A BSP Algorithm for On-the-fly Checking LTL Formulas on Security Protocols

Abstract: Abstract-This paper presents a Bulk-Synchronous Parallel (BSP) algorithm to compute on-the-fly whether a structured model of a security protocol satisfies a LTL formula. Using the structured nature of the security protocols allows us to design a simple and efficient parallelisation of an algorithm which constructs the state-space under consideration in a need-driven fashion. A prototype implementation has been developed, allowing to run benchmarks.

“…In [12], we have show that using the distributed state space generation of Section II-C, states and thus assertions of the proof-structures are distributed such as a SCC (if exists) can only be local on a processor and on a slice: we compute separately the next states for succ L and succ R ; the former results in local states to be processed in the current step, while the latter results in states to be processed in the next step. That is, it is sufficient to perform sequential SCC computations on each processor and for each super-step to found flaws -an unsuccessful SCC.…”

“…Notice that at each super-step, each processor dumps V and E to its local disk, recording the super-step number, in order to be able to reconstruct a trace: when a state σ that invalidates the formula is found, a trace from the initial state to σ is constructed by reconstructed traces as they are locally computed and by following the proof-structure backward even on distant sending-see [12] for the details.…”

“…All these works are done until the initial assertion (of the first session) has its answer. In the case of a flaw, we rebuild the trace as for LTL checking [12].…”

A BSP Algorithm for On-the-Fly Checking CTL* Formulas on Security Protocols

“…In [12], we have show that using the distributed state space generation of Section II-C, states and thus assertions of the proof-structures are distributed such as a SCC (if exists) can only be local on a processor and on a slice: we compute separately the next states for succ L and succ R ; the former results in local states to be processed in the current step, while the latter results in states to be processed in the next step. That is, it is sufficient to perform sequential SCC computations on each processor and for each super-step to found flaws -an unsuccessful SCC.…”

“…Notice that at each super-step, each processor dumps V and E to its local disk, recording the super-step number, in order to be able to reconstruct a trace: when a state σ that invalidates the formula is found, a trace from the initial state to σ is constructed by reconstructed traces as they are locally computed and by following the proof-structure backward even on distant sending-see [12] for the details.…”

“…All these works are done until the initial assertion (of the first session) has its answer. In the case of a flaw, we rebuild the trace as for LTL checking [12].…”

A BSP Algorithm for On-the-Fly Checking CTL* Formulas on Security Protocols