A Systematic Verification Approach for Mondex Electronic Purses Using ASMs

In previous work we solved the challenge to mechanically verify the Mondex challenge about the specification and refinement of an electronic purse, using the given data refinement framework. In this paper we show that using ASM refinement and generalized forward simulations instead of the original approach allows to find a more systematic proof. Our technique of past and future invariants and simulations avoids the need to define a lot of properties for intermediate states during protocol runs. The new proof can be better automated in KIV. The systematic development of a generalized forward simulation uncovered a weakness of the protocol that could be exploited in a denial of service attack. We show a modification of the protocol that avoids this weakness, and that is even slightly easier to verify.

[1]  Susan Stepney,et al.  Retrenching the Purse: The Balance Enquiry Quandary, and Generalised and (1, 1) Forward Refinements , 2007, Fundam. Informaticae.

[2]  Richard Banach,et al.  On the Refinement of Atomic Actions , 2008, Electron. Notes Theor. Comput. Sci..

[3]  S. Stepney,et al.  Derivation of Z refinement proof rules: Forwards and backwards rules incorporating input/output refi , 2002 .

[4]  Maritta Heisel,et al.  A Dynamic Logic for Program Verification , 1989, Logic at Botik.

[5]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .

[6]  Wolfgang Reif,et al.  Verification of Mondex electronic purses with KIV: from transactions to a security protocol , 2007, Formal Aspects of Computing.

[7]  Wolfgang Reif,et al.  Verifying Smart Card Applications: An ASM Approach , 2007, IFM.

[8]  Tahina Ramananandro,et al.  Mondex, an electronic purse: specification and refinement checks with the Alloy model-finding method , 2007, Formal Aspects of Computing.

[9]  Wolfgang Ahrendt,et al.  The WAM Case Study: Verifying Compiler Correctness for Prolog with KIV , 1998 .

[10]  Tobias Nipkow,et al.  FM 2006: Formal Methods, 14th International Symposium on Formal Methods, Hamilton, Canada, August 21-27, 2006, Proceedings , 2006, FM.

[11]  Gregory H. Harris,et al.  Review of "Abstract state machines: a method for high-level system design and analysis" by Egon Börger and Robert Stärk. Springer-Verlag 2003. , 2004, SOEN.

[12]  Perdita Stevens,et al.  Refinement in Z and object-Z: foundations and advanced applications , 2002, Softw. Test. Verification Reliab..

[13]  Gerhard Schellhorn Verification of ASM Refinements Using Generalized Forward Simulation , 2001, J. Univers. Comput. Sci..

[14]  Jerzy Tiuryn,et al.  Dynamic logic , 2001, SIGA.

[15]  Dominik Haneberg Sicherheit von Smart-Card-Anwendungen , 2007 .

[16]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[17]  Jim Woodcock,et al.  Z/Eves and the Mondex Electronic Purse , 2006, ICTAC.

[18]  Rod M. Burstall,et al.  Program Proving as Hand Simulation with a Little Induction , 1974, IFIP Congress.

[19]  Kurt Stenzel,et al.  Structured Specifications and Interactive Proofs with KIV , 1998 .

[20]  Egon Börger,et al.  The WAM - Definition and Compiler Correctness , 1995, Logic Programming: Formal Methods and Practical Applications.

[21]  Jim Woodcock,et al.  Derivation of Refinement Proof Rules for Z: forwards and backwards rules incorporating input/output refinement , 2000 .

[22]  Jonathan P. Bowen,et al.  ZB 2003: Formal Specification and Development in Z and B , 2003, Lecture Notes in Computer Science.

[23]  Yuri Gurevich,et al.  Evolving algebras 1993: Lipari guide , 1995, Specification and validation methods.

[24]  Paul E. Debevec Virtual Cinematography: Relighting through Computation , 2006, Computer.

[25]  Egon Börger,et al.  The ASM Refinement Method , 2003, Formal Aspects of Computing.

[26]  Eerke Albert Boiten,et al.  Refinement in Z and Object-Z: Foundations and Advanced Applications , 2001 .

[27]  W. Bibel,et al.  Automated deduction : a basis for applications , 1998 .

[28]  Yde Venema,et al.  Dynamic Logic by David Harel, Dexter Kozen and Jerzy Tiuryn. The MIT Press, Cambridge, Massachusetts. Hardback: ISBN 0–262–08289–6, $50, xv + 459 pages , 2002, Theory and Practice of Logic Programming.

[29]  Jonathan P. Bowen,et al.  ZUM '97: The Z Formal Specification Notation , 1997, Lecture Notes in Computer Science.

[30]  Chris George,et al.  Specification and Proof of the Mondex Electronic Purse , 2006, FM 2006.

[31]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[32]  Wolfgang Reif,et al.  The Mondex Challenge: Machine Checked Proofs for an Electronic Purse , 2006, FM.

[33]  John Derrick,et al.  Using Coupled Simulations in Non-atomic Refinement , 2003, ZB.

[34]  Christoph Beierle,et al.  Logic Programming: Formal Methods and Practical Applications , 1994 .

[35]  Jim Woodcock,et al.  First Steps in the Verified Software Grand Challenge , 2006, Computer.

[36]  Egon Börger,et al.  A Practical Method for Rigorously Controllable Hardware Design , 1997, ZUM.

[37]  Jim Woodcock,et al.  An Electronic Purse: Specification, Refinement and Proof , 2000 .

[38]  Kamel Barkaoui,et al.  Theoretical Aspects of Computing - ICTAC 2006, Third International Colloquium, Tunis, Tunisia, November 20-24, 2006, Proceedings , 2006, ICTAC.

[39]  Gerhard Schellhorn,et al.  ASM refinement and generalizations of forward simulation in data refinement: a comparison , 2005, Theor. Comput. Sci..

[40]  Egon Börger Specification and validation methods , 1995 .