Formal Aspects of Computing

, Volume 20, Issue 1, pp 5–19

The certification of the Mondex electronic purse to ITSEC Level E6

  • Jim Woodcock
  • Susan Stepney
  • David Cooper
  • John Clark
  • Jeremy Jacob
Original Article

DOI: 10.1007/s00165-007-0060-5

Cite this article as:
Woodcock, J., Stepney, S., Cooper, D. et al. Form Asp Comp (2008) 20: 5. doi:10.1007/s00165-007-0060-5

Abstract.

Ten years ago the Mondex electronic purse was certified to ITSEC Level E6, the highest level of assurance for secure systems. This involved building formal models in the Z notation, linking them with refinement, and proving that they correctly implement the required security properties. The work has been revived recently as a pilot project for the international Grand Challenge in Verified Software. This paper records the history of the original project and gives an overview of the formal models and proofs used.

Keywords.

CertificationCorrectnessElectronic financeGrand challengesGrand Challenge in Verified SoftwareITSEC Level E6MondexRefinementSecuritySmart cardsTheorem provingVerificationVerified Software RepositoryZ notation

Copyright information

© British Computer Society 2007

Authors and Affiliations

  • Jim Woodcock
    • 1
  • Susan Stepney
    • 1
  • David Cooper
    • 1
  • John Clark
    • 1
  • Jeremy Jacob
    • 1
  1. 1.Department of Computer ScienceUniversity of YorkHeslingtonUK