Retrenching the Purse: Hashing Injective CLEAR Codes, and Security Properties


Banach, Richard, Jeske, Czeslaw, Poppleton, Michael and Stepney, Susan (2006) Retrenching the Purse: Hashing Injective CLEAR Codes, and Security Properties. In, IEEE ISOLA 2006: 2nd Int. Symp. on Leveraging Applications of Formal Methods, Verification and Validation, Paphos, Cyprus, IEEE Computer Society, 76-89.

Download

[img] PDF
Download (128Kb)

Description/Abstract

The Mondex Electronic Purse is an outstanding example of industrial scale formal refinement, and was the first verification to achieve ITSEC level E6 certification. A formal abstract model and a formal concrete model were developed, and a formal refinement was hand-proved between them. Nevertheless, certain requirements issues were set beyond the scope of the formal development, or handled in an unnatural manner. The retrenchment Tower Pattern is used to address one such issue in detail: the use of a hash function rather than a total injective function when clearing the highly constrained purse logs. A retrenchment is constructed from the lowest level model to a model using a hash, and is then lifted to create two refinement developments, working at different levels of detail, and connected via retrenchments. The tower development is appropriately validated, vindicating the design used.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Event Dates: November 19, 2006
Keywords: retrenchment, refinement, mondex, electronic purse
Divisions: Faculty of Physical Sciences and Engineering > Electronics and Computer Science
ePrint ID: 263247
Date Deposited: 13 Dec 2006
Last Modified: 27 Mar 2014 20:06
Publisher: IEEE Computer Society
Further Information:Google Scholar
URI: http://eprints.soton.ac.uk/id/eprint/263247

Actions (login required)

View Item View Item