Abstract — The Mondex Electronic Purse is an outstanding example of industrial scale formal refinement, and was the first verification to achieve ITSEC level E6 certification. A formal abstract model and a formal concrete model were developed, and a formal refinement was hand-proved between them. Nev-ertheless, certain requirements issues were set beyond the scope of the formal development, or handled in an unnatural manner. The retrenchment Tower Pattern is used to address one such issue in detail: the use of a hash function rather than a total injective function when clearing the highly constrained purse logs. A retrenchment is constructed from the lowest level model to a model using a hash, and is then lifted to create two refinement dev...
It is argued that refinement, in which I/O signatures stay the same, preconditions are weakened and ...
Refinement is reviewed, highlighting in particular the distinction between its use as a specificatio...
The Mondex case study about the specification and refinement of an electronic purse as defined in [S...
The Mondex Electronic Purse is an outstanding example of industrial scale formal refinement, and was...
The Mondex Electronic Purse system is an outstanding example of formal refinement techniques applied...
Richard Banach , Michael Poppleton Czeslaw Jeske and Susan Stepney Department of Compute...
Some of the success stories of model based refinement are recalled, as well as some of the annoyance...
Abstract. Some of the success stories of model based refinement are recalled, as well as some of the...
AbstractRefinement is reviewed, highlighting in particular the distinction between its use as a spec...
The Mondex case study about the specification and refinement of an electronic purse as defined in [m...
In [SGHR06] we have solved the challenge to mechanically verify the Mondex challenge about the speci...
Refinement is a long-established technique that is widely used in the rigorous development of softwa...
Abstract. A truly secure protocol is one which never violates its se-curity requirements, no matter ...
It is argued that refinement, in which I/O signatures stay the same, preconditions are weakened and ...
A truly secure protocol is one which never violates its security requirements, no matter how bizarre...
It is argued that refinement, in which I/O signatures stay the same, preconditions are weakened and ...
Refinement is reviewed, highlighting in particular the distinction between its use as a specificatio...
The Mondex case study about the specification and refinement of an electronic purse as defined in [S...
The Mondex Electronic Purse is an outstanding example of industrial scale formal refinement, and was...
The Mondex Electronic Purse system is an outstanding example of formal refinement techniques applied...
Richard Banach , Michael Poppleton Czeslaw Jeske and Susan Stepney Department of Compute...
Some of the success stories of model based refinement are recalled, as well as some of the annoyance...
Abstract. Some of the success stories of model based refinement are recalled, as well as some of the...
AbstractRefinement is reviewed, highlighting in particular the distinction between its use as a spec...
The Mondex case study about the specification and refinement of an electronic purse as defined in [m...
In [SGHR06] we have solved the challenge to mechanically verify the Mondex challenge about the speci...
Refinement is a long-established technique that is widely used in the rigorous development of softwa...
Abstract. A truly secure protocol is one which never violates its se-curity requirements, no matter ...
It is argued that refinement, in which I/O signatures stay the same, preconditions are weakened and ...
A truly secure protocol is one which never violates its security requirements, no matter how bizarre...
It is argued that refinement, in which I/O signatures stay the same, preconditions are weakened and ...
Refinement is reviewed, highlighting in particular the distinction between its use as a specificatio...
The Mondex case study about the specification and refinement of an electronic purse as defined in [S...