High-assurance network gateway generators

1 . A network gateway generator, comprising: one or more processors and a memory, the memory being a non-transitory computer-readable medium having executable instructions encoded thereon, such that upon execution of the instructions, the one or more processors perform operations of: receiving input artifacts; translating the input artifacts into corresponding formats as translated data; distributing the translated data to an operating system (OS) code generator, a glue code generator, and a communications code generator; generating, by the OS code generator, OS code based on the translated data, and capturing the system architecture, including communications channels between trusted and untrusted subsystems; generating, by the communications code generator, deserialization and filtering code based on the translated data; generating, by a glue code generator, glue code based on the OS code and translated data; generating an executable network gateway code by combining the glue code, deserialization code, and filtering code; generating proof artifacts providing mathematical guarantees on an impossibility of untrusted subsystems interfering with trusted subsystems and an impossibility of exploitable failures in message serialization and deserialization code for communications; encoding the executable network gateway code on a computer readable medium; forming a gateway between a platform and network by running the executable network gateway code on a network server; and facilitating communication traffic between the platform and network through the gateway such that it is impossible for untrusted subsystems accessible via the network to alter or modify contents of trusted subsystems except the contents of designated communications channels, and such that there are no exploitable failures present in the communications channels. 2 . The network gateway generator as set forth in claim 1 , wherein the translated data includes system architecture code, glue code relevant artifacts, and message specifications. 3 . The network gateway generator as set forth in claim 2 , wherein the communications code generator further generates formal specifications, proofs, and associated code. 4 . The network gateway generator as set forth in claim 1 , wherein the communications code generator further generates formal specifications, proofs, and associated code. 5 . A computer program product for a network gateway generator, the computer program product comprising: a non-transitory computer-readable medium having executable instructions encoded thereon, such that upon execution of the instructions by one or more processors, the one or more processors perform operations of: receiving input artifacts; translating the input artifacts into corresponding formats as translated data; distributing the translated data to an operating system (OS) code generator, a glue code generator, and a communications code generator; generating, by the OS code generator, OS code based on the translated data, and capturing the system architecture, including communications channels between trusted and untrusted subsystems; generating, by the communications code generator, deserialization and filtering code based on the translated data; generating, by a glue code generator, glue code based on the OS code and translated data; generating an executable network gateway code by combining the glue code, deserialization code, and filtering code; generating proof artifacts providing mathematical guarantees on an impossibility of untrusted subsystems interfering with trusted subsystems and an impossibility of exploitable failures in message serialization and deserialization code for communications; encoding the executable network gateway code on a computer readable medium; forming a gateway between a platform and network by running the executable network gateway code on a network server; and facilitating communication traffic between the platform and network through the gateway such that it is impossible for untrusted subsystems accessible via the network to alter or modify contents of trusted subsystems except the contents of designated communications channels, and such that there are no exploitable failures present in the communications channels. 6 . The computer program product as set forth in claim 5 , wherein the translated data includes system architecture code, glue code relevant artifacts, and message specifications. 7 . The computer program product as set forth in claim 6 , wherein the communications code generator further generates formal specifications, proofs, and associated code. 8 . The computer program product as set forth in claim 5 , wherein the communications code generator further generates formal specifications, proofs, and associated code. 9 . A computer implemented method for a network gateway generator, the method comprising an act of: causing one or more processors to execute instructions encoded on a non-transitory computer-readable medium, such that upon execution, the one or more processors perform operations of: receiving input artifacts; translating the input artifacts into corresponding formats as translated data; distributing the translated data to an operating system (OS) code generator, a glue code generator, and a communications code generator; generating, by the OS code generator, OS code based on the translated data, and capturing the system architecture, including communications channels between trusted and untrusted subsystems; generating, by the communications code generator, deserialization and filtering code based on the translated data; generating, by a glue code generator, glue code based on the OS code and translated data; generating an executable network gateway code by combining the glue code, deserialization code, and filtering code; generating proof artifacts providing mathematical guarantees on an impossibility of untrusted subsystems interfering with trusted subsystems and an impossibility of exploitable failures in message serialization and deserialization code for communications; encoding the executable network gateway code on a computer readable medium; forming a gateway between a platform and network by running the executable network gateway code on a network server; and facilitating communication traffic between the platform and network through the gateway such that it is impossible for untrusted subsystems accessible via the network to alter or modify contents of trusted subsystems except the contents of designated communications channels, and such that there are no exploitable failures present in the communications channels. 10 . The method as set forth in claim 9 , wherein the translated data includes system architecture code, glue code relevant artifacts, and message specifications. 11 . The method as set forth in claim 10 , wherein the communications code generator further generates formal specifications, proofs, and associated code. 12 . The method as set forth in claim 9 , wherein the communications code generator further generates formal specifications, proofs, and associated code.