print · source · login   


The Multi-Login Systems we analyzed function similarly to a standard Login System with user IDs and password. The main difference is that passwords are generated as random values in outputs when a user registers, instead of being provided at input. You can view these outputs in a similar vein to session IDs or nonces. This complication makes such systems difficult to learn because of the inherent non-determinism exhibited by randomly generated output values, or so called fresh output values.

Tomte-0.4 can handle this behavior by way of a Determinizer function. Check the publication for more details on our algorithm. In a learning example Tomte 0.4 was used to infer models for instantiations of Multi-Login Systems with 1, 2 and 3 maximum registered users.


In a our Login systems, a user can register, providing a login ID. Unless the maximum number of registered users, or regMax, is exceeded, the Register input will yield an OK output containing a password that can later be used to log into the system. After regMax users are registered, Register returns NOK, meaning an additional user could not be registered. If successfully registered the user can login using the user ID and password via the Login input. Logged in, the user can change their password (via ChangePassword) or log out (via Logout). There is no limit on the number of users that can be logged in at any point in time other than regMax.


The implementation used for Multi-Login Systems with 1 and 2 users was generated automatically from a .xml specification model written in Uppaal. For the 3 user system we hand-crafted a java implementation because the system was too complex to draw manually.

Following Uppaal modelling conventions, we use LTS models extended with parameters, actions and guards. Below we show the Uppaal state machine we created for Multi-Login Systems with 1 and 2 users respectively:

SUT model
Fig. 1: Uppaal SUT Model : Multi-Login with 1 user  
SUT model
Fig. 1: Uppaal SUT Model : Multi-Login with 2 users  

Characteristics for MultiLogin n

Benchmark NameInputs/OutputsRegistersConstantsStates
MultiLogin n4/22n0(n+1)(n+2)/2


LearnedMultiLogin2.pdf Δ   21Kb   June 26, 2015, at 04:25 PM
LearnedMultiLogin2.svgz Δ   6Kb   June 26, 2015, at 04:25 PM
MultiLogin1.pdf Δ   8Kb   June 26, 2015, at 11:53 AM
MultiLogin1.register.xml Δ   4Kb   May 02, 2017, at 02:50 PM
MultiLogin1.svgz Δ   4Kb   June 26, 2015, at 11:53 AM
MultiLogin1.uppaal.xml Δ   5Kb   May 02, 2017, at 02:50 PM
MultiLogin2.pdf Δ   21Kb   June 26, 2015, at 03:36 PM
MultiLogin2.register.xml Δ   11Kb   May 02, 2017, at 02:50 PM
MultiLogin2.svgz Δ   9Kb   June 26, 2015, at 03:45 PM
MultiLogin2.uppaal.xml Δ   15Kb   May 02, 2017, at 02:50 PM