Reformatting & cleanup.

Examples/DMZ/DMZ.thy

@@ -38,38 +38,9 @@
 section {* A Simple DMZ Setup *}
 theory 
   DMZ
-imports 
+  imports 
-  DMZDatatype
+    DMZDatatype
-  DMZInteger
+    DMZInteger
 begin
-
-text{* This scenario is slightly more complicated than the SimpleDMZ
-one, as we now also model specific servers within one
-network. Therefore, we cannot use anymore the modelling using
-datatype synonym, but only use the one where an address is modelled as an
-integer (with ports).
-
-The scenario is the following:
-
-\begin{labeling}{Networks:}
-\item[Networks:]
-  \begin{itemize}
-  \item Intranet (Company intern network)
-  \item DMZ (demilitarised zone, servers, etc), containing
-     at least two distinct servers ``mail'' and ``web''
-  \item Internet (``all others'') 
-  \end{itemize}
-\item[Policy:]
-  \begin{itemize}
-  \item allow http(s) from Intranet to Internet
-  \item deny all trafic from Internet to Intranet
-  \item allo imaps and smtp from intranet to mailserver
-  \item allow smtp from Internet to mailserver
-  \item allow http(s) from Internet to webserver 
-  \item deny everything else
-  \end{itemize}
   
-\end{labeling}
-*}
-
 end

Examples/DMZ/DMZDatatype.thy

@@ -38,83 +38,81 @@
 subsection {* DMZ Datatype *}
 theory 
   DMZDatatype
-imports 
+  imports 
     "../../UPF-Firewall"
 begin
+  
+text{* 
+  This is the fourth scenario, slightly more complicated than the previous one, as we now also 
+  model specific servers within one network. Therefore, we could not use anymore the modelling 
+  using datatype synonym, but only use the one where an address is modelled as an
+  integer (with ports). 
 
-text{* This is the fourth scenario, slightly more complicated than the
+  Just for comparison, this theory is the same scenario with datatype synonym anyway, but with four 
-previous one, as we now also model specific servers within one
+  distinct networks instead of one contained in another. As there is no corresponding network model 
-network. Therefore, we could not use anymore the modelling using
+  included, we need to define a custom one.  
-datatype synonym, but only use the one where an address is modelled as an
+*}
-integer (with ports). 
+  
-
-Just for comparison, this theory is the same scenario with datatype synonym
-anyway, but with four distinct networks instead of one contained in
-another. As there is no corresponding network model included, we need
-to define a custom one.  *}
-
-
 datatype Adr = Intranet | Internet | Mail | Web | DMZ
 instance Adr::adr ..
 type_synonym port = int
 type_synonym Networks = "Adr \<times> port"
 
-
 definition
   intranet::"Networks net" where
- "intranet = {{(a,b). a= Intranet}}"
+  "intranet = {{(a,b). a= Intranet}}"
 definition
   dmz :: "Networks net" where
- "dmz = {{(a,b). a= DMZ}}"
+  "dmz = {{(a,b). a= DMZ}}"
 definition
   mail :: "Networks net" where
- "mail = {{(a,b). a=Mail}}" 
+  "mail = {{(a,b). a=Mail}}" 
 definition
   web :: "Networks net" where
- "web = {{(a,b). a=Web}}" 
+  "web = {{(a,b). a=Web}}" 
 definition
   internet :: "Networks net" where 
- "internet = {{(a,b). a= Internet}}"
+  "internet = {{(a,b). a= Internet}}"
-
+  
 definition 
   Intranet_mail_port :: "(Networks ,DummyContent) FWPolicy" where
   "Intranet_mail_port = (allow_from_ports_to {21::port,14} intranet mail)" 
-
+  
 definition
   Intranet_Internet_port :: "(Networks,DummyContent) FWPolicy" where
   "Intranet_Internet_port = allow_from_ports_to {80::port,90} intranet internet"
-     
+  
 definition
   Internet_web_port :: "(Networks,DummyContent) FWPolicy" where
   "Internet_web_port = (allow_from_ports_to {80::port,90} internet web)"
-          
+  
 definition
   Internet_mail_port :: "(Networks,DummyContent) FWPolicy" where
   "Internet_mail_port =  (allow_all_from_port_to internet (21::port) dmz)"
-
+  
 definition 
   policyPort :: "(Networks, DummyContent) FWPolicy" where
- "policyPort = deny_all ++ 
+  "policyPort = deny_all ++ 
                   Intranet_Internet_port ++ 
                   Intranet_mail_port ++  
                   Internet_mail_port ++ 
                   Internet_web_port"
 
-
+text {* 
-text {* We only want to create test cases which are sent between the
+  We only want to create test cases which are sent between the three main networks: e.g. not 
-three main networks --- e.g. not between the mailserver and the
+  between the mailserver and the dmz. Therefore, the constraint looks as follows. \
-dmz. Therefore, the constraint looks as follows. *}
+*}
 
 definition
- not_in_same_net :: "(Networks,DummyContent) packet \<Rightarrow> bool" where
+  not_in_same_net :: "(Networks,DummyContent) packet \<Rightarrow> bool" where
- "not_in_same_net x  =  ((src x \<sqsubset> internet \<longrightarrow> \<not> dest x \<sqsubset> internet) \<and> 
+  "not_in_same_net x  =  ((src x \<sqsubset> internet \<longrightarrow> \<not> dest x \<sqsubset> internet) \<and> 
                         (src x \<sqsubset> intranet \<longrightarrow> \<not> dest x \<sqsubset> intranet) \<and> 
                         (src x \<sqsubset> dmz \<longrightarrow> \<not> dest x \<sqsubset> dmz))"
-
+  
 lemmas PolicyLemmas =   dmz_def internet_def intranet_def mail_def web_def 
-                       Internet_web_port_def Internet_mail_port_def
+  Internet_web_port_def Internet_mail_port_def
-                       Intranet_Internet_port_def Intranet_mail_port_def 
+  Intranet_Internet_port_def Intranet_mail_port_def 
-                       src_def dest_def src_port dest_port in_subnet_def
+  src_def dest_def src_port dest_port in_subnet_def
-
+  
-
+  
 end

Examples/DMZ/DMZInteger.thy

@@ -38,10 +38,10 @@
 subsection {* DMZ: Integer *}
 theory 
   DMZInteger
-imports 
+  imports 
-  "../../UPF-Firewall"
+    "../../UPF-Firewall"
 begin
-
+  
 text{* This scenario is slightly more complicated than the SimpleDMZ
 one, as we now also model specific servers within one
 network. Therefore, we cannot use anymore the modelling using
@@ -71,10 +71,9 @@ The scenario is the following:
 \end{labeling}
 *}
 
-
 definition
-   intranet::"adr\<^sub>i\<^sub>p net" where
+  intranet::"adr\<^sub>i\<^sub>p net" where
-   "intranet = {{(a,b) . (a > 1 \<and> a < 4) }}"
+  "intranet = {{(a,b) . (a > 1 \<and> a < 4) }}"
 definition
   dmz :: "adr\<^sub>i\<^sub>p net" where
   "dmz = {{(a,b). (a > 6) \<and> (a < 11)}}" 
@@ -88,46 +87,44 @@ definition
   internet :: "adr\<^sub>i\<^sub>p net" where
   "internet = {{(a,b).  \<not> ( (a > 1 \<and> a < 4) \<or> (a > 6) \<and> (a < 11))   }}"
 
-
 definition 
   Intranet_mail_port :: "(adr\<^sub>i\<^sub>p,'b) FWPolicy" where
   "Intranet_mail_port = (allow_from_to_ports {21::port,14} intranet mail)" 
-
+  
 definition
   Intranet_Internet_port :: "(adr\<^sub>i\<^sub>p,'b) FWPolicy" where
   "Intranet_Internet_port = allow_from_to_ports {80::port,90} intranet internet"
-     
+  
 definition
   Internet_web_port :: "(adr\<^sub>i\<^sub>p,'b) FWPolicy" where
   "Internet_web_port = (allow_from_to_ports {80::port,90} internet web)"
-          
+  
 definition
   Internet_mail_port :: "(adr\<^sub>i\<^sub>p,'b) FWPolicy" where
   "Internet_mail_port =  (allow_all_from_port_to internet (21::port) dmz )"
 
-
-
 definition 
   policyPort :: "(adr\<^sub>i\<^sub>p, DummyContent) FWPolicy" where
- "policyPort = deny_all ++ 
+  "policyPort = deny_all ++ 
                   Intranet_Internet_port ++ 
                   Intranet_mail_port ++  
                   Internet_mail_port ++ 
                   Internet_web_port"
 
-
+text {* 
-text {* We only want to create test cases which are sent between the three main networks ---
+  We only want to create test cases which are sent between the three main networks:
- e.g. not between the mailserver and the dmz. Therefore, the constraint looks as follows. *}
+   e.g. not between the mailserver and the dmz. Therefore, the constraint looks as follows. 
-
+*}
+  
 definition
- not_in_same_net :: "(adr\<^sub>i\<^sub>p,DummyContent) packet \<Rightarrow> bool" where
+  not_in_same_net :: "(adr\<^sub>i\<^sub>p,DummyContent) packet \<Rightarrow> bool" where
- "not_in_same_net x  =  ((src x \<sqsubset> internet \<longrightarrow> \<not> dest x \<sqsubset> internet) \<and> 
+  "not_in_same_net x  =  ((src x \<sqsubset> internet \<longrightarrow> \<not> dest x \<sqsubset> internet) \<and> 
                         (src x \<sqsubset> intranet \<longrightarrow> \<not> dest x \<sqsubset> intranet) \<and> 
                         (src x \<sqsubset> dmz \<longrightarrow> \<not> dest x \<sqsubset> dmz))"
-
+  
 lemmas PolicyLemmas =  policyPort_def  dmz_def internet_def intranet_def mail_def web_def 
-                       Intranet_Internet_port_def Intranet_mail_port_def Internet_web_port_def 
+  Intranet_Internet_port_def Intranet_mail_port_def Internet_web_port_def 
-                       Internet_mail_port_def src_def dest_def IntegerPort.src_port
+  Internet_mail_port_def src_def dest_def IntegerPort.src_port
-                       in_subnet_def IntegerPort.dest_port
+  in_subnet_def IntegerPort.dest_port
-
+  
 end

Examples/Examples.thy

@@ -38,13 +38,13 @@
 chapter {* Examples *}
 theory  
   Examples
-imports 
+  imports 
-  "DMZ/DMZ"
+    "DMZ/DMZ"
-  "VoIP/VoIP"
+    "VoIP/VoIP"
-  "Transformation/Transformation"
+    "Transformation/Transformation"
-  "NAT-FW/NAT-FW"
+    "NAT-FW/NAT-FW"
-  "PersonalFirewall/PersonalFirewall"
+    "PersonalFirewall/PersonalFirewall"
 begin
-
+  
 end
-
+  

Examples/NAT-FW/NAT-FW.thy

@@ -38,18 +38,16 @@
 section {* Example: NAT *} 
 theory 
   "NAT-FW"
-imports
+  imports
-  "../../UPF-Firewall"
+    "../../UPF-Firewall"
 begin
 
-
 definition subnet1 :: "adr\<^sub>i\<^sub>p net" where
  "subnet1 = {{(d,e). d > 1 \<and> d < 256}}"
 
 definition subnet2 :: "adr\<^sub>i\<^sub>p net" where
  "subnet2 = {{(d,e). d > 500 \<and> d < 1256}}"
 
-
 definition
   "accross_subnets x  \<equiv> 
  ((src x \<sqsubset> subnet1 \<and> (dest x \<sqsubset> subnet2)) \<or>
@@ -65,7 +63,6 @@ definition
  nat_0  where 
  "nat_0 = (A\<^sub>f(\<lambda>x. {x}))"
 
-
 lemmas UnfoldPolicy0 =filter_def nat_0_def 
                       NATLemmas 
                       ProtocolPortCombinators.ProtocolCombinators 
@@ -73,220 +70,156 @@ lemmas UnfoldPolicy0 =filter_def nat_0_def
                       packet_defs accross_subnets_def
                       subnet1_def subnet2_def
 
-
 lemmas subnets = subnet1_def subnet2_def 
 
-
-
-
-
 definition Adr11 :: "int set"
 where "Adr11 = {d. d > 2 \<and> d < 3}"
 
 definition Adr21 :: "int set" where
  "Adr21 = {d. d > 502 \<and> d < 503}"
 
-
 definition nat_1 where
  "nat_1 = nat_0 ++ (srcPat2pool_IntPort Adr11 Adr21)"
 
-
 definition policy_1 where
  "policy_1 = ((\<lambda> (x,y). x) o_f 
  ((nat_1 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
 
-
 lemmas UnfoldPolicy1 = UnfoldPolicy0 nat_1_def Adr11_def Adr21_def policy_1_def
 
-
-
-
 definition Adr12 :: "int set"
 where "Adr12 = {d. d > 4 \<and> d < 6}"
 
 definition Adr22 :: "int set" where
  "Adr22 = {d. d > 504 \<and> d < 506}"
 
-
 definition nat_2 where
  "nat_2 = nat_1 ++ (srcPat2pool_IntPort Adr12 Adr22)"
 
-
 definition policy_2 where
  "policy_2 = ((\<lambda> (x,y). x) o_f 
  ((nat_2 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
 
-
 lemmas UnfoldPolicy2 = UnfoldPolicy1 nat_2_def Adr12_def Adr22_def policy_2_def
 
-
-
-
 definition Adr13 :: "int set"
 where "Adr13 = {d. d > 6 \<and> d < 9}"
 
 definition Adr23 :: "int set" where
  "Adr23 = {d. d > 506 \<and> d < 509}"
 
-
 definition nat_3 where
  "nat_3 = nat_2 ++ (srcPat2pool_IntPort Adr13 Adr23)"
 
-
 definition policy_3 where
  "policy_3 = ((\<lambda> (x,y). x) o_f 
  ((nat_3 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
 
-
 lemmas UnfoldPolicy3 = UnfoldPolicy2 nat_3_def Adr13_def Adr23_def policy_3_def
 
-
-
-
 definition Adr14 :: "int set"
 where "Adr14 = {d. d > 8 \<and> d < 12}"
 
 definition Adr24 :: "int set" where
  "Adr24 = {d. d > 508 \<and> d < 512}"
 
-
 definition nat_4 where
  "nat_4 = nat_3 ++ (srcPat2pool_IntPort Adr14 Adr24)"
 
-
 definition policy_4 where
  "policy_4 = ((\<lambda> (x,y). x) o_f 
  ((nat_4 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
 
-
 lemmas UnfoldPolicy4 = UnfoldPolicy3 nat_4_def Adr14_def Adr24_def policy_4_def
 
-
-
-
 definition Adr15 :: "int set"
 where "Adr15 = {d. d > 10 \<and> d < 15}"
 
 definition Adr25 :: "int set" where
  "Adr25 = {d. d > 510 \<and> d < 515}"
 
-
 definition nat_5 where
  "nat_5 = nat_4 ++ (srcPat2pool_IntPort Adr15 Adr25)"
 
-
 definition policy_5 where
  "policy_5 = ((\<lambda> (x,y). x) o_f 
  ((nat_5 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
 
-
 lemmas UnfoldPolicy5 = UnfoldPolicy4 nat_5_def Adr15_def Adr25_def policy_5_def
 
-
-
-
 definition Adr16 :: "int set"
 where "Adr16 = {d. d > 12 \<and> d < 18}"
 
 definition Adr26 :: "int set" where
  "Adr26 = {d. d > 512 \<and> d < 518}"
 
-
 definition nat_6 where
  "nat_6 = nat_5 ++ (srcPat2pool_IntPort Adr16 Adr26)"
 
-
 definition policy_6 where
  "policy_6 = ((\<lambda> (x,y). x) o_f 
  ((nat_6 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
 
-
 lemmas UnfoldPolicy6 = UnfoldPolicy5 nat_6_def Adr16_def Adr26_def policy_6_def
 
-
-
-
 definition Adr17 :: "int set"
 where "Adr17 = {d. d > 14 \<and> d < 21}"
 
 definition Adr27 :: "int set" where
  "Adr27 = {d. d > 514 \<and> d < 521}"
 
-
 definition nat_7 where
  "nat_7 = nat_6 ++ (srcPat2pool_IntPort Adr17 Adr27)"
 
-
 definition policy_7 where
  "policy_7 = ((\<lambda> (x,y). x) o_f 
  ((nat_7 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
 
-
 lemmas UnfoldPolicy7 = UnfoldPolicy6 nat_7_def Adr17_def Adr27_def policy_7_def
 
-
-
-
 definition Adr18 :: "int set"
 where "Adr18 = {d. d > 16 \<and> d < 24}"
 
 definition Adr28 :: "int set" where
  "Adr28 = {d. d > 516 \<and> d < 524}"
 
-
 definition nat_8 where
  "nat_8 = nat_7 ++ (srcPat2pool_IntPort Adr18 Adr28)"
 
-
 definition policy_8 where
  "policy_8 = ((\<lambda> (x,y). x) o_f 
  ((nat_8 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
 
-
 lemmas UnfoldPolicy8 = UnfoldPolicy7 nat_8_def Adr18_def Adr28_def policy_8_def
 
-
-
-
 definition Adr19 :: "int set"
 where "Adr19 = {d. d > 18 \<and> d < 27}"
 
 definition Adr29 :: "int set" where
  "Adr29 = {d. d > 518 \<and> d < 527}"
 
-
 definition nat_9 where
  "nat_9 = nat_8 ++ (srcPat2pool_IntPort Adr19 Adr29)"
 
-
 definition policy_9 where
  "policy_9 = ((\<lambda> (x,y). x) o_f 
  ((nat_9 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
 
-
 lemmas UnfoldPolicy9 = UnfoldPolicy8 nat_9_def Adr19_def Adr29_def policy_9_def
 
-
-
-
 definition Adr110 :: "int set"
 where "Adr110 = {d. d > 20 \<and> d < 30}"
 
 definition Adr210 :: "int set" where
  "Adr210 = {d. d > 520 \<and> d < 530}"
 
-
 definition nat_10 where
  "nat_10 = nat_9 ++ (srcPat2pool_IntPort Adr110 Adr210)"
 
-
 definition policy_10 where
  "policy_10 = ((\<lambda> (x,y). x) o_f 
  ((nat_10 \<Otimes>\<^sub>2 filter) o (\<lambda> x. (x,x))))"
 
-
 lemmas UnfoldPolicy10 = UnfoldPolicy9 nat_10_def Adr110_def Adr210_def policy_10_def
 
-
+end
-
-end

Examples/PersonalFirewall/PersonalFirewall.thy

@@ -38,8 +38,9 @@
 section {* Personal Firewall *}
 theory 
   PersonalFirewall
-imports 
+  imports 
-  PersonalFirewallInt
+    PersonalFirewallInt
-  PersonalFirewallIpv4
+    PersonalFirewallIpv4
+    PersonalFirewallDatatype
 begin 
 end

Examples/PersonalFirewall/PersonalFirewallDatatype.thy

@@ -38,71 +38,60 @@
 subsection {* Personal Firewall: Datatype *}
 theory 
   PersonalFirewallDatatype
-imports 
+  imports 
-  FWTesting
+    "../../UPF-Firewall"
 begin
 
-text{* The most basic firewall scenario; there is a personal PC on one
+text{* 
-side and the Internet on the other.  There are two policies: the first
+  The most basic firewall scenario; there is a personal PC on one side and the Internet on the 
-one allows all traffic from the PC to the Internet and denies all
+  other. There are two policies: the first one allows all traffic from the PC to the Internet and 
-coming into the PC. The second policy only allows specific ports from
+  denies all coming into the PC. The second policy only allows specific ports from the PC. This 
-the PC. This scenario comes in three variants: the first one specifies
+  scenario comes in three variants: the first one specifies the allowed protocols directly, the 
-the allowed protocols directly, the second together with their
+  second together with their respective port numbers, the third one only with the port numbers.  
-respective port numbers, the third one only with the port numbers.  *}
+*}
 
 datatype Adr = pc | internet
-
+  
 type_synonym DatatypeTwoNets = "Adr \<times> int"
-
+  
 instance Adr::adr ..
-
+    
-defs (overloaded)
- src_port_def: "src_port (x::(DatatypeTwoNets,'b) packet) \<equiv> snd (src x)"
- dest_port_def: "dest_port (x::(DatatypeTwoNets,'b) packet) \<equiv> snd (dest x)"
-
 definition
- PC :: "DatatypeTwoNets net" where
+  PC :: "DatatypeTwoNets net" where
-"PC = {{(a,b). a = pc}}"
+  "PC = {{(a,b). a = pc}}"
-
+  
 definition
- Internet :: "DatatypeTwoNets net" where
+  Internet :: "DatatypeTwoNets net" where
-"Internet = {{(a,b). a = internet}}"
+  "Internet = {{(a,b). a = internet}}"
-
+  
-
-text{*
-Definition of the testing constraint
-*}
-
 definition
- not_in_same_net :: "(DatatypeTwoNets,DummyContent) packet \<Rightarrow> bool" where
+  not_in_same_net :: "(DatatypeTwoNets,DummyContent) packet \<Rightarrow> bool" where
-"not_in_same_net x = ((src x \<sqsubset> PC \<longrightarrow> dest x \<sqsubset> Internet) \<and> (src x \<sqsubset> Internet \<longrightarrow> dest x \<sqsubset> PC))" 
+  "not_in_same_net x = ((src x \<sqsubset> PC \<longrightarrow> dest x \<sqsubset> Internet) \<and> (src x \<sqsubset> Internet \<longrightarrow> dest x \<sqsubset> PC))" 
-
+  
 text {*
-Definitions of the policies 
+  Definitions of the policies 
-
-In fact, the short definitions wouldn't have to be written down - they
-are the automatically simplified versions of their big counterparts.
 
+  In fact, the short definitions wouldn't have to be written down - they
+  are the automatically simplified versions of their big counterparts.
 *}
 
 definition
- strictPolicy :: "(DatatypeTwoNets,DummyContent) FWPolicy" where
+  strictPolicy :: "(DatatypeTwoNets,DummyContent) FWPolicy" where
-"strictPolicy = deny_all ++ allow_all_from_to PC Internet"
+  "strictPolicy = deny_all ++ allow_all_from_to PC Internet"
-
+  
 definition
- PortPolicy :: "(DatatypeTwoNets,'b) FWPolicy" where
+  PortPolicy :: "(DatatypeTwoNets,'b) FWPolicy" where
-"PortPolicy = deny_all ++ allow_from_ports_to {80::port,24,21} PC Internet"
+  "PortPolicy = deny_all ++ allow_from_ports_to {80::port,24,21} PC Internet"
-
+  
 definition
- PortPolicyBig :: "(DatatypeTwoNets,'b) FWPolicy" where
+  PortPolicyBig :: "(DatatypeTwoNets,'b) FWPolicy" where
-"PortPolicyBig =  
+  "PortPolicyBig =  
                  allow_from_port_to (80::port) PC Internet \<Oplus> 
                  allow_from_port_to (24::port) PC Internet \<Oplus> 
                  allow_from_port_to (21::port) PC Internet \<Oplus> 
                  deny_all"
-
+  
-
+lemmas policyLemmas = strictPolicy_def PortPolicy_def PC_def Internet_def PortPolicyBig_def src_def 
-lemmas policyLemmas = strictPolicy_def PortPolicy_def PC_def Internet_def PortPolicyBig_def src_def dest_def src_port_def dest_port_def  
                       PolicyCombinators PortCombinators in_subnet_def
-
+  
-end
+end

Examples/PersonalFirewall/PersonalFirewallInt.thy

@@ -38,76 +38,61 @@
 subsection{* Personal Firewall: Integer *}
 theory 
   PersonalFirewallInt
-imports 
+  imports 
-  "../../UPF-Firewall"
+    "../../UPF-Firewall"
 begin
 
 text{*
-The most basic firewall scenario; there is a personal PC on one side and the Internet on the other. 
+  The most basic firewall scenario; there is a personal PC on one side and the Internet on the 
-There are two policies: the first one allows all traffic from the PC to the Internet and denies
+  other.  There are two policies: the first one allows all traffic from the PC to the Internet and 
-all coming into the PC. The second policy only allows specific ports from the PC. This scenario
+  denies all coming into the PC. The second policy only allows specific ports from the PC. This 
-comes in three variants: the first one specifies the allowed protocols directly, the second together 
+  scenario comes in three variants: the first one specifies the allowed protocols directly, the 
-with their respective port numbers, the third one only with the port numbers.
+  second together  with their respective port numbers, the third one only with the port numbers.
 *}
 
-
-
 text{*
-Definitions of the subnets 
+  Definitions of the subnets 
 *}
 
 definition
- PC :: "(adr\<^sub>i\<^sub>p net)" where
+  PC :: "(adr\<^sub>i\<^sub>p net)" where
-"PC = {{(a,b). a = 3}}"
+  "PC = {{(a,b). a = 3}}"
+  
+definition
+  Internet :: "adr\<^sub>i\<^sub>p net" where
+  "Internet = {{(a,b). \<not> (a = 3)}}"
 
 definition
- Internet :: "adr\<^sub>i\<^sub>p net" where
+  not_in_same_net :: "(adr\<^sub>i\<^sub>p,DummyContent) packet \<Rightarrow> bool" where
-"Internet = {{(a,b). \<not> (a = 3)}}"
+  "not_in_same_net x = ((src x \<sqsubset> PC \<longrightarrow> dest x \<sqsubset> Internet) \<and> (src x \<sqsubset> Internet \<longrightarrow> dest x \<sqsubset> PC))" 
-
+  
-
-
-text{*
-Definition of the testing constraint
-*}
-
-
-
-definition
- not_in_same_net :: "(adr\<^sub>i\<^sub>p,DummyContent) packet \<Rightarrow> bool" where
-"not_in_same_net x = ((src x \<sqsubset> PC \<longrightarrow> dest x \<sqsubset> Internet) \<and> (src x \<sqsubset> Internet \<longrightarrow> dest x \<sqsubset> PC))" 
-
 text {*
-Definitions of the policies 
+  Definitions of the policies 
 *}
 
-
-
 definition
- strictPolicy :: "(adr\<^sub>i\<^sub>p,DummyContent) FWPolicy" where
+  strictPolicy :: "(adr\<^sub>i\<^sub>p,DummyContent) FWPolicy" where
-"strictPolicy = deny_all ++ allow_all_from_to PC Internet"
+  "strictPolicy = deny_all ++ allow_all_from_to PC Internet"
 
 definition 
- PortPolicy :: "(adr\<^sub>i\<^sub>p,DummyContent) FWPolicy" where
+  PortPolicy :: "(adr\<^sub>i\<^sub>p,DummyContent) FWPolicy" where
-"PortPolicy = deny_all ++ allow_from_ports_to {http,smtp,ftp} PC Internet"
+  "PortPolicy = deny_all ++ allow_from_ports_to {http,smtp,ftp} PC Internet"
-
+  
 definition
- PortPolicyBig :: "(adr\<^sub>i\<^sub>p,DummyContent) FWPolicy" where
+  PortPolicyBig :: "(adr\<^sub>i\<^sub>p,DummyContent) FWPolicy" where
-"PortPolicyBig = deny_all ++ 
+  "PortPolicyBig = deny_all ++ 
                  allow_from_port_to http PC Internet ++ 
                  allow_from_port_to smtp PC Internet ++ 
                  allow_from_port_to ftp PC Internet"
-
+  
-
 lemmas policyLemmas = strictPolicy_def PortPolicy_def PC_def
-                      Internet_def PortPolicyBig_def src_def dest_def
+  Internet_def PortPolicyBig_def src_def dest_def
-                      adr\<^sub>i\<^sub>pLemmas content_def
+  adr\<^sub>i\<^sub>pLemmas content_def
-                      PortCombinators in_subnet_def PortPolicyBig_def id_def
+  PortCombinators in_subnet_def PortPolicyBig_def id_def
-
+  
-
 declare Ports [simp add]
-
+  
 definition wellformed_packet::"(adr\<^sub>i\<^sub>p,DummyContent) packet \<Rightarrow> bool" where
- "wellformed_packet p = (content p = data)"
+  "wellformed_packet p = (content p = data)"
-
+  
-
+end
-end

Examples/PersonalFirewall/PersonalFirewallIpv4.thy

@@ -38,66 +38,53 @@
 subsection {* Personal Firewall IPv4 *}
 theory 
   PersonalFirewallIpv4
-imports 
+  imports 
-  "../../UPF-Firewall"
+    "../../UPF-Firewall"
 begin
-
+  
-
 text{*
-
+  The most basic firewall scenario; there is a personal PC on one side and the Internet on the 
-The most basic firewall scenario; there is a personal PC on one side and the Internet on the other. 
+  other. There are two policies: the first one allows all traffic from the PC to the Internet and 
-There are two policies: the first one allows all traffic from the PC to the Internet and denies
+  denies all coming into the PC. The second policy only allows specific ports from the PC. This 
-all coming into the PC. The second policy only allows specific ports from the PC. This scenario
+  scenario comes in three variants: the first one specifies the allowed protocols directly, the 
-comes in three variants: the first one specifies the allowed protocols directly, the second together 
+  second together with their respective port numbers, the third one only with the port numbers.
-with their respective port numbers, the third one only with the port numbers.
-
 *}
-
+  
-
 text{*
-Definitions of the subnets 
+  Definitions of the subnets 
 *}
-
+  
 definition 
- PC :: "(ipv4 net)" where
+  PC :: "(ipv4 net)" where
-"PC = {{((a,b,c,d),e). a = 1 \<and> b = 3 \<and> c = 5 \<and> d = 2}}"
+  "PC = {{((a,b,c,d),e). a = 1 \<and> b = 3 \<and> c = 5 \<and> d = 2}}"
-
+  
 definition
- Internet :: "ipv4 net" where
+  Internet :: "ipv4 net" where
-"Internet = {{((a,b,c,d),e). \<not> (a = 1 \<and> b = 3 \<and> c = 5 \<and> d = 2)}}"
+  "Internet = {{((a,b,c,d),e). \<not> (a = 1 \<and> b = 3 \<and> c = 5 \<and> d = 2)}}"
-
+  
-
-text{*
-Definition of the testing constraint
-*}
-
 definition
- not_in_same_net :: "(ipv4,DummyContent) packet \<Rightarrow> bool" where
+  not_in_same_net :: "(ipv4,DummyContent) packet \<Rightarrow> bool" where
-"not_in_same_net x = ((src x \<sqsubset> PC \<longrightarrow> dest x \<sqsubset> Internet) \<and> (src x \<sqsubset> Internet \<longrightarrow> dest x \<sqsubset> PC))" 
+  "not_in_same_net x = ((src x \<sqsubset> PC \<longrightarrow> dest x \<sqsubset> Internet) \<and> (src x \<sqsubset> Internet \<longrightarrow> dest x \<sqsubset> PC))" 
-
+  
 text {*
-Definitions of the policies 
+  Definitions of the policies 
 *}
-
 definition
- strictPolicy :: "(ipv4,DummyContent) FWPolicy" where
+  strictPolicy :: "(ipv4,DummyContent) FWPolicy" where
-"strictPolicy = deny_all ++ allow_all_from_to PC Internet"
+  "strictPolicy = deny_all ++ allow_all_from_to PC Internet"
-
+  
 definition
- PortPolicy :: "(ipv4,DummyContent) FWPolicy" where
+  PortPolicy :: "(ipv4,DummyContent) FWPolicy" where
-"PortPolicy = deny_all ++ allow_from_ports_to {80::port,24,21} PC Internet"
+  "PortPolicy = deny_all ++ allow_from_ports_to {80::port,24,21} PC Internet"
-
+  
 definition
- PortPolicyBig :: "(ipv4,DummyContent) FWPolicy" where
+  PortPolicyBig :: "(ipv4,DummyContent) FWPolicy" where
-"PortPolicyBig = deny_all ++ allow_from_port_to (80::port) PC Internet++ allow_from_port_to (24::port) PC Internet++ allow_from_port_to (21::port) PC Internet"
+  "PortPolicyBig = deny_all ++ allow_from_port_to (80::port) PC Internet++ allow_from_port_to (24::port) PC Internet++ allow_from_port_to (21::port) PC Internet"
-
+  
-
 lemmas policyLemmas = strictPolicy_def PortPolicy_def PC_def
-                      Internet_def PortPolicyBig_def src_def dest_def
+  Internet_def PortPolicyBig_def src_def dest_def
-                      IPv4.src_port
+  IPv4.src_port
-                      IPv4.dest_port PolicyCombinators
+  IPv4.dest_port PolicyCombinators
-                      PortCombinators in_subnet_def PortPolicyBig_def
+  PortCombinators in_subnet_def PortPolicyBig_def
-
+  
-
-
 end

Examples/Transformation/Transformation.thy

@@ -36,9 +36,11 @@
  *****************************************************************************)
 
 section {* Demonstrating Policy Transformations *}
-theory Transformation
+theory 
-imports 
+  Transformation
-  Transformation01
+  imports 
-  Transformation02
+    Transformation01
+    Transformation02
 begin
 end
+  

Examples/Transformation/Transformation01.thy

@@ -38,94 +38,82 @@
 subsection {* Transformation Example 1 *}
 theory 
   Transformation01
-imports 
+  imports 
-  "../../UPF-Firewall"
+    "../../UPF-Firewall"
 begin
 
 definition
- FWLink :: "adr\<^sub>i\<^sub>p net" where
+  FWLink :: "adr\<^sub>i\<^sub>p net" where
-"FWLink = {{(a,b). a = 1}}"
+  "FWLink = {{(a,b). a = 1}}"
+  
+definition
+  any :: "adr\<^sub>i\<^sub>p net" where
+  "any = {{(a,b). a > 5}}"
+  
+definition
+  i4:: "adr\<^sub>i\<^sub>p net" where
+  "i4 = {{(a,b). a = 2 }}" 
+  
+definition
+  i27:: "adr\<^sub>i\<^sub>p net" where
+  "i27 = {{(a,b). a = 3 }}" 
+  
+definition
+  eth_intern:: "adr\<^sub>i\<^sub>p net" where
+  "eth_intern = {{(a,b). a = 4 }}"
+  
+definition
+  eth_private:: "adr\<^sub>i\<^sub>p net" where
+  "eth_private = {{(a,b). a = 5 }}"
 
 definition
- any :: "adr\<^sub>i\<^sub>p net" where
+  (* Mandatory: Global *)
-"any = {{(a,b). a > 5}}"
+  MG2 :: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
-
+  "MG2 = AllowPortFromTo i27 any 1 \<oplus> 
-definition
- i4:: "adr\<^sub>i\<^sub>p net" where
-"i4 = {{(a,b). a = 2 }}" 
-
-definition
- i27:: "adr\<^sub>i\<^sub>p net" where
-"i27 = {{(a,b). a = 3 }}" 
- 
-definition
- eth_intern:: "adr\<^sub>i\<^sub>p net" where
-"eth_intern = {{(a,b). a = 4 }}"
- 
-definition
- eth_private:: "adr\<^sub>i\<^sub>p net" where
-"eth_private = {{(a,b). a = 5 }}"
-
-
-definition
-(* Mandatory: Global *)
-
- MG2 :: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
-"MG2 = AllowPortFromTo i27 any 1 \<oplus> 
        AllowPortFromTo i27 any 2 \<oplus>
        AllowPortFromTo i27 any 3"
-
+  
 definition
- MG3 :: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
+  MG3 :: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
-"MG3 = AllowPortFromTo any FWLink 1"
+  "MG3 = AllowPortFromTo any FWLink 1"
-
+  
 definition
- MG4 :: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
+  MG4 :: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
-"MG4 = AllowPortFromTo FWLink FWLink 4"
+  "MG4 = AllowPortFromTo FWLink FWLink 4"
- 
+  
 definition
- MG7 :: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
+  MG7 :: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
-"MG7 = AllowPortFromTo FWLink i4 6 \<oplus>
+  "MG7 = AllowPortFromTo FWLink i4 6 \<oplus>
        AllowPortFromTo FWLink i4 7"
-
+  
 definition
- MG8 :: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
+  MG8 :: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
-"MG8 = AllowPortFromTo FWLink i4 6 \<oplus>
+  "MG8 = AllowPortFromTo FWLink i4 6 \<oplus>
        AllowPortFromTo FWLink i4 7"
-
+  
-(* Default Global *)
+  (* Default Global *)
+definition
+  DG3:: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
+  "DG3 = AllowPortFromTo any any 7"
 
 definition
- DG3:: "(adr\<^sub>i\<^sub>p net,port) Combinators" where
+  "Policy = DenyAll \<oplus> MG8 \<oplus>  MG7 \<oplus> MG4 \<oplus> MG3 \<oplus> MG2 \<oplus> DG3"   
-"DG3 = AllowPortFromTo any any 7"
 
- 
+lemmas PolicyLemmas =  Policy_def
+  FWLink_def
+  any_def
+  i27_def
+  i4_def
+  eth_intern_def
+  eth_private_def
+  MG2_def MG3_def MG4_def MG7_def MG8_def  
+  DG3_def
 
-definition
+lemmas PolicyL =  MG2_def MG3_def MG4_def MG7_def MG8_def DG3_def Policy_def
-"Policy = DenyAll \<oplus> MG8 \<oplus>  MG7 \<oplus> MG4 \<oplus> MG3 \<oplus> MG2 \<oplus> DG3"   
- 
- 
-
- lemmas PolicyLemmas =  Policy_def
- FWLink_def
- any_def
- 
- i27_def
- i4_def
- 
- eth_intern_def
- eth_private_def
- 
- MG2_def MG3_def MG4_def MG7_def MG8_def  
- DG3_def
- 
-
-lemmas PolicyL =  MG2_def MG3_def MG4_def MG7_def MG8_def  
- DG3_def Policy_def
 
 definition 
- not_in_same_net :: "(adr\<^sub>i\<^sub>p,DummyContent) packet \<Rightarrow> bool" where
+  not_in_same_net :: "(adr\<^sub>i\<^sub>p,DummyContent) packet \<Rightarrow> bool" where
-"not_in_same_net x =  (((src x \<sqsubset> i27) \<longrightarrow> ( \<not> (dest x \<sqsubset> i27))) \<and>
+  "not_in_same_net x =  (((src x \<sqsubset> i27) \<longrightarrow> ( \<not> (dest x \<sqsubset> i27))) \<and>
                       ((src x \<sqsubset>  i4) \<longrightarrow> ( \<not> (dest x \<sqsubset> i4))) \<and>
                       ((src x \<sqsubset>  eth_intern) \<longrightarrow> ( \<not> (dest x \<sqsubset> eth_intern))) \<and>
                       ((src x \<sqsubset>  eth_private) \<longrightarrow> ( \<not> (dest x \<sqsubset> eth_private))))"
@@ -140,45 +128,33 @@ lemmas fixDefs = fixElements_def NetworkCore.id_def NetworkCore.content_def
 
 
 lemma sets_distinct1: "(n::int) \<noteq> m \<Longrightarrow> {(a,b). a = n} \<noteq> {(a,b). a = m}"
-apply auto
+  by auto
-done
 
 lemma sets_distinct2: "(m::int) \<noteq> n \<Longrightarrow> {(a,b). a = n} \<noteq> {(a,b). a = m}"
-apply auto
+  by auto
-done
-
-
 
 lemma sets_distinct3: "{((a::int),(b::int)). a = n} \<noteq> {(a,b). a > n}"
-apply auto
+  by auto
-done
-
 
 lemma sets_distinct4: "{((a::int),(b::int)). a > n} \<noteq> {(a,b). a = n}"
-apply auto
+  by auto
-done
-
 
 lemma aux: "\<lbrakk>a \<in> c; a \<notin> d; c = d\<rbrakk> \<Longrightarrow> False"
-apply auto
+  by auto 
-done
+    
-
-
 lemma sets_distinct5: "(s::int) < g \<Longrightarrow> {(a::int, b::int). a = s} \<noteq> {(a::int, b::int).  g < a}"
-apply (auto simp: sets_distinct3)
+  apply (auto simp: sets_distinct3)
-apply (subgoal_tac "(s,4) \<in> {(a::int,b::int). a = (s)}")
+  apply (subgoal_tac "(s,4) \<in> {(a::int,b::int). a = (s)}")
-apply (subgoal_tac "(s,4) \<notin> {(a::int,b::int). g < a}")
+   apply (subgoal_tac "(s,4) \<notin> {(a::int,b::int). g < a}")
-apply (erule aux)
+    apply (erule aux)
-apply assumption+
+     apply assumption+
-apply simp
+   apply simp
-by blast
+  by blast
-
 
 lemma sets_distinct6: "(s::int) < g \<Longrightarrow> {(a::int, b::int).  g < a} \<noteq> {(a::int, b::int).  a = s}"
-apply (rule not_sym)
+  apply (rule not_sym)
-apply (rule sets_distinct5)
+  apply (rule sets_distinct5)
-by simp
+  by simp
-
 
 lemma distinctNets: "FWLink \<noteq>  any \<and> FWLink \<noteq>  i4 \<and> FWLink \<noteq>  i27 \<and> FWLink \<noteq>  eth_intern \<and> FWLink \<noteq>   eth_private \<and> 
 any \<noteq>  FWLink \<and> any \<noteq>  i4 \<and> any \<noteq>  i27 \<and> any \<noteq>  eth_intern \<and> any \<noteq>  eth_private \<and> i4 \<noteq>  FWLink \<and> 
@@ -186,83 +162,34 @@ i4 \<noteq>  any \<and> i4 \<noteq>  i27 \<and> i4 \<noteq>  eth_intern \<and> i
 i27 \<noteq>  i4 \<and> i27 \<noteq>  eth_intern \<and> i27 \<noteq>  eth_private \<and> eth_intern \<noteq>  FWLink \<and> eth_intern \<noteq>  any \<and> 
 eth_intern \<noteq>  i4 \<and> eth_intern \<noteq>  i27 \<and> eth_intern \<noteq>  eth_private \<and> eth_private \<noteq>  FWLink \<and> 
 eth_private \<noteq>  any \<and> eth_private \<noteq>  i4 \<and> eth_private \<noteq>  i27 \<and> eth_private \<noteq>  eth_intern"
-apply (simp add: PolicyLemmas sets_distinct1 sets_distinct2 sets_distinct3 sets_distinct4 sets_distinct5 sets_distinct6)
+  by (simp add: PolicyLemmas sets_distinct1 sets_distinct2 sets_distinct3 sets_distinct4 
-done
+                sets_distinct5 sets_distinct6)
-
-
 
 lemma aux5: "\<lbrakk>x \<noteq> a; y\<noteq>b; (x \<noteq> y \<and> x \<noteq> b) \<or>  (a \<noteq> b \<and> a \<noteq> y)\<rbrakk> \<Longrightarrow> {x,a} \<noteq> {y,b}"
-  apply auto
+  by auto
-done
-
 
 lemma aux2: "{a,b} = {b,a}"
-  apply auto
+  by auto
-done
-
-(*
-lemma noMT: "\<forall> x \<in> set (policy2list Policy). dom (C x) \<noteq> {}"
-apply (simp add: PolicyLemmas)
-apply (simp add: PLemmas PolicyLemmas)
-by arith
-*)
-
 
 lemma ANDex: "allNetsDistinct (policy2list Policy)"
-apply (simp add: PolicyL allNetsDistinct_def distinctNets)
+  apply (simp add: PolicyL allNetsDistinct_def distinctNets)
-apply (auto simp: PLemmas PolicyLemmas netsDistinct_def sets_distinct5 sets_distinct6)
+  by (auto simp: PLemmas PolicyLemmas netsDistinct_def sets_distinct5 sets_distinct6)
-done
+    
-
-(*
-lemma count_the_rules: "(int (length(policy2list (list2FWpolicy(normalize Policy)))) = post) \<and> 
-(int(length (policy2list Policy)) = pre) \<and>
- (int (length((normalize Policy))) = Partitions)"
-apply (insert distinctNets noMT)
-apply (simp add: normalize_def PolicyL bothNets_def aux5 aux2 Nets_List_def, thin_tac "?X",thin_tac "?S")
-oops
-
-
-
-lemma normedPolicy: "normalize Policy = X"
-apply (insert distinctNets noMT)
-apply (simp add: normalize_def PolicyL bothNets_def aux5 aux2 Nets_List_def, thin_tac "?X",thin_tac "?S")
-oops
-*)
-
 fun (sequential) numberOfRules where 
- "numberOfRules (a\<oplus>b) = numberOfRules a + numberOfRules b"
+  "numberOfRules (a\<oplus>b) = numberOfRules a + numberOfRules b"
- |"numberOfRules a = (1::int)" 
+|"numberOfRules a = (1::int)" 
-
-
-
 
 fun numberOfRulesList where 
  "numberOfRulesList  (x#xs) = ((numberOfRules x)#(numberOfRulesList xs)) "
  |"numberOfRulesList [] = []" 
 
-(*
-lemma "numberOfRulesList (normalize Policy) = X"
-apply (insert distinctNets noMT)
-apply (simp add: normalize_def PolicyL bothNets_def aux5 aux2 Nets_List_def, thin_tac "?X",thin_tac "?S")
-oops
-*)
-
 lemma all_in_list: "all_in_list (policy2list Policy) (Nets_List Policy)"
-apply (simp add: PolicyL)
+  apply (simp add: PolicyL)
-apply (unfold Nets_List_def)
+  apply (unfold Nets_List_def)
-apply (unfold bothNets_def)
+  apply (unfold bothNets_def)
-apply (insert distinctNets)
+  apply (insert distinctNets)
-apply simp
+  by simp
-done
 
 lemmas normalizeUnfold =   normalize_def Policy_def Nets_List_def bothNets_def aux aux2 bothNets_def
 
-(*
+end
-lemma noMT2: "\<forall> x \<in> set (policy2list Policy). dom (C x) \<noteq> {}"
-apply (simp add: PLemmas  normalize_def bothNets_def
-                 PolicyLemmas aux5 aux2 Nets_List_def ) 
-by (metis zless_add1_eq)
-*)
-
-
-end

Examples/Transformation/Transformation02.thy

@@ -38,123 +38,103 @@
 subsection {* Transforamtion Example 2 *}
 theory 
   Transformation02
-imports 
+  imports 
-   "../../UPF-Firewall"
+    "../../UPF-Firewall"
 begin
-
+  
 definition
- FWLink :: "adr\<^sub>i\<^sub>p net" where
+  FWLink :: "adr\<^sub>i\<^sub>p net" where
-"FWLink = {{(a,b). a = 1}}"
+  "FWLink = {{(a,b). a = 1}}"
-
+  
 definition
- any :: "adr\<^sub>i\<^sub>p net" where
+  any :: "adr\<^sub>i\<^sub>p net" where
-"any = {{(a,b). a > 5}}"
+  "any = {{(a,b). a > 5}}"
-
+  
 definition
- i4_32:: "adr\<^sub>i\<^sub>p net" where
+  i4_32:: "adr\<^sub>i\<^sub>p net" where
-"i4_32 = {{(a,b). a = 2 }}" 
+  "i4_32 = {{(a,b). a = 2 }}" 
-
+  
 definition
- i10_32:: "adr\<^sub>i\<^sub>p net" where
+  i10_32:: "adr\<^sub>i\<^sub>p net" where
-"i10_32 = {{(a,b). a = 3 }}" 
+  "i10_32 = {{(a,b). a = 3 }}" 
- 
+  
 definition
- eth_intern:: "adr\<^sub>i\<^sub>p net" where
+  eth_intern:: "adr\<^sub>i\<^sub>p net" where
-"eth_intern = {{(a,b). a = 4 }}"
+  "eth_intern = {{(a,b). a = 4 }}"
- 
+  
 definition
- eth_private:: "adr\<^sub>i\<^sub>p net" where
+  eth_private:: "adr\<^sub>i\<^sub>p net" where
-"eth_private = {{(a,b). a = 5 }}"
+  "eth_private = {{(a,b). a = 5 }}"
-
+  
-
-
 definition
- D1a :: "(adr\<^sub>i\<^sub>p net, port) Combinators" where
+  D1a :: "(adr\<^sub>i\<^sub>p net, port) Combinators" where
-"D1a = AllowPortFromTo eth_intern any 1 \<oplus> 
+  "D1a = AllowPortFromTo eth_intern any 1 \<oplus> 
        AllowPortFromTo eth_intern any 2"
-
+  
-
 definition
- D1b :: "(adr\<^sub>i\<^sub>p net, port) Combinators" where
+  D1b :: "(adr\<^sub>i\<^sub>p net, port) Combinators" where
-"D1b = AllowPortFromTo eth_private any 1 \<oplus>
+  "D1b = AllowPortFromTo eth_private any 1 \<oplus>
        AllowPortFromTo eth_private any 2"
-
+  
 definition
- D2a :: "(adr\<^sub>i\<^sub>p net, port) Combinators" where
+  D2a :: "(adr\<^sub>i\<^sub>p net, port) Combinators" where
-"D2a = AllowPortFromTo  any i4_32 21"
+  "D2a = AllowPortFromTo  any i4_32 21"
-
+  
-
 definition
- D2b :: "(adr\<^sub>i\<^sub>p net, port) Combinators" where
+  D2b :: "(adr\<^sub>i\<^sub>p net, port) Combinators" where
-"D2b = AllowPortFromTo any i10_32 21 \<oplus> 
+  "D2b = AllowPortFromTo any i10_32 21 \<oplus> 
        AllowPortFromTo any i10_32 43"
-
+  
-
-
 definition
- Policy :: "(adr\<^sub>i\<^sub>p net, port) Combinators" where
+  Policy :: "(adr\<^sub>i\<^sub>p net, port) Combinators" where
-"Policy = DenyAll \<oplus> D2b \<oplus> D2a \<oplus> D1b \<oplus> D1a"
+  "Policy = DenyAll \<oplus> D2b \<oplus> D2a \<oplus> D1b \<oplus> D1a"
-
+  
 lemmas PolicyLemmas = Policy_def D1a_def D1b_def D2a_def D2b_def 
- 
+  
-
+lemmas PolicyL =  Policy_def
- lemmas PolicyL =  Policy_def
+  FWLink_def
- FWLink_def
+  any_def
- any_def
+  i10_32_def
- i10_32_def
+  i4_32_def
- i4_32_def
+  eth_intern_def
- eth_intern_def
+  eth_private_def
- eth_private_def
+  D1a_def D1b_def D2a_def D2b_def 
- D1a_def D1b_def D2a_def D2b_def 
                     
 consts fixID :: id
 consts fixContent :: DummyContent
-
+  
 definition "fixElements p = (id p = fixID \<and> content p = fixContent)"
-
+  
 lemmas fixDefs = fixElements_def NetworkCore.id_def NetworkCore.content_def
 
-
-
 lemma sets_distinct1: "(n::int) \<noteq> m \<Longrightarrow> {(a,b). a = n} \<noteq> {(a,b). a = m}"
-apply auto
+  by auto
-done
 
 lemma sets_distinct2: "(m::int) \<noteq> n \<Longrightarrow> {(a,b). a = n} \<noteq> {(a,b). a = m}"
-apply auto
+  by auto
-done
-
-
 
 lemma sets_distinct3: "{((a::int),(b::int)). a = n} \<noteq> {(a,b). a > n}"
-apply auto
+  by auto
-done
+    
-
-
 lemma sets_distinct4: "{((a::int),(b::int)). a > n} \<noteq> {(a,b). a = n}"
-apply auto
+  by auto
-done
+  
-
-
 lemma aux: "\<lbrakk>a \<in> c; a \<notin> d; c = d\<rbrakk> \<Longrightarrow> False"
-apply auto
+  by auto
-done
-
 
 lemma sets_distinct5: "(s::int) < g \<Longrightarrow> {(a::int, b::int). a = s} \<noteq> {(a::int, b::int).  g < a}"
-apply (auto simp: sets_distinct3)
+  apply (auto simp: sets_distinct3)
-apply (subgoal_tac "(s,4) \<in> {(a::int,b::int). a = (s)}")
+  apply (subgoal_tac "(s,4) \<in> {(a::int,b::int). a = (s)}")
-apply (subgoal_tac "(s,4) \<notin> {(a::int,b::int). g < a}")
+   apply (subgoal_tac "(s,4) \<notin> {(a::int,b::int). g < a}")
-apply (erule aux)
+    apply (erule aux)
-apply assumption+
+     apply assumption+
-apply simp
+   apply simp
-by blast
+  by blast
-
+    
 lemma sets_distinct6: "(s::int) < g \<Longrightarrow> {(a::int, b::int).  g < a} \<noteq> {(a::int, b::int).  a = s}"
-apply (rule not_sym)
+  apply (rule not_sym)
-apply (rule sets_distinct5)
+  apply (rule sets_distinct5)
-by simp
+  by simp
-
 
 lemma distinctNets: "FWLink \<noteq> any \<and> FWLink \<noteq> i4_32 \<and> FWLink \<noteq> i10_32 \<and>
 FWLink \<noteq> eth_intern \<and> FWLink \<noteq> eth_private \<and> any \<noteq> FWLink \<and> any \<noteq>
@@ -165,55 +145,36 @@ eth_private \<and> i10_32 \<noteq> FWLink \<and> i10_32 \<noteq> any \<and> i10_
 \<noteq> any \<and> eth_intern \<noteq> i4_32 \<and> eth_intern \<noteq> i10_32 \<and> eth_intern \<noteq>
 eth_private \<and> eth_private \<noteq> FWLink \<and> eth_private \<noteq> any \<and> eth_private \<noteq>
 i4_32 \<and> eth_private \<noteq> i10_32 \<and> eth_private \<noteq> eth_intern " 
-apply (simp add: PolicyL sets_distinct1 sets_distinct2 sets_distinct3
+  by (simp add: PolicyL sets_distinct1 sets_distinct2 sets_distinct3
-  sets_distinct4 sets_distinct5 sets_distinct6) 
+      sets_distinct4 sets_distinct5 sets_distinct6) 
-done
+    
-
-
-
 lemma aux5: "\<lbrakk>x \<noteq> a; y\<noteq>b; (x \<noteq> y \<and> x \<noteq> b) \<or>  (a \<noteq> b \<and> a \<noteq> y)\<rbrakk> \<Longrightarrow> {x,a} \<noteq> {y,b}"
-  apply auto
+  by auto
-done
+    
-
-
 lemma aux2: "{a,b} = {b,a}"
-  apply auto
+  by auto
-done
+    
-
-
-
-
 lemma ANDex: "allNetsDistinct (policy2list Policy)"
-apply (simp add: PolicyLemmas allNetsDistinct_def distinctNets)
+  apply (simp add: PolicyLemmas allNetsDistinct_def distinctNets)
-apply (simp add: PolicyL)
+  apply (simp add: PolicyL)
-apply (auto simp: PLemmas PolicyL netsDistinct_def sets_distinct5 sets_distinct6 sets_distinct1 sets_distinct2)
+  by (auto simp: PLemmas PolicyL netsDistinct_def sets_distinct5 sets_distinct6 sets_distinct1
-done
+                 sets_distinct2)
-
+    
 fun (sequential) numberOfRules where 
- "numberOfRules (a\<oplus>b) = numberOfRules a + numberOfRules b"
+  "numberOfRules (a\<oplus>b) = numberOfRules a + numberOfRules b"
- |"numberOfRules a = (1::int)" 
+|"numberOfRules a = (1::int)" 
-
+  
-
-
-
 fun numberOfRulesList where 
- "numberOfRulesList  (x#xs) = ((numberOfRules x)#(numberOfRulesList xs)) "
+  "numberOfRulesList  (x#xs) = ((numberOfRules x)#(numberOfRulesList xs)) "
- |"numberOfRulesList [] = []" 
+|"numberOfRulesList [] = []" 
-
+  
-
-
 lemma all_in_list: "all_in_list (policy2list Policy) (Nets_List Policy)"
-apply (simp add: PolicyLemmas)
+  apply (simp add: PolicyLemmas)
-apply (unfold Nets_List_def)
+  apply (unfold Nets_List_def)
-apply (unfold bothNets_def)
+  apply (unfold bothNets_def)
-apply (insert distinctNets)
+  apply (insert distinctNets)
-apply simp
+  by simp
-done
+    
-
-
 lemmas normalizeUnfold =   normalize_def PolicyL Nets_List_def bothNets_def aux aux2 bothNets_def sets_distinct1 sets_distinct2 sets_distinct3 sets_distinct4 sets_distinct5 sets_distinct6  aux5 aux2
 
-
+end
-end
-
-

Examples/VoIP/VoIP.thy

@@ -36,17 +36,19 @@
  *****************************************************************************)
 
 section {* Voice over IP *}
-theory VoIP
+theory 
-imports 
+  VoIP
-  "../../UPF-Firewall"
+  imports 
+    "../../UPF-Firewall"
 begin
+  
 
-
+text{* 
-text{* In this theory we generate the test data for correct runs of
+  In this theory we generate the test data for correct runs of the FTP protocol. As usual, we 
-the FTP protocol. As usual, we start with definining the networks and
+  start with definining the networks and the policy. We use a rather simple policy which allows 
-the policy. We use a rather simple policy which allows only FTP
+  only FTP connections starting from the Intranet and going to the Internet, and deny everything 
-connections starting from the Intranet and going to the Internet, and
+  else. 
-deny everything else. *}
+*}
 
 definition 
   intranet :: "adr\<^sub>i\<^sub>p net" where
@@ -60,14 +62,13 @@ definition
   gatekeeper :: "adr\<^sub>i\<^sub>p net" where
   "gatekeeper = {{(a,c). a =4}}"
 
-
 definition 
   voip_policy :: "(adr\<^sub>i\<^sub>p,address voip_msg) FWPolicy" where
   "voip_policy = A\<^sub>U"
 
-
+text{* 
-text{* The next two constants check if an address is in the Intranet
+  The next two constants check if an address is in the Intranet or in the Internet respectively.
-or in the Internet respectively.*}
+*}
 
 definition 
   is_in_intranet :: "address  \<Rightarrow> bool" where
@@ -81,9 +82,9 @@ definition
   is_in_internet :: "address \<Rightarrow> bool" where
   "is_in_internet a =  (a > 4)"
 
-
 text{*
-The next definition is our starting state: an empty trace and the just defined policy.*}
+  The next definition is our starting state: an empty trace and the just defined policy.
+*}
 
 definition 
   "\<sigma>_0_voip" ::  "(adr\<^sub>i\<^sub>p, address voip_msg) history \<times>
@@ -91,30 +92,25 @@ definition
 where                                     
   "\<sigma>_0_voip = ([],voip_policy)"
 
-text{*Next we state the conditions we have on our trace: a normal
+text{*
-behaviour FTP run from the intranet to some server in the internet on
+  Next we state the conditions we have on our trace: a normal behaviour FTP run from the intranet 
-port 21.*}
+  to some server in the internet on port 21.
+*}
 
 definition "accept_voip" ::  "(adr\<^sub>i\<^sub>p, address voip_msg) history \<Rightarrow> bool" where
-          "accept_voip t = 
+          "accept_voip t =   (\<exists> c s g i p1 p2. t \<in> NB_voip c s g i p1 p2 \<and> is_in_intranet c 
-  (\<exists> c s g i p1 p2. t \<in> NB_voip c s g i p1 p2 \<and> is_in_intranet c \<and> is_in_internet s
+                                              \<and> is_in_internet s
                                               \<and> is_gatekeeper g)"
 
-
-
 fun packet_with_id where
  "packet_with_id [] i = []"
 |"packet_with_id (x#xs) i = 
   (if id x = i then (x#(packet_with_id xs i)) else (packet_with_id xs i))"
 
-
+text{*
-text{*The depth of the test case generation corresponds to the maximal
+  The depth of the test case generation corresponds to the maximal length of generated traces,  
-length of generated traces. 4 is the minimum to get a full FTP
+  4 is the minimum to get a full FTP protocol run.
-protocol run.  *}
+*}
-
-
-
-
 
 fun ids1 where
  "ids1 i (x#xs) = (id x = i \<and> ids1 i xs)"
@@ -129,8 +125,4 @@ lemmas ST_simps = Let_def valid_SE_def unit_SE_def bind_SE_def
  VOIP.NB_voip_def \<sigma>_0_voip_def PLemmas VOIP_TRPolicy_def
  policy2MON_def applyPolicy_def 
 
-
-
-
-
 end