PfComp: A Verified Compiler for Packet Filtering Leveraging Binary Decision Diagrams (CPP 2024)

Sun 14 - Sat 20 January 2024 London, United Kingdom

Who

Clément Chavanon, Frédéric Besson, Ninet Tristan

Track

CPP 2024

Time Zone

The program is currently displayed in (GMT) London.

Use conference time zone: (GMT) LondonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Tue 16 Jan 2024 17:00 - 17:30 at Kelvin Lecture - Verified Compilation Chair(s): Arthur Charguéraud

Abstract

We present a verified compiler for stateless firewall policies. The policy is first compiled into an intermediate representation taking the form of a binary decision diagram that is optimised in terms of decision nodes. The decision diagram is then compiled into a Clight program. The compiler is proved correct using the Coq proof assistant and extracted into OCaml code. Our preliminary experiments show promising results. The compiler generates code for relatively large firewall policies and the generated code outperforms a sequential evaluation of the policy rules.

Clément Chavanon

INRIA

Frédéric Besson

INRIA

Ninet Tristan

Thales