Retrenching the Purse: Finite Sequence Numbers, and the Tower Pattern


Banach, Richard, Poppleton, Michael, Jeske, Czeslaw and Stepney, Susan (2005) Retrenching the Purse: Finite Sequence Numbers, and the Tower Pattern. In, FM 2005: International Symposium of Formal Methods Europe, Newcastle, UK, 18 - 22 Jul 2005. Springer Lecture Notes in Computer Science, 382-398.

Download

[img] PDF
Download (124Kb)

Description/Abstract

The Mondex Electronic Purse system is an outstanding example of formal refinement techniques applied to a genuine industrial scale application, and notably, was the first verification to achieve ITSEC level E6 certification. A formal abstract model including security properties, and a formal concrete model of the system design were developed, and a formal refinement was hand-proved between them in Z. Despite this success, certain requirements issues were set beyond the scope of the formal development, or handled in an unnatural manner. Retrenchment is reviewed in a form suitable for integration with Z refinement, and is used to address one such issue in detail: the finiteness of the transaction sequence number in the purse funds transfer protocol. A retrenchment is constructed from the lowest level model of the purse system to a model in which sequence numbers are finite, using a suitable elaboration of the Z promotion technique. We overview the lifting of that retrenchment to the abstraction level of the higher models of the purse system. The concessions of the various retrenchments generated, formally capture the dissonance between the unbounded sequence number idealisation and the bounded reality. Reasoning about when the concession can become valid influences the actual choice of sequence number bound. The retrenchment-enhanced formal development is proposed as an example of a widely applicable methodological pattern for formal developments of this kind: the Tower Pattern.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Event Dates: 18-22 July 2005
ISBNs: 3540278826
Keywords: retrenchment, refinement, electronic purse, Z, promotion
Divisions: Faculty of Physical Sciences and Engineering > Electronics and Computer Science > Electronic & Software Systems
ePrint ID: 260805
Date Deposited: 29 Apr 2005
Last Modified: 27 Mar 2014 20:03
Further Information:Google Scholar
ISI Citation Count:11
URI: http://eprints.soton.ac.uk/id/eprint/260805

Actions (login required)

View Item View Item

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics