technical university of denmark / informatics and ... · technical university of denmark /...
TRANSCRIPT
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Control Flow Analysisof Security Protocols (I)
Mikael Buchholtz
02913 – F2005 – Mikael Buchholtz – p. 1
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
History of Protocol AnalysisNeedham-Schroeder ’78
Dolev-Yao ’81
Algebraic viewof cryptography
02913 – F2005 – Mikael Buchholtz – p. 2
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
History of Protocol AnalysisNeedham-Schroeder ’78
Dolev-Yao ’81
Algebraic viewof cryptography
Millen ’84, Meadows ’89, ...
State/transition model
02913 – F2005 – Mikael Buchholtz – p. 2
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
History of Protocol AnalysisNeedham-Schroeder ’78
Dolev-Yao ’81
Algebraic viewof cryptography
Millen ’84, Meadows ’89, ...
State/transition model
Burrows-Abadi-Needham ’89, ...
Modal logics
02913 – F2005 – Mikael Buchholtz – p. 2
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
History of Protocol AnalysisNeedham-Schroeder ’78
Dolev-Yao ’81
Algebraic viewof cryptography
Millen ’84, Meadows ’89, ...
State/transition model
Burrows-Abadi-Needham ’89, ...
Modal logics
Woo-Lam ’93
Lowe ’95
Language-based
Model checking of CSP
. . . LySa
02913 – F2005 – Mikael Buchholtz – p. 2
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
History of Protocol AnalysisNeedham-Schroeder ’78
Dolev-Yao ’81
Algebraic viewof cryptography
Millen ’84, Meadows ’89, ...
State/transition model
Burrows-Abadi-Needham ’89, ...
Modal logics
Woo-Lam ’93
Lowe ’95
Language-based
Model checking of CSP
. . . LySa
Thayer-Herzog-Guttman ’98, ...
Strand Spaces
02913 – F2005 – Mikael Buchholtz – p. 2
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
History of Protocol AnalysisNeedham-Schroeder ’78
Dolev-Yao ’81
Algebraic viewof cryptography
Millen ’84, Meadows ’89, ...
State/transition model
Burrows-Abadi-Needham ’89, ...
Modal logics
Woo-Lam ’93
Lowe ’95
Language-based
Model checking of CSP
. . . LySa
Thayer-Herzog-Guttman ’98, ...
Strand Spaces
Probabalistic/complexitytheoretic view
of cryptography Herzog ’03,Zunino-Degano ’04
02913 – F2005 – Mikael Buchholtz – p. 2
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Analysing a Protocol[Bodei-Buchholtz-Degano-Nielson-Nielson ’04]
1. Write the protocol in the process calculus LYSA
2. Specify an attacker
3. Analyse the protocol and the attacker usingcontrol flow analysis
4. Inspect the analysis result to determine(security) properties of the protocol.
02913 – F2005 – Mikael Buchholtz – p. 3
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
LYSA for Symmetric CryptographyE ::= n name (n ∈ N )
x variable (x ∈ X )
{E1, · · · , Ek}E0encryption
P ::= 〈E1, · · · , Ek〉. P output
(E1, · · · , Ej; xj+1, · · · , xk). P input (with matching)
decrypt E as {E1, · · · , Ej; xj+1, · · · , xk}E0in P
decryption (with matching)
P1 | P2 parallel composition
(ν n)P introduce new name n
! P replication
0 terminated process
02913 – F2005 – Mikael Buchholtz – p. 4
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Wide-mouthed-frog Protocol(without timestamps) [Burrows-Abadi-Needham ’89]
1. A → S : A, {B, KAB}KA
2. S → B : {A, KAB}KB
3. A → B : {mess}KAB
A
B
S Network
KA
KB
02913 – F2005 – Mikael Buchholtz – p. 5
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Wide-mouthed-frog Protocol(without timestamps) [Burrows-Abadi-Needham ’89]
1. A → S : A, {B, KAB}KA
2. S → B : {A, KAB}KB
3. A → B : {mess}KAB
A
B
S Network
A, {B, KAB}KA
02913 – F2005 – Mikael Buchholtz – p. 5
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Wide-mouthed-frog Protocol(without timestamps) [Burrows-Abadi-Needham ’89]
1. A → S : A, {B, KAB}KA
2. S → B : {A, KAB}KB
3. A → B : {mess}KAB
A
B
S Network
{A, KAB}KB
02913 – F2005 – Mikael Buchholtz – p. 5
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Wide-mouthed-frog Protocol(without timestamps) [Burrows-Abadi-Needham ’89]
1. A → S : A, {B, KAB}KA
2. S → B : {A, KAB}KB
3. A → B : {mess}KAB
A
B
S Network{mess}KAB
02913 – F2005 – Mikael Buchholtz – p. 5
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
SemanticsLYSA has a reduction semantics defined by tworelations
P → P ′ the reduction relation
P ≡ P ′ the structural congruence
(P →R P ′ parameterised reduction relation used inthe paper)
02913 – F2005 – Mikael Buchholtz – p. 6
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Reduction Relation P → P ′
◦◦
◦
◦
◦
◦
◦◦
◦
· · ·
· · ·
· · ·
· · ·
· · ·
Executions with the attacker
02913 – F2005 – Mikael Buchholtz – p. 7
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Reduction Relation P → P ′
◦◦
◦
◦
◦
◦◦◦
◦
· · ·
· · ·
· · ·
· · ·
· · ·
Executions
Executions with the attacker
02913 – F2005 – Mikael Buchholtz – p. 7
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Reduction RelationP → P ′
(ν n)P → (ν n)P ′
∧ji=1 Ei = E ′
i
〈E1, · · · , Ek〉. P | (E ′
1, · · · , E′
j; xj+1, · · · , xk). Q →
P | Q[Ej+1/xj+1, · · · , Ek/xk]
P → P ′
P | Q → P ′ | Q
02913 – F2005 – Mikael Buchholtz – p. 8
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Structural CongruenceThe structural congruence, P ≡ Q, brings processes“on the right form” for the reduction relation
P ≡ Q ∧ Q → Q′ ∧ Q′ ≡ P ′
P → P ′
02913 – F2005 – Mikael Buchholtz – p. 9
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Structural CongruenceP ≡ P
P1 ≡ P2 ⇒ P2 ≡ P1
P1 ≡ P2 ∧ P2 ≡ P3 ⇒ P1 ≡ P3
P1 ≡ P2 ⇒ 〈E1, · · · , Ek〉. P1 ≡ 〈E1, · · · , Ek〉. P2
P1 ≡ P2 ⇒ (E1, · · · , Ej; xj+1, · · · , xk). P1 ≡
(E1, · · · , Ej; xj+1, · · · , xk). P2
P1 ≡ P2 ∧ P3 ≡ P4 ⇒ P1 | P3 ≡ P2 | P4
P1 ≡ P2 ⇒ (ν n)P1 ≡ (ν n)P2
P1 ≡ P2 ⇒ !P1 ≡ !P2
P1 ≡ P2 ⇒ decrypt E as {E1, · · · , Ej; xj+1, · · · , xk}E0in P1 ≡
decrypt E as {E1, · · · , Ej; xj+1, · · · , xk}E0in P2
02913 – F2005 – Mikael Buchholtz – p. 10
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Structural CongruenceP1 ≡ P2 ifP1 and P2 are disciplined α-equivalent
P1 | P2 ≡ P2 | P1
(P1 | P2) | P3 ≡ P1 | (P2 | P3)
P | 0 ≡ P
(ν n)0 ≡ 0
(ν n)(ν n′)P ≡ (ν n′)(ν n)P
(ν n)(P1 | P2) ≡ P1 | (ν n)P2 if n 6∈ fn(P1)
!P ≡ P | !P
02913 – F2005 – Mikael Buchholtz – p. 11
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Semantics at Work
((ν n)〈n〉. 0) | (; x). 〈n, x〉. 0
02913 – F2005 – Mikael Buchholtz – p. 12
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Semantics at Work
((ν n)〈n〉. 0) | (; x). 〈n, x〉. 0
≡ ((ν m)〈m〉. 0) | (; x). 〈n, x〉. 0
≡ (ν m)(〈m〉. 0 | (; x). 〈n, x〉. 0)
02913 – F2005 – Mikael Buchholtz – p. 12
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Semantics at Work
((ν n)〈n〉. 0) | (; x). 〈n, x〉. 0
≡ ((ν m)〈m〉. 0) | (; x). 〈n, x〉. 0
≡ (ν m)(〈m〉. 0 | (; x). 〈n, x〉. 0)
→ (ν m)(0 | 〈n, m〉. 0)
02913 – F2005 – Mikael Buchholtz – p. 12
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Semantics at Work
((ν n)〈n〉. 0) | (; x). 〈n, x〉. 0
≡ ((ν m)〈m〉. 0) | (; x). 〈n, x〉. 0
≡ (ν m)(〈m〉. 0 | (; x). 〈n, x〉. 0)
→ (ν m)(0 | 〈n, m〉. 0)
≡ 0 | (ν m)〈n, m〉. 0
≡ (ν m)〈n, m〉. 0
02913 – F2005 – Mikael Buchholtz – p. 12
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Algebraic View of Cryptography[Dolev-Yao ’81]
For example, to model
encrypt as EK(P ) and decrypt as DK(C) suchthat DK(EK(m)) = m and nothing else
02913 – F2005 – Mikael Buchholtz – p. 13
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Symmetric Cryptography in LYSA
Encryption:{E1, · · · , Ek}E0
Decryption:
decrypt E as {E1, · · · , Ej; xj+1, · · · , xk}E0in P
Semantics models perfect cryptography:
∧ji=0 Ei = E ′
i
decrypt {E1, · · · , Ek}E0as {E ′
1, · · · , E′
j; xj+1, · · · , xk}E′
0
in P
→ P [Ej+1/xj+1, · · · , Ek/xk]
02913 – F2005 – Mikael Buchholtz – p. 14
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Asymmetric Cryptography in LYSA
Keys:(ν± m)P introduces two keys m+, m− in P
Encryption:{|E1, · · · , Ek|}E0
Decryption:
decrypt E as {|E1, · · · , Ej; xj+1, · · · , xk|}E0in P
02913 – F2005 – Mikael Buchholtz – p. 15
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Asymmetric Cryptography in LYSA
Decryption with private key:
∧ji=1 Ei = E ′
i
decrypt {|E1, · · · , Ek|}m+ as {|E ′
1, · · · , E′
j; xj+1, · · · , xk|}m− in P
→ P [Ej+1/xj+1, · · · , Ek/xk]
Signature validation public key:
∧ji=1 Ei = E ′
i
decrypt {|E1, · · · , Ek|}m− as {|E ′
1, · · · , E′
j; xj+1, · · · , xk|}m+ in P
→ P [Ej+1/xj+1, · · · , Ek/xk]
(In the paper these two rules are merged into one)02913 – F2005 – Mikael Buchholtz – p. 16
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Asymmetric Cryptography in LYSA
E ::= . . . . . .
m+, m− public and private keys
{|E1, · · · , Ek|}E0asymmetric encryption
P ::= . . . . . .
(ν± m)P key pair creation
decrypt E as {|E1, · · · , Ej; xj+1, · · · , xk|}E0in
asymmetric decryption
02913 – F2005 – Mikael Buchholtz – p. 17
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Analysis
◦◦
◦
◦
◦
◦◦◦
◦
· · ·
· · ·
· · ·
· · ·
· · ·
Executions
02913 – F2005 – Mikael Buchholtz – p. 18
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Analysis
◦◦
◦
◦
◦
◦◦◦
◦
· · ·
· · ·
· · ·
· · ·
· · ·
Executions
Analysis
02913 – F2005 – Mikael Buchholtz – p. 18
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Analysis
◦◦
◦
◦
◦
◦◦◦
◦
· · ·
· · ·
· · ·
· · ·
· · ·
Executions
Analysis
02913 – F2005 – Mikael Buchholtz – p. 18
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Analysis ComponentsNetwork messages: Variable bindings:κ ∈ P(V∗) ρ : X → P(V)
where values from V are variable-free terms i.e.
V ::= n | {V1, · · · , Vk}V0| {|V1, · · · , Vk|}V0
Example
〈A, B, {mess}K〉. 0 | (A, B; x). 0
〈A, B, {mess}K〉 ∈ κ
{mess}K ∈ ρ(x)02913 – F2005 – Mikael Buchholtz – p. 19
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Analysis Judgements
ρ, κ |= P
reads: “ρ and κ are valid analysis estimates for P ”
Example
P1
def= 〈A〉. 0 | (; x). 0 P2
def= 〈A, B〉. 0 | (B; x). 0
κa = {〈A, B〉}
ρa = [x 7→ ∅]
κb = {〈A〉}
ρb = [x 7→ {A}]
κc = {〈A〉, 〈B〉}
ρc = [x 7→ {A, B}]
02913 – F2005 – Mikael Buchholtz – p. 20
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Analysing Restriction!(ν n)〈n〉. 0
≡ (ν m)〈m〉. 0 | (ν o)〈o〉. 0 | (ν p)〈p〉. 0 |
(ν q)〈q〉. 0 | (ν r)〈r〉. 0 | . . . |
!(ν n)〈n〉. 0
Each name, n, is assigned a canonical name bnc
The semantics uses disciplined α-equivalence:
(ν n)P is α-equivalent to (ν n′)P ′
and bnc = bn′c
For examplebmc = boc = bpc = bqc = brc = . . . = bnc
02913 – F2005 – Mikael Buchholtz – p. 21
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Analysing Restriction!(ν n)〈n〉. 0 ≡ (ν m)〈m〉. 0 | (ν o)〈o〉. 0 | (ν p)〈p〉. 0 |
(ν q)〈q〉. 0 | (ν r)〈r〉. 0 | . . . |
!(ν n)〈n〉. 0
Each name, n, is assigned a canonical name bnc
The semantics uses disciplined α-equivalence:
(ν n)P is α-equivalent to (ν n′)P ′
and bnc = bn′c
For examplebmc = boc = bpc = bqc = brc = . . . = bnc
02913 – F2005 – Mikael Buchholtz – p. 21
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Analysing Restriction!(ν n)〈n〉. 0 ≡ (ν m)〈m〉. 0 | (ν o)〈o〉. 0 | (ν p)〈p〉. 0 |
(ν q)〈q〉. 0 | (ν r)〈r〉. 0 | . . . |
!(ν n)〈n〉. 0
Each name, n, is assigned a canonical name bnc
The semantics uses disciplined α-equivalence:
(ν n)P is α-equivalent to (ν n′)P ′
and bnc = bn′c
For examplebmc = boc = bpc = bqc = brc = . . . = bnc
02913 – F2005 – Mikael Buchholtz – p. 21
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Canonical Names and VariablesNetwork messages: Variable bindings:κ ∈ P(bVc∗) ρ : bXc → P(bVc)
Example
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0)
≡
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) | (ν n1)〈n1, n1〉. 0 | (; x1, y1). 0→
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0)≡
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) | (ν n2)〈n2, n2〉. 0 | (; x2, y2). 0 →
. . .
but bnc = bn1c = bn2c = . . .
02913 – F2005 – Mikael Buchholtz – p. 22
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Canonical Names and VariablesNetwork messages: Variable bindings:κ ∈ P(bVc∗) ρ : bXc → P(bVc)
Example
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) ≡
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) | (ν n1)〈n1, n1〉. 0 | (; x1, y1). 0
→
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0)≡
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) | (ν n2)〈n2, n2〉. 0 | (; x2, y2). 0 →
. . .
but bnc = bn1c = bn2c = . . .
02913 – F2005 – Mikael Buchholtz – p. 22
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Canonical Names and VariablesNetwork messages: Variable bindings:κ ∈ P(bVc∗) ρ : bXc → P(bVc)
Example
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) ≡
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) | (ν n1)〈n1, n1〉. 0 | (; x1, y1). 0 →
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0)
≡
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) | (ν n2)〈n2, n2〉. 0 | (; x2, y2). 0 →
. . .
but bnc = bn1c = bn2c = . . .
02913 – F2005 – Mikael Buchholtz – p. 22
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Canonical Names and VariablesNetwork messages: Variable bindings:κ ∈ P(bVc∗) ρ : bXc → P(bVc)
Example
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) ≡
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) | (ν n1)〈n1, n1〉. 0 | (; x1, y1). 0 →
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) ≡
(!(ν n)〈n, n〉. 0) | (!(; x, y). 0) | (ν n2)〈n2, n2〉. 0 | (; x2, y2). 0 →
. . .
but bnc = bn1c = bn2c = . . .02913 – F2005 – Mikael Buchholtz – p. 22
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Analysis
of the Attacker
◦◦
◦
◦
◦
◦◦◦
◦
· · ·
· · ·
· · ·
· · ·
· · ·
Executions
Analysis
n1 n2
n3
bnic
Executions with the attacker
02913 – F2005 – Mikael Buchholtz – p. 23
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
The Analysis
of the Attacker
◦◦
◦
◦
◦
◦◦◦
◦
· · ·
· · ·
· · ·
· · ·
· · ·
Executions
Analysis
n1 n2
n3
bnic
Executions with the attacker
02913 – F2005 – Mikael Buchholtz – p. 23
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Protocol Scenarios
NetworkS
A
B
In LySa: A | B | S
|
02913 – F2005 – Mikael Buchholtz – p. 24
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Protocol Scenarios
NetworkS
A
B
M
In LySa: A | B | S | M
legitimate part of system the attacker
02913 – F2005 – Mikael Buchholtz – p. 24
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Protocol Scenarios
NetworkS
A
B
M
In LySa: A | B | S | M
legitimate part of system the attacker
We write the legitimate part of the system
The attacker will be handled using the analysis
02913 – F2005 – Mikael Buchholtz – p. 24
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Protocols Scenarios
NetworkS M
A
B
KA
KB
02913 – F2005 – Mikael Buchholtz – p. 25
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Protocols Scenarios
NetworkS M
AiA3A2A1
BiB3B2B1
02913 – F2005 – Mikael Buchholtz – p. 25
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Protocols Scenarios
NetworkS M
AiA3A2A1
BiB3B2B1
KA1
KAi
KB1KBi
02913 – F2005 – Mikael Buchholtz – p. 25
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Meta LevelE ::= ni1···ik Indexed names
xi1···ik Indexed variables. . .
P ::= . . .
|i∈S Indexed parallel(νi∈S ni)P Indexed restriction(ν±i∈S ni)P Indexed key pair restrictionlet X ⊆ S in P Declare set
Example
|i∈{1,2,3} 〈messi〉. 0 V 〈mess1〉. 0 | 〈mess2〉. 0 | 〈mess3〉. 002913 – F2005 – Mikael Buchholtz – p. 26
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
Analysing a Protocol1. Write the protocol in the process calculus LYSA
2. Specify an attacker
3. Analyse the protocol and the attacker usingcontrol flow analysis
4. Inspect the analysis result to determine(security) properties of the protocol.
02913 – F2005 – Mikael Buchholtz – p. 27
Technical University of Denmark / Informatics and Mathematical Modelling / Safe and Secure IT-Systems
For Next TimeWrite one or two protocols from Appendix A of[BBDNN04] in LYSA
Things to consider:
The use of pattern matching,The use of restriction (ν n)P
Scenarios (number of principals, sharing keys,etc.)
To be presented on slides next time:Starting 9.30! (February 18th)
(Try to parse your LySa through the LySatool?)
02913 – F2005 – Mikael Buchholtz – p. 28