Evaluation of OCL for Large-Scale Modelling: A Different View of the Mondex Purse

Evaluation of OCL for Large-Scale Modelling: A Different View of the Mondex Smart Card Application

OCL is used to add rigour to UML/MOF models, and in particular can be used to express behavioural details (e.g., operation preand postconditions, class invariants) of such models. The applicability and utility of OCL can be assessed by applying it to realistic applications and by investigating its capabilities both in terms of language characteristics and tool support. With this in mind, in thi...

The Mondex Purse: Requirements and Retrenchments

On the Refinement of Atomic Actions

Inspired by the properties of the refinement development of the Mondex Electronic Purse, we view an atomic action as a family of transitions with a common before-state, and different after-states corresponding to different possible outcomes when the action is attempted. We view a protocol for an atomic action as a computation tree, each branch of which achieves in several steps, one of the outc...

Retrenching the Purse: Finite Sequence Numbers

The Mondex Electronic Purse system [18] is an outstanding example of formal refinement techniques applied to a genuine industrial scale application, and is notable for being the first verification to achieve ITSEC level E6 certification. A formal abstract model including security properties, and a formal concrete model of the system design were developed, and a complex formal refinement was the...

Specification and Proof of the Mondex Electronic Purse

This paper describes how the communication protocol of Mondex electronic purses can be specified and verified wrt. desired security properties. The specification is developed by stepwise refinement using the RAISE formal specification language, RSL, and the proofs are made by translation to PVS and SAL.