Two models of an electronic hotel key card system are contrasted: a state based and a trace based one. Both are defined, verified, and proved equivalent in the theorem prover Isabelle/HOL. It is shown that if a guest follows a certain safety policy regarding her key cards, she can be sure that nobody but her can enter her room.


Induction Hypothesis Reachable State Case Distinction Safe Behaviour Safety Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Berghofer, S., Nipkow, T.: Random testing in Isabelle/HOL. In: Cuellar, J., Liu, Z. (eds.) Software Engineering and Formal Methods (SEFM 2004), pp. 230–239. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  2. 2.
    Jackson, D.: Software Abstractions. Logic, Language, and Analysis. MIT Press, Cambridge (2006)Google Scholar
  3. 3.
    Meng, J., Quigley, C., Paulson, L.C.: Automation for interactive proof: First prototype. Information and Computation (in press)Google Scholar
  4. 4.
    Nipkow, T.: Structured Proofs in Isar/HOL. In: Geuvers, H., Wiedijk, F. (eds.) TYPES 2002. LNCS, vol. 2646, pp. 259–278. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Nipkow, T., Paulson, L.C., Wenzel, M.T.: Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002), MATHCrossRefGoogle Scholar
  6. 6.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Computer Security 6, 85–128 (1998)Google Scholar
  7. 7.
    Weber, T.: Bounded model generation for Isabelle/HOL. In: Ahrendt, W., Baumgartner, P., de Nivelle, H., Ranise, S., Tinelli, C. (eds.) Selected Papers from the Workshops on Disproving and the Second International Workshop on Pragmatics of Decision Procedures (PDPAR 2004). Electronic Notes in Theoretical Computer Science, vol. 125(3), pp. 103–116 (2005)Google Scholar
  8. 8.
    Wenzel, M.: Isabelle/Isar — A Versatile Environment for Human-Readable Formal Proof Documents. PhD thesis, Institut für Informatik, Technische Universität München (2002),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Tobias Nipkow
    • 1
  1. 1.Institut für InformatikTU München 

Personalised recommendations