The certification of the Mondex electronic purse to ITSEC Level E6

Authors:
Jim Woodcock;Susan Stepney;David Cooper;John Clark;Jeremy Jacob
Affiliations:
University of York, Department of Computer Science, YO10 5DD, Heslington, York, UK;University of York, Department of Computer Science, YO10 5DD, Heslington, York, UK;University of York, Department of Computer Science, YO10 5DD, Heslington, York, UK;University of York, Department of Computer Science, YO10 5DD, Heslington, York, UK;University of York, Department of Computer Science, YO10 5DD, Heslington, York, UK
Venue:
Formal Aspects of Computing
Year:
2007

Citing 0
Cited 5

Formal methods: Practice and experience

ACM Computing Surveys (CSUR)
Security policy modeling using Z notation for common criteria version 3.1

ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 1
Analyzing a formal specification of Mondex using model checking

ICTAC'10 Proceedings of the 7th International colloquium conference on Theoretical aspects of computing
Tools for traceable security verification

VoCS'08 Proceedings of the 2008 international conference on Visions of Computer Science: BCS International Academic Conference
A comparative study of two formal specification languages: Z-notation & B-method

Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Ten years ago the Mondex electronic purse was certified to ITSEC Level E6, the highest level of assurance for secure systems. This involved building formal models in the Z notation, linking them with refinement, and proving that they correctly implement the required security properties. The work has been revived recently as a pilot project for the international Grand Challenge in Verified Software. This paper records the history of the original project and gives an overview of the formal models and proofs used.