2006
DOI: 10.1007/11813040_2
|View full text |Cite
|
Sign up to set email alerts
|

The Mondex Challenge: Machine Checked Proofs for an Electronic Purse

Abstract: Abstract. The Mondex case study about the specification and refinement of an electronic purse as defined in [SCJ00] has recently been proposed as a challenge for formal system-supported verification. This paper reports on the successful verification of the major part of the case study using the KIV specification and verification system. We demonstrate that even though the hand-made proofs were elaborated to an enormous level of detail we still could find small errors in the underlying data refinement theory as… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
29
0

Year Published

2006
2006
2014
2014

Publication Types

Select...
6
2

Relationship

3
5

Authors

Journals

citations
Cited by 29 publications
(30 citation statements)
references
References 19 publications
1
29
0
Order By: Relevance
“…While the first [SGHR06b] used the original backward simulation and data refinement, the second uses abstract state machines (ASMs, [Gur95], [BS03]) together with ASM refinement and generalized forward simulations [Sch01].…”
Section: The Refinement Of Schellhorn Et Al [Sgh + 07]mentioning
confidence: 99%
See 1 more Smart Citation
“…While the first [SGHR06b] used the original backward simulation and data refinement, the second uses abstract state machines (ASMs, [Gur95], [BS03]) together with ASM refinement and generalized forward simulations [Sch01].…”
Section: The Refinement Of Schellhorn Et Al [Sgh + 07]mentioning
confidence: 99%
“…1 Rather unusually for a commercial product, a sanitised version of the core of the formal development was made publicly available [SCW00]. Since then it has been a fertile ground for formal methods researchers -the original, human-built proofs of the security properties have been subjected to re-examination by contemporary techniques, and have stood up extremely well to the fiercest tool-based scrutiny achievable today, the first such mechanical verification being [SGHR06b].…”
Section: Introductionmentioning
confidence: 99%
“…General idea of using this command for falsification is trying to explore the reachable state space of an OTS from its initial state to a state in which an invariant does not hold. To use the CafeOBJ search command, we need to (1) give an explicit state structure for an OTS S, and then obeying this state structure, to (2) give, for each action (representing a transition of S) defined in equations, additional state transition expressions. Assume that the state structure of an OTS is decided to be < υ >, then an additional state transition expression for the action expression described in Sect.…”
Section: Falsification With Search Commandmentioning
confidence: 99%
“…Mondex Electronic Purse [2], Analog and MixedSignal Circuits [3]). The benefits of using formal methods to the design of such systems stem from two aspects.…”
Section: Introductionmentioning
confidence: 99%
“…The original refinement proofs using Z have been done on a very detailed level by hand [22]. [19] shows that the same verification can be done with good tool support and in a short period of time using KIV. The Mondex refinement basically splits a world view of an application into components implementing a protocol.…”
Section: Related Workmentioning
confidence: 99%