To ensure the security of the top-level design of the security gateway, we proposed a method of formally designing and verifying a typical security gateway. Firstly, we designed the typical
security gateway’s security policy according to its security requirements. Secondly, we formally modeled the security policy and verified the security model’s internal consistency by means of
BLP model. In the end, we verified the consistency between the security gateway’s functional specifications and its security model. To make sure the reasoning procedure’s correctness, we
used the theorem prover Isabelle/HOL to formally describe the above work and help us deduce. Our work ensures the security of a typical security gateway in terms of top-level design and exerts certain referential significance on formal design of security gateway.