An Automatically Verified Prototype of the Tokeneer ID Station Specification

The Tokeneer project was an initiative set forth by the National Security Agency (NSA, USA) to be used as a demonstration that developing highly secure systems can made applying rigorous methods in cost-effective manner. Altran UK selected NSA carry out development of ID Station. company wrote Z specification later implemented SPARK Ada programming language, which verified using Examiner toolset. In this paper, we show readily and naturally encoded $$\{log\}$$ { l o g } constraint thereby generating functional prototype. Furthermore, ’s automated proving capabilities discharge all proof obligations concerning state invariants well important security properties. As consequence, prototype regarded correct with respect This provides empirical evidence users use generate prototypes from their specifications. turn, these enable or simplify some verification activities discussed paper.