Title :
Retrenching the Purse: Finite Exception Logs, and Validating the Small
Author :
Banach, Richard ; Poppleton, Michael ; Stepney, Susan
Author_Institution :
Sch. of Comput. Sci., Manchester Univ.
Abstract :
The Mondex electronic purse is an outstanding example of industrial scale formal refinement, and was the first verification to achieve ITSEC level E6 certification. A formal abstract model and a formal concrete model were developed, and a formal refinement was hand-proved between them. Nevertheless, certain requirements issues were set beyond the scope of the formal development, or handled in an unnatural manner. The retrenchment tower pattern is used to address one such issue in detail: the finiteness of the purse log (which records unsuccessful transactions). A retrenchment is constructed from the lowest level model of the purse system to a model in which logs are finite, and is then lifted to create two refinement developments of the purse, working at different levels of detail, and connected via retrenchments, forming the tower. The tower development is appropriately validated, vindicating the design used
Keywords :
certification; electronic money; formal specification; formal verification; smart cards; ITSEC level E6 certification; Mondex electronic purse; finite exception logs; formal abstract model; formal concrete model; industrial scale formal refinement; purse system; retrenchment tower pattern; Application software; Computer industry; Computer science; Concrete; Industrial electronics; Poles and towers; Protocols; Refining; Robustness; Security;
Conference_Titel :
Software Engineering Workshop, 2006. SEW '06. 30th Annual IEEE/NASA
Conference_Location :
Columbia, MD
Print_ISBN :
0-7695-2624-1
DOI :
10.1109/SEW.2006.28
