Retrenching the Purse: Hashing Injective CLEAR Codes, and Security Properties

Banach, Richard, Jeske, Czeslaw, Poppleton, Michael and Stepney, Susan (2006) Retrenching the Purse: Hashing Injective CLEAR Codes, and Security Properties. In, IEEE ISOLA 2006: 2nd Int. Symp. on Leveraging Applications of Formal Methods, Verification and Validation, Paphos, Cyprus, IEEE Computer Society, 76-89.


[img] PDF
Download (128Kb)


The Mondex Electronic Purse is an outstanding example of industrial scale formal refinement, and was the first verification to achieve ITSEC level E6 certification. A formal abstract model and a formal concrete model were developed, and a formal refinement was hand-proved between them. Nevertheless, certain requirements issues were set beyond the scope of the formal development, or handled in an unnatural manner. The retrenchment Tower Pattern is used to address one such issue in detail: the use of a hash function rather than a total injective function when clearing the highly constrained purse logs. A retrenchment is constructed from the lowest level model to a model using a hash, and is then lifted to create two refinement developments, working at different levels of detail, and connected via retrenchments. The tower development is appropriately validated, vindicating the design used.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Event Dates: November 19, 2006
Keywords: retrenchment, refinement, mondex, electronic purse
Divisions : Faculty of Physical Sciences and Engineering > Electronics and Computer Science
ePrint ID: 263247
Accepted Date and Publication Date:
Date Deposited: 13 Dec 2006
Last Modified: 27 Mar 2014 20:06
Further Information:Google Scholar

Actions (login required)

View Item View Item

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics