10.5281/zenodo.4316324
https://zenodo.org/records/4316324
oai:zenodo.org:4316324
Shardul Chiplunkar
Shardul Chiplunkar
0000-0002-0803-2133
MIT CSAIL
Clément Pit-Claudel
Clément Pit-Claudel
0000-0002-1900-3901
MIT CSAIL
Adam Chlipala
Adam Chlipala
MIT CSAIL
Automated Synthesis of Verified Firewalls
Zenodo
2021
formal verification
programming languages
firewall
2021-01-19
eng
https://popl21.sigplan.org/details/CoqPL-2021-papers/5/Automated-Synthesis-of-Verified-Firewalls
10.5281/zenodo.4316323
Creative Commons Attribution 4.0 International
We demonstrate correct-by-construction firewalls—stateful packet filters for TCP/IP packets—using the Fiat synthesis library [3]. We present a general DSL for specifying their behavior independent of algorithmic implementation. We outline the design of a verified compiler in Coq, detail a few verified efficiency optimizations, and show how the compiler can easily be extended to support custom optimizations for user-defined policies.