The certification of the Mondex electronic purse to ITSEC Level E6
Ten years ago the Mondex electronic purse was certified to ITSEC Level E6, the highest
level of assurance for secure systems. This involved building formal models in the Z …
level of assurance for secure systems. This involved building formal models in the Z …
Engineering and theoretical underpinnings of retrenchment
Refinement is reviewed, highlighting in particular the distinction between its use as a
specification constructor at a high level, and its use as an implementation mechanism at a …
specification constructor at a high level, and its use as an implementation mechanism at a …
Retrenchment and refinement interworking: the tower theorems
R Banach, C JESKE - Mathematical Structures in Computer Science, 2015 - cambridge.org
Retrenchment is a flexible model evolution formalism that compensates for the limitations
imposed by specific formulations of refinement. Its refinement-like proof obligations feature …
imposed by specific formulations of refinement. Its refinement-like proof obligations feature …
Composition mechanisms for retrenchment
R Banach, C Jeske, M Poppleton - The Journal of Logic and Algebraic …, 2008 - Elsevier
Retrenchment is a flexible model evolution formalism that arose as a reaction to the
limitations imposed by refinement, and for which the proof obligations feature additional …
limitations imposed by refinement, and for which the proof obligations feature additional …
Retrenching the purse: The balance enquiry quandary, and generalised and (1, 1) forward refinements
R Banach, C Jeske, M Poppleton… - Fundamenta …, 2007 - content.iospress.com
Some of the success stories of model based refinement are recalled, as well as some of the
annoyances that arise when refinement is deployed in the engineering of large systems. The …
annoyances that arise when refinement is deployed in the engineering of large systems. The …
Graded refinement, retrenchment, and simulation
R Banach - ACM Transactions on Software Engineering and …, 2023 - dl.acm.org
Refinement of formal system models towards implementation has been a mainstay of system
development since the inception of formal and Correct by Construction approaches to …
development since the inception of formal and Correct by Construction approaches to …
Retrenching the purse: hashing injective CLEAR codes, and security properties
R Banach, M Poppleton, C Jeske… - … Applications of Formal …, 2006 - ieeexplore.ieee.org
The Mondex Electronic Purse is an outstanding example of industrial scale formal
refinement, and was the first verification to achieve ITSEC level E6 certification. A formal …
refinement, and was the first verification to achieve ITSEC level E6 certification. A formal …
Retrenchment for Event-B: UseCase-wise development and Rodin integration
R Banach - Formal Aspects of Computing, 2011 - Springer
Abstract UseCase-wise Development, an 'Agile Method'which introduces functionality into
an application stage by stage, with each stage being carried through (ideally) to …
an application stage by stage, with each stage being carried through (ideally) to …
The mechanical generation of fault trees for reactive systems via retrenchment I: combinational circuits
The manual construction of fault trees for complex systems is an error-prone and time-
consuming activity, encouraging automated techniques. In this paper we show how the …
consuming activity, encouraging automated techniques. In this paper we show how the …
[PDF][PDF] Model based refinement and the design of retrenchments
R Banach - Available from [RET], 2009 - jscse.com
The ingredients of typical methodologies for model based development via refinement are re-
examined, and some well-known frameworks are reviewed, drawing out commonalities and …
examined, and some well-known frameworks are reviewed, drawing out commonalities and …