IMITATOR

IMITATOR: Experiments Data for ATVA 2019

Case Studies Related to "Parametric timed model checking for guaranteeing timed opacity"

Paper: Parametric timed model checking for guaranteeing timed opacity [AS19].

IMITATOR

The version of IMITATOR used to run the experiments is IMITATOR v2.10.4 "Butter Jellyfish".

Download

We conducted the experiments on a Dell XPS 13 9365 (2017) equipped with an Intel Core i7-7500U CPU @ 2.70GHz running Linux Mint 18.2 64 bits with 8 GiB memory.

Calling IMITATOR

For all case studies, the following command was used:

> ./imitator-v2.10.4-amd64 [case_study.imi] -mode EFunsafe -incl -merge -output-result

Models and results

All benchmarks prefixed with STAC come from the STAC library. They were manually converted (by ourselves) from Java programs to PTAs.

In the tables, πŸ“„ gives access to the IMITATOR model, πŸ’Ύ gives access to the original Java program (if any) and πŸ–ΌοΈ gives access to the graphical representation (in PDF) of the IMITATOR model. πŸ“Š gives access to the "official" result, and πŸ“° gives access to the log of IMITATOR.

Table 1: timed opacity

Methodology: we run the original model, and compute all execution times. We then run a self-composition model and compute all execution times. The model is said to be non-vulnerable if the computation times are equal, vulnerable if the set of execution times for the self-composition is empty, and (vulnerable) otherwise.

Constraints can be compared using PolyOp if necessary.

The presence of parameters even in these non-parametric timed opacity checking experiments comes from the fact that the computation time is considered to be a parameter, and from the fact that for programs we abstract away user-input values using IMITATOR parameters.

Original model Transformed PTA Result
Name Ref Program Model |A| |X| |P| Model |A| |X| |P| Instantiated Self-composition Total time (s) Vulnerable?
[VNN18, Fig.5] [VNN18] πŸ“„πŸ–ΌοΈ 1 1 2 πŸ“„πŸ–ΌοΈ 2 3 3 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.02 (Vulnerable)
[GMR07, Fig. 1b] [GMR07] πŸ“„πŸ–ΌοΈ 1 1 1 πŸ“„πŸ–ΌοΈ 2 3 1 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.04 (Vulnerable)
[GMR07, Fig. 2a] [GMR07] πŸ“„πŸ–ΌοΈ 1 1 1 πŸ“„πŸ–ΌοΈ 2 3 1 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.05 (Vulnerable)
[GMR07, Fig. 2b] [GMR07] πŸ“„πŸ–ΌοΈ 1 1 1 πŸ“„πŸ–ΌοΈ 2 3 1 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.02 (Vulnerable)
Web privacy problem [BCLR15] πŸ“„πŸ–ΌοΈ 1 2 1 πŸ“„πŸ–ΌοΈ 2 4 1 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.07 (Vulnerable)
Coffee πŸ“„πŸ–ΌοΈ 1 2 1 πŸ“„πŸ–ΌοΈ 2 5 1 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.05 Not vulnerable
Fischer-HRSV02 [HRSV02] πŸ“„πŸ–ΌοΈ 3 2 1 πŸ“„πŸ–ΌοΈ 6 5 1 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 5.83 (Vulnerable)
STAC:1:n πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 4 πŸ“„πŸ–ΌοΈ 2 3 6 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.12 (Vulnerable)
STAC:1:v πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 4 πŸ“„πŸ–ΌοΈ 2 3 6 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.11 Vulnerable
STAC:3:n πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 5 πŸ“„πŸ–ΌοΈ 2 3 8 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.72 Not vulnerable
STAC:3:v πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 5 πŸ“„πŸ–ΌοΈ 2 3 8 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.74 (Vulnerable)
STAC:4:n πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 5 πŸ“„πŸ–ΌοΈ 2 3 8 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 6.4 Vulnerable
STAC:4:v πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 5 πŸ“„πŸ–ΌοΈ 2 3 8 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 265.52 Vulnerable
STAC:5:n πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 4 πŸ“„πŸ–ΌοΈ 2 3 6 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.24 Not vulnerable
STAC:11A:v πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 5 πŸ“„πŸ–ΌοΈ 2 3 8 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 47.77 (Vulnerable)
STAC:11B:v πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 5 πŸ“„πŸ–ΌοΈ 2 3 8 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 59.35 (Vulnerable)
STAC:12c:v πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 5 πŸ“„πŸ–ΌοΈ 2 3 8 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 18.44 Vulnerable
STAC:12e:n πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 5 πŸ“„πŸ–ΌοΈ 2 3 8 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 0.58 Vulnerable
STAC:12e:v πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 5 πŸ“„πŸ–ΌοΈ 2 3 8 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 1.1 (Vulnerable)
STAC:14:n πŸ’Ύ πŸ“„πŸ–ΌοΈ 1 2 5 πŸ“„πŸ–ΌοΈ 2 3 8 πŸ“ŠπŸ“° πŸ“ŠπŸ“° 22.34 (Vulnerable)

Table 2: timed opacity synthesis

Original model PTA (self-composition) Result
Name Ref Program |A| |X| |P| Model |A| |X| |P| Time (s) Result
[VNN18, Fig.5] [VNN18] 1 1 πŸ“„πŸ–ΌοΈ 2 3 4 0.02 πŸ“ŠπŸ“°
[GMR07, Fig. 1b] [GMR07] 1 1 πŸ“„πŸ–ΌοΈ 2 3 3 0.03 πŸ“ŠπŸ“°
[GMR07, Fig. 2] [GMR07] 1 1 πŸ“„πŸ–ΌοΈ 2 3 3 0.05 πŸ“ŠπŸ“°
Web privacy problem [BCLR15] 1 2 2 πŸ“„πŸ–ΌοΈ 2 4 3 0.07 πŸ“ŠπŸ“°
Coffee 1 2 3 πŸ“„πŸ–ΌοΈ 2 5 4 0.1 πŸ“ŠπŸ“°
Fischer-HRSV02 [HRSV02] 3 2 1 πŸ“„πŸ–ΌοΈ 6 5 2 7.86 πŸ“ŠπŸ“°
Fischer-HRSV02 [HRSV02] 3 2 2 πŸ“„πŸ–ΌοΈ 6 5 3 7.53 πŸ“ŠπŸ“°
STAC:3:v πŸ’Ύ 2 πŸ“„πŸ–ΌοΈ 2 3 9 0.93 πŸ“ŠπŸ“°

Reproducing experiments

A script to reproduce all experiments (including binaries, models and detailed instructions) is available at Zenodo.

References

[AS19]
Γ‰tienne AndrΓ© and Sun Jun. Parametric timed model checking for guaranteeing timed opacity. In Yu-Fang Chen, Chih-Hong Cheng and Javier Esparza (eds.), ATVA’19, Springer LNCS 11781, pages 115–130, October 2019. DOI: 10.1007/978-3-030-31784-3_7 (English) [PDF (author version) | BibTeX | data | Slides]🌐
[BCLR15]
Gilles Benattar, Franck Cassez, Didier Lime, Olivier H. Roux: Control and synthesis of non-interferent timed systems. Int. J. Control 88(2): 217-236 (2015)🌐
[GMR07]
Guillaume Gardey, John Mullins, Olivier H. Roux: Non-Interference Control Synthesis for Security Timed Automata. Electron. Notes Theor. Comput. Sci. 180(1): 35-53 (2007)🌐
[HRSV02]
Thomas Hune, Judi Romijn, MariΓ«lle Stoelinga, Frits W. Vaandrager: Linear parametric model checking of timed automata. J. Log. Algebr. Program. 52-53: 183-220 (2002)
[VNN18]
Panagiotis Vasilikos, Flemming Nielson, Hanne Riis Nielson: Secure Information Release in Timed Automata. POST 2018: 28-52🌐

Contact

Γ‰tienne AndrΓ©