Advertisement

Formal Aspects of Computing

, Volume 20, Issue 1, pp 21–39 | Cite as

Mondex, an electronic purse: specification and refinement checks with the Alloy model-finding method

  • Tahina Ramananandro
Original Article

Abstract

This paper explains how the Alloy model-finding method has been used to check the specification of an electronic purse (also called smart card) system, called the Mondex case study, initially written in Z. After describing the payment protocol between two electronic purses, and presenting an overview of the Alloy model-finding method, this paper explains how technical issues about integers and conceptual issues about the object layout in Z have been tackled in Alloy, giving general methods that can be used in most case studies with Alloy. This work has also pointed out some significant bugs in the original Z specification such as reasoning bugs in the proofs, and proposes a way to solve them.

Keywords

Alloy Model-finding Mondex electronic purse Refinement Security properties 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. AKMR03.
    Arkoudas K, Khurshid S, Marinov D, Rinard M (2003) Integrating model-checking and theorem proving for relational reasoning. In: 7th international seminar on relational methods in computer science (RelMiCS)Google Scholar
  2. All.
    The Alloy model-finding method. http://alloy.mit.edu
  3. Ath.
    The Athena interactive theorem proving system. http://www.cag.csail.mit.edu/~kostas/dpls/athena
  4. FPB+05.
    Frias MF, López Pombo CG, Baum GA, Aguirre NM, Maibaum TSE (2005) Reasoning about static and dynamic properties in alloy: a purely relational approach. ACM Trans Softw Eng Methodol 14(4):478–526CrossRefGoogle Scholar
  5. GMB05.
    Gheyi R, Massoni T, Borba P (2005) An abstract equivalence notion for object models. Electr Notes Theor Comput Sci 130:3–21CrossRefGoogle Scholar
  6. Hal90.
    Hall A (1990) Using Z as a Specification Calculus for Object-oriented Systems. In: VDM90: VDM and Z Formal Methods in Software Development, Lecture Notes in Computer Science, number 428, pp 290–318Google Scholar
  7. Jac00.
    Jackson D (2000) Automating first-order relational logic. In: Proceedings of ACM SIGSOFT conferences on foundations of software engineering, p 11Google Scholar
  8. Jac02.
    Jackson D (2002) Alloy: a lightweight object modelling notation. ACM Trans Softw Eng Methodol 11(2):256–290CrossRefGoogle Scholar
  9. Jac06.
    Jackson D (2006) Software abstractions: logic, language and analysis. The MIT Press, CambridgeGoogle Scholar
  10. KIV.
    KIV, the Karlsruhe Interactive Verifier. http://i11www.iti.uni-karlsruhe.de/~kiv
  11. LAIR+05.
    Lev-Ami T, Immerman N, Reps TW, Sagiv S, Srivastava S, Yorsh G (2005) Simulating reachability using first-order logic with applications to verification of linked data structures. In: Proceedings of 20th international conference on automated deduction, pp 99–115Google Scholar
  12. MCS.
  13. Mom04.
    Momtahan L (2004) Towards a small model theorem for data independent systems. Electr Notes Theor Comput Sci 128(6):3Google Scholar
  14. Mon.
    The Mondex electronic purse system. http://www.mondex.com
  15. Ram.
    Ramananandro T (2006) The Mondex Case Study with Alloy. http://www.eleves.ens.fr/~ramanana/work/mondex
  16. Ram06.
    Ramananandro T (2006) Mondex, an electronic purse: specification and refinement checks with the Alloy model-finding method. Internship report, MIT and École normale supérieureGoogle Scholar
  17. SCW00.
    Stepney S, Cooper D, Woodcock J (2000) An electronic purse: specification, refinement and proof. Technical Monograph PRG-126. Oxford University Computing Laboratory, Programming Research GroupGoogle Scholar
  18. SGHR06.
    Schellhorn G, Grandy H, Haneberg D, Reif W (2006) The mondex challenge: machine-checked proofs for an electronic purse. Technical report, Lehrstuhl für Softwaretechnik und Programmiersprachen, Universität Augsburg, 2Google Scholar
  19. Spi92.
    Spivey MJ (1992) The Z notation: a reference manual, 2 edn. Prentice Hall, Englewood CliffsGoogle Scholar
  20. TJ07.
    Torlak E, Jackson D (2007) Kodkod: a relational model finder. In: Grumberg O, Huth M (eds) TACAS. vol 4424 of Lecture Notes in Computer Science. Springer, Heidelberg, pp 632–647Google Scholar
  21. Tor.
    Torlak E (2007) Kodkod, model finder for first order relational logic. http://web.mit.edu/emina/www/kodkod.html
  22. TPT.
    Thousands of Problems for Theorem Provers. http://www.cs.miami.edu/~tptp
  23. WD96.
    Woodcock J, Davies J (1996) Using Z: specification, refinement and proof. Prentice Hall, Englewood CliffszbMATHGoogle Scholar

Copyright information

© British Computer Society 2007

Authors and Affiliations

  1. 1.École Normale SupérieureParisFrance

Personalised recommendations