eprintid: 263247
rev_number: 201
eprint_status: archive
userid: 893
source: http://eprints.ecs.soton.ac.uk/id/eprint/13247
dir: disk0/00/26/32/47
datestamp: 2006-12-13
lastmod: 2024-03-14 07:27:53
status_changed: 2011-03-01 11:21:46
type: conference_item
metadata_visibility: show
item_issues_count: 0
ispublished: pub
full_text_status: public
keywords: retrenchment, refinement, mondex, electronic purse
note: Event Dates: November 19, 2006
date: 2006
event_title: IEEE ISOLA 2006: 2nd Int. Symp. on Leveraging Applications of Formal Methods, Verification and Validation (19/11/06)
event_type: conference
refereed: TRUE
divisions: 03ec46aa-1e95-45b1-ae8b-34b17f3ac30f
locs_drange_place: Paphos
locs_drange_country: Cyprus
locs_drange_venue: IEEE ISOLA 2006: 2nd Int. Symp. on Leveraging Applications of Formal Methods, Verification and Validation
locs_drange_start: 2006-11-19
locs_drange_type: event
creators_name: Banach, Richard
creators_name: Jeske, Czeslaw
creators_name: Poppleton, Michael
creators_name: Stepney, Susan
creators_id: 3c9a2946-4d86-428e-bce2-6dfdde219ff3
creators_id: fbe74737-872a-44ad-9592-d2036aeb95a1
creators_id: 00f3ffec-b4ff-4dd3-89a4-7a9aaff1c9f1
creators_id: 7a80b0af-85d5-4686-87fe-62d782c72156
creators_hidden: FALSE
creators_hidden: FALSE
creators_hidden: FALSE
creators_hidden: FALSE
contributors_type: http://www.loc.gov/loc.terms/relators/AUT
contributors_type: http://www.loc.gov/loc.terms/relators/AUT
contributors_type: http://www.loc.gov/loc.terms/relators/AUT
contributors_type: http://www.loc.gov/loc.terms/relators/AUT
contributors_type: http://www.loc.gov/loc.terms/relators/EDT
contributors_type: http://www.loc.gov/loc.terms/relators/EDT
contributors_type: http://www.loc.gov/loc.terms/relators/EDT
contributors_name: Banach, Richard
contributors_name: Jeske, Czeslaw
contributors_name: Poppleton, Michael
contributors_name: Stepney, Susan
contributors_name: Margaria, Tiziana
contributors_name: Philippou, Anna
contributors_name: Steffen, Bernhard
contributors_id: 3c9a2946-4d86-428e-bce2-6dfdde219ff3
contributors_id: fbe74737-872a-44ad-9592-d2036aeb95a1
contributors_id: 00f3ffec-b4ff-4dd3-89a4-7a9aaff1c9f1
contributors_id: 7a80b0af-85d5-4686-87fe-62d782c72156
contributors_id: 77631364-2e50-4626-8f14-5dd63669c470
contributors_id: 140c2451-d79a-4c10-83b7-e84b547ba8e2
contributors_id: 14184ff8-14ec-4cb3-a58f-73bead1bb1fc
contributors_hidden: FALSE
contributors_hidden: FALSE
contributors_hidden: FALSE
contributors_hidden: FALSE
contributors_hidden: FALSE
contributors_hidden: FALSE
contributors_hidden: FALSE
title: Retrenching the Purse: Hashing Injective CLEAR Codes, and Security Properties
pres_type: paper
abstract: The Mondex Electronic Purse is an outstanding example of industrial scale formal refinement, and was the first verification to achieve ITSEC level E6 certification. A formal abstract model and a formal concrete model were developed, and a formal refinement was hand-proved between them. Nevertheless, certain requirements issues were set beyond the scope of the formal development, or handled in an unnatural manner. The retrenchment Tower Pattern is used to address one such issue in detail: the use of a hash function rather than a total injective function when clearing the highly constrained purse logs. A retrenchment is constructed from the lowest level model to a model using a hash, and is then lifted to create two refinement developments, working at different levels of detail, and connected via retrenchments. The tower development is appropriately validated, vindicating the design used.
date_type: published
pagerange: 76-89
editors_name: Margaria, Tiziana
editors_name: Philippou, Anna
editors_name: Steffen, Bernhard
editors_id: 77631364-2e50-4626-8f14-5dd63669c470
editors_id: 140c2451-d79a-4c10-83b7-e84b547ba8e2
editors_id: 14184ff8-14ec-4cb3-a58f-73bead1bb1fc
referencetext: [1] S. Stepney, D. Cooper, and J. Woodcock, “An electronic purse: Specification, refinement and proof,” Oxford University Computing Laboratory, Tech. Rep. PRG-126, 2000. [2] D. of Trade and Industry, “Information Technology Security Evaluation Criteria,” 1991, http://www.cesg.gov.uk/site/iacs/itsec/media/formaldocs/ Itsec.pdf. [3] Common Criteria for Information Security Evaluation, ISO 15408, v. 3.0 rev. 2, 2005. [4] R. Banach and M. Poppleton, “Retrenchment: An engineering variation on refinement,” in 2nd International B Conference, ser. LNCS, D. Bert, Ed., vol. 1393. Montpellier, France: Springer, April 1998, pp. 129–147. [5] ——, “Sharp retrenchment, modulated refinement and simulation,” Formal Aspects of Computing, vol. 11, pp. 498–540, 1999. [6] M. Poppleton and R. Banach, “Controlling control systems: An application of evolving retrenchment,” in Second International Conference of B and Z Users, ser. LNCS, D. Bert, J. Bowen, M. Henson, and K. Robinson, Eds., vol. 2272. Grenoble, France: Springer, January 2002, pp. 42–61. [7] R. Banach and M. Poppleton, “Retrenching partial requirements into system definitions: A simple feature interaction case study,” Requirements Engineering Journal, vol. 8, no. 2, 2003, 22pp. [8] R. Banach, M. Poppleton, C. Jeske, and S. Stepney, “Retrenching the purse: Finite sequence numbers and the tower pattern,” in Formal Methods 2005, ser. LNCS, J. Fitzgerald, I. Hayes, and T. A., Eds., vol. 3582. Newcastle, UK: Springer, 2005, pp. 382–398. [9] R. Banach, C. Jeske, M. Poppleton, and S. Stepney, “Retrenching the purse: Finite exception logs, and validating the small,” in Workshop on Software Engineering 2006, M. Hinchey, Ed. Loyola College, MD: IEEE Computer Society Press, 2006. [10] R. Banach, M. Poppleton, C. Jeske, and S. Stepney, “Retrenching the purse: The balance enquiry quandary, and generalised and (1,1) forward refinements,” Fundamenta Informaticae, 2006, (to appear). [11] C. Jeske, “Algebraic integration of retrenchment and refinement,” Ph.D. dissertation, University of Manchester, 2005. [12] J. Woodcock and J. Davies, Using Z: Specification, Refinement and Proof. Prentice-Hall, 1996. [13] J. Derrick and E. Boiten, Refinement in Z and Object-Z, ser. FACIT. Springer, 2001. [14] S. Stepney, F. Polack, and I. Toyn, “An outline pattern language for Z,” in Third International Conference of B and Z Users, ser. LNCS, D. Bert, J. Bowen, S. King, and M. Wald´en, Eds., vol. 2651. Turku, Finland: Springer, June 2000, pp. 2–19. [15] ——, “Patterns to guide practical refactoring,” in Third International Conference of B and Z Users, ser. LNCS, D. Bert, J. Bowen, S. King, and M. Wald´en, Eds., vol. 2651. Turku, Finland: Springer, June 2000, pp. 20–39. [16] R. Banach, “Maximally abstract retrenchments,” in Proc. IEEE ICFEM2000. York: IEEE Computer Society Press, August 2000, pp. 133–142. [17] D. Bert, J. Bowen, S. King, and M. Wald´en, Eds., Proc. ZB2003: Formal Specification and Development in Z and B, ser. LNCS, vol. 2651. Turku, Finland: Springer, June 2000.
languages_3char: eng
organisations: Electronics & Computer Science
pure_uuid: d2687fd0-dd1e-4f97-aa03-5854038679ed
fp7_type: info:eu-repo/semantics/conferenceObject
dates_date: 2006
dates_date_type: published
hoa_compliant: 304
hoa_date_pub: 2006-12-13
citation:         Banach, Richard, Jeske, Czeslaw, Poppleton, Michael and Stepney, Susan      (2006)     Retrenching the Purse: Hashing Injective CLEAR Codes, and Security Properties.      Margaria, Tiziana, Philippou, Anna and Steffen, Bernhard (eds.)            IEEE ISOLA 2006: 2nd Int. Symp. on Leveraging Applications of Formal Methods, Verification and Validation, Paphos, Cyprus.           pp. 76-89  .          
document_url: https://eprints.soton.ac.uk/263247/1/Retrench.Mondex.Hash.ISOLA06.pdf