Original Article

Formal Aspects of Computing

, Volume 20, Issue 1, pp 5-19

First online:

The certification of the Mondex electronic purse to ITSEC Level E6

  • Jim WoodcockAffiliated withDepartment of Computer Science, University of York Email author 
  • , Susan StepneyAffiliated withDepartment of Computer Science, University of York
  • , David CooperAffiliated withDepartment of Computer Science, University of York
  • , John ClarkAffiliated withDepartment of Computer Science, University of York
  • , Jeremy JacobAffiliated withDepartment of Computer Science, University of York

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access

Abstract.

Ten years ago the Mondex electronic purse was certified to ITSEC Level E6, the highest level of assurance for secure systems. This involved building formal models in the Z notation, linking them with refinement, and proving that they correctly implement the required security properties. The work has been revived recently as a pilot project for the international Grand Challenge in Verified Software. This paper records the history of the original project and gives an overview of the formal models and proofs used.

Keywords.

Certification Correctness Electronic finance Grand challenges Grand Challenge in Verified Software ITSEC Level E6 Mondex Refinement Security Smart cards Theorem proving Verification Verified Software Repository Z notation