Collapse attacker derivations #662
Conversation
Based on cleandot, multiple attacker derivation nodes are supposed to be collapsed. For now the collapsible nodes are collected into a new type of "CollapseNode", which just contains the original nodes. As a next step it would be possible to remove that too and fix up all the edges.
The dot generation uses the DotState structure to pass mappings from constraint system nodes to graphviz nodes from the node generation pass to the edge generation pass (since edges are defined on constraint system nodes but must reference graphviz nodes). Previously we only filled the dsNodes mapping but when generating collapsed nodes we actually need to update all mappings. To this end we define a function to run the dot generation for all collapsed nodes, throw away the dot result and only keep the mappings to update the DotState in the actual dot computation.
Since a CollapseNode nc containing nodes n1,...,nx will be in the graph map for each key key(n1) |-> nc,...,key(nx) |-> nc, we must make sure to only take the node once when converting back to the original graph representation.
|
This is a great idea, being able to hide the details of what the adversary is doing inside the graphs. However, with the current status of the approach, and specifically in the graph in the example, it can be very misleading to the modeler. As you state yourself:
and looking at the graph pictures you provide (thanks a lot!) I find this to be a big issue. Maybe not even so much in this example, but much more in an example where there are some other protocol rules further to the top left, and their output is used by the adversary there. The visualization will then really confuse the modeler and link unrelated rules. The suggestion of a direct connection of source and target nodes, without such a possibly misleading merge point, may be better, but does require some thought and a few examples to evaluate it. |
|
@rsasse we are not changing the default representation here: this is only under the toggle for more compact display methods (>= L3). I went through many alternative choices before, and this is a reasonable compaction. |
|
Thanks @cascremers I see. Still, being possibly that misleading is not ideal, I fear. Any alternatives I was quickly thinking about to make this point clear, and prevent confusion, do end up going back to the non-compacted version in the worst case. So, I now understand the choice needs to be made to throw things together, with this possible side-effect. Alright! Thanks @addap for contributing this! |
|
I did find some remaining bugs during testing. Consider the file
with collapsed adversary nodes, the graph looks like this:
Note the following bugs:
|
|
p.s. @rsasse : When using L3 simplification, you can think of the collapsed nodes here as a middle ground that states "next, the adversary is going to take terms [t1,...,tN] and use them to produce some other terms [u1,...,uM] ". If you want to know the exact dependencies, you just switch back to L2 (which is the default anyway). |
Based on cleandot.py, we collapse connected attacker derivation nodes.
For now the collapsible nodes are collected into a new type of "CollapseNode", which just contains the original nodes but is printed as a single point node. All edges that normally go to or originate from one of the collapsed nodes start/ends at the point node (internal edges are not rendered).
This example is taken from
examples/csf12/DH2_original.spthywhich gets quite large.This is not a perfect visualization. As you can see on the right side, many nodes are collapsed into a single point and it looks like the box on the lower right depends on nodes on the upper left, although this is only because of the visualization.
As a next step it would be possible to remove the point node and instead connect the predecessor and successor nodes directly, creating new edges by merging the styles of the original edges.