Tracing the Man in the Middle in Monoidal Categories

Man-in-the-Middle (MM) is not only a ubiquitous attack pattern in security, but also an important paradigm of network computation and economics. Recognizing ongoing MM-attacks is an important security task; modeling MM-interactions is an interesting task for semantics of computation. Traced monoidal categories are a natural framework for MM-modelling, as the trace structure provides a tool to hide what happens in the middle. An effective analysis of what has been traced out seems to require an additional property of traces, called normality. We describe a modest model of network computation, based on partially ordered multisets (pomsets), where basic network interactions arise from the monoidal trace structure, and a normal trace structure arises from an iterative, i.e. coalgebraic structure over terms and messages used in computation and communication. The correspondence is established using a convenient monadic description of normally traced monoidal categories.

💡 Research Summary

The paper tackles the formal modelling of Man‑in‑the‑Middle (MM) attacks by employing traced monoidal categories, a categorical structure that naturally captures the notion of “hiding” intermediate computation. The authors argue that a plain trace is insufficient for security analysis because it merely conceals the middle part without guaranteeing that the concealed behaviour can be recovered for inspection. To address this, they introduce the property of normality for traces: a normal trace satisfies a round‑trip condition that allows the hidden part to be “un‑traced” and examined later.

To instantiate these ideas, the authors construct a concrete model of network computation based on partially ordered multisets (pomsets). Pomsets encode events together with a partial order, thereby representing both sequential and concurrent message flows typical of network protocols. Within this setting, basic network interactions—synchronisation, asynchronous transmission, and the insertion of forged messages—are expressed as morphisms in a monoidal category, while the trace operator models the act of a middle entity intercepting and possibly altering a communication channel.

The core technical contribution is the demonstration that a normal trace arises from a coalgebraic iteration on the term language of messages and commands. The authors define an iterator coalgebra that generates new messages (including attacker‑generated ones) and show that when this coalgebra is combined with the categorical trace, the normality condition holds automatically. This coalgebraic perspective provides a principled way to model potentially infinite protocol runs while keeping the mathematical representation finite.

Furthermore, the paper presents a monadic encapsulation of normally traced monoidal categories. By constructing a “normally traced monad,” the trace operation and its normality law become part of the monad’s unit and multiplication, yielding a clean algebraic interface for programmers and verification tools. This monadic view also clarifies how the trace interacts with the monoidal tensor, ensuring coherence across parallel composition of network components.

Through several illustrative examples, the authors show how an MM attack can be decomposed into a hide‑reveal pattern: the attacker’s actions are hidden by the trace, and normality guarantees that the hidden segment can be recovered, enabling detection and reasoning about the attack. The framework thus supports both semantic analysis of protocols (by exposing hidden behaviours) and operational modelling (by providing a compositional, diagrammatic calculus).

In the discussion, the authors explore potential applications beyond pure security, such as economic models where intermediaries mediate transactions, and they outline future work involving integration with automated protocol verification tools, extensions to probabilistic or quantum settings, and empirical validation on real‑world network protocols. Overall, the paper delivers a mathematically rigorous yet operationally meaningful approach to modelling and analysing MM attacks, bridging categorical semantics, coalgebraic iteration, and monadic abstraction.