Conference paper Open Access

Automated Synthesis of Verified Firewalls

Shardul Chiplunkar; Clément Pit-Claudel; Adam Chlipala

We demonstrate correct-by-construction firewalls—stateful packet filters for TCP/IP packets—using the Fiat synthesis library [3]. We present a general DSL for specifying their behavior independent of algorithmic implementation. We outline the design of a verified compiler in Coq, detail a few verified efficiency optimizations, and show how the compiler can easily be extended to support custom optimizations for user-defined policies.

Files (352.8 kB)
Name Size
verified-firewalls.pdf
md5:d9a93578bde73e69df22a273eb33b5be 		352.8 kB Download
58
44
views
downloads
All versions This version
Views 5858
Downloads 4444
Data volume 15.5 MB15.5 MB
Unique views 5353
Unique downloads 4141
More info on how stats are collected.
Indexed in
Publication date:
January 19, 2021
DOI:
10.5281/zenodo.4316324

Zenodo DOI Badge

DOI 

10.5281/zenodo.4316324

Markdown 

[![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.4316324.svg)](https://doi.org/10.5281/zenodo.4316324)

reStructedText 

.. image:: https://zenodo.org/badge/DOI/10.5281/zenodo.4316324.svg
   :target: https://doi.org/10.5281/zenodo.4316324

HTML 

<a href="https://doi.org/10.5281/zenodo.4316324"><img src="https://zenodo.org/badge/DOI/10.5281/zenodo.4316324.svg" alt="DOI"></a>

Image URL 

https://zenodo.org/badge/DOI/10.5281/zenodo.4316324.svg

Target URL 

https://doi.org/10.5281/zenodo.4316324

Keyword(s):
formal verification programming languages firewall
Meeting:
The Seventh International Workshop on Coq for Programming Languages (CoqPL), 19 January 2021
Related identifiers:
Identical to
License (for files):
Creative Commons Attribution 4.0 International

Versions

Version 1 10.5281/zenodo.4316324 Jan 19, 2021
Cite all versions? You can cite all versions by using the DOI 10.5281/zenodo.4316323. This DOI represents all versions, and will always resolve to the latest one. Read more.

Share

Cite as

Export