{\numberline {II}Design Methodology}{1}{}\protected@file@percent }
\newlabel{sec:design}{{II}{1}{}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {II-A}}High-level design}{1}{}\protected@file@percent }
\newlabel{sub:High-level design}{{\mbox  {II-A}}{1}{}{}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces A high-level overview of the \textsc  {Korg}\xspace  workflow}}{1}{}\protected@file@percent }
\newlabel{fig:korg_workflow}{{1}{1}{}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {II-B}}Supported Attacker Models}{1}{}\protected@file@percent }
\newlabel{sub:Supported Attacker Models}{{\mbox  {II-B}}{1}{}{}{}}
\citation{Kozen_1977}
\citation{Clarke_Wang}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {II-C}}Soundness And Completeness of Korg}{2}{}\protected@file@percent }
\newlabel{sub:Soundness And Completeness}{{\mbox  {II-C}}{2}{}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {II-D}}The Korg Implementation}{2}{}\protected@file@percent }
\newlabel{sub:The Korg Implementation}{{\mbox  {II-D}}{2}{}{}{}}
\newlabel{lst:spin-model}{{1}{2}{}{}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {1}Example \textsc  {Promela}\xspace  model of peers communicating over a channel. \texttt  {!} indicates sending a message onto a channel, \texttt  {?} indicates receiving a message from a channel.}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {II-E}}Usage}{2}{}\protected@file@percent }
\newlabel{sub:Usage}{{\mbox  {II-E}}{2}{}{}{}}
\newlabel{lst:abp}{{2}{3}{}{}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {2}Example (simplified) \textsc  {Promela}\xspace  model of the alternating bit protocol.}{3}{}\protected@file@percent }
\newlabel{lst:korg-shell}{{\mbox  {II-E}}{3}{}{}{}}
\@writefile{toc}{\contentsline {section}{\numberline {III}Attacker Model Gadgets}{3}{}\protected@file@percent }
\newlabel{sec:usage_attacker_models}{{III}{3}{}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {III-A}}Drop Attacker Model Gadget}{3}{}\protected@file@percent }
\newlabel{sub:Dropping Attacker}{{\mbox  {III-A}}{3}{}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {III-B}}Replay Attacker Model Gadget}{3}{}\protected@file@percent }
\newlabel{sub:Replay Attacker}{{\mbox  {III-B}}{3}{}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {III-C}}Reorder Attacker Model Gadget}{3}{}\protected@file@percent }
\newlabel{sub:reordering Attacker}{{\mbox  {III-C}}{3}{}{}{}}
\citation{Cluzel_Georgiou_Moy_Zeller_2021,Smith_1997,Pacheco2022}
\citation{Pacheco2022}
\citation{Pacheco2022,Hippel2022}
\citation{Pacheco2022}
\citation{Pacheco2022}
\citation{Pacheco2022}
\citation{Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016,Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson,Ongaro}
\citation{Ongaro}
\citation{Ongaro}
\citation{Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016}
\bibstyle{IEEEtran}
\bibdata{main}
\bibcite{Lamport_1994}{1}
\bibcite{Holzmann_1997}{2}
\bibcite{Clarke_Wang}{3}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {III-D}}Insert Attacker Models}{4}{}\protected@file@percent }
\newlabel{sub:Custom Attacker Models}{{\mbox  {III-D}}{4}{}{}{}}
\@writefile{toc}{\contentsline {section}{\numberline {IV}Case Studies}{4}{}\protected@file@percent }
\newlabel{sec:case_studies}{{IV}{4}{}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {IV-A}}TCP}{4}{}\protected@file@percent }
\newlabel{sub:TCP}{{\mbox  {IV-A}}{4}{}{}{}}
\newlabel{res:tcp-table}{{\mbox  {IV-A}}{4}{}{}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces Automatically discovered attacks against the hand-written TCP model from Pacheco et al. and our own, for $\phi _1$ through $\phi _4$. "x" indicates an attack was discovered, and no "x" indicates \textsc  {Korg}\xspace  proved the absence of an attack via an exhaustive search. Full attack traces are available in the artifact.}}{4}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {IV-B}}Raft}{4}{}\protected@file@percent }
\newlabel{sub:Raft}{{\mbox  {IV-B}}{4}{}{}{}}
\@writefile{toc}{\contentsline {section}{\numberline {V}Conclusion}{4}{}\protected@file@percent }
\newlabel{sec:conclusion}{{V}{4}{}{}{}}
\@writefile{toc}{\contentsline {section}{References}{4}{}\protected@file@percent }
\bibcite{Basin_Cremers_Dreier_Sasse_2022}{4}
\bibcite{Blanchet_Smyth_Cheval_Sylvestre}{5}
\bibcite{Kobeissi_Nicolas_Tiwari}{6}
\bibcite{Blanchet_Jacomme}{7}
\bibcite{Basin_Linker_Sasse}{8}
\bibcite{Hippel2022}{9}
\bibcite{Kozen_1977}{10}
\bibcite{Cluzel_Georgiou_Moy_Zeller_2021}{11}
\bibcite{Smith_1997}{12}
\bibcite{Pacheco2022}{13}
\bibcite{Woos_Wilcox_Anton_Tatlock_Ernst_Anderson_2016}{14}
\bibcite{Wilcox_Woos_Panchekha_Tatlock_Wang_Ernst_Anderson}{15}
\bibcite{Ongaro}{16}
\@writefile{toc}{\contentsline {section}{\numberline {VI}Appendix}{5}{}\protected@file@percent }
\newlabel{sec:Appendix}{{VI}{5}{}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {VI-A}}Full Korg Soundness and Completeness Proofs}{5}{}\protected@file@percent }
\newlabel{sub:korg_proofs}{{\mbox  {VI-A}}{5}{}{}{}}
\citation{Holzmann_1997}
\citation{Kozen_1977}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {VI-B}}Preventing Korg Livelocks}{6}{}\protected@file@percent }
\newlabel{sub:Preventing Korg Livelocks}{{\mbox  {VI-B}}{6}{}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox  {VI-C}}Attacker Model Gadget Examples}{6}{}\protected@file@percent }
\newlabel{sub:Attacker Model Gadget Examples}{{\mbox  {VI-C}}{6}{}{}{}}
\newlabel{lst:drop_passer}{{3}{6}{}{}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {3}Example dropping attacker model gadget with message skipping}{6}{}\protected@file@percent }
\newlabel{lst:korg_drop}{{4}{6}{}{}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {4}Example dropping attacker model gadget with drop limit of 3, targetting channel "cn"}{6}{}\protected@file@percent }
\newlabel{lst:korg_replay}{{5}{7}{}{}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {5}Example replay attacker model gadget with the selected replay limit as 3, targetting channel "cn"}{7}{}\protected@file@percent }
\newlabel{lst:korg_reordering}{{6}{7}{}{}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {6}Example reordering attacker model gadget with the selected replay limit as 3, targetting channel "cn"}{7}{}\protected@file@percent }
\newlabel{lst:io-file}{{7}{8}{}{}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {7}Example I/O file targetting channel "cn"}{8}{}\protected@file@percent }
\newlabel{lst:io-file-synth}{{8}{8}{}{}{}}
\@writefile{lol}{\contentsline {lstlisting}{\numberline {8}Example gadget synthesized from an I/O file targetting the channel "cn"}{8}{}\protected@file@percent }
\gdef \@abspage@last{8}