brucker.ea:cvs-server:2002 BookSection Augsburg 2002 jul FM-TOOLS 2002 47-52 BruckerAchimD RittingerFrank WolffBurkhart HanebergDominik SchellhornGerhard ReifWolfgang The CVS-Server Case Study: A Formalized Security Architecture CVS is a widely known version management system. Configured in server mode, it can be used for the distributed development of software as well as its distribution from a central database called the repository. In this setting, a number of security mechanisms have to be integrated into the CVS-server architecture. We present an abstract formal model of the access control aspects of a CVS-server architecture enforcing a role-based access control on the data in the repository. This abstract architecture is refined to an implementation architecture, which represents (an abstraction of) a concrete CVS-server configuration running in a POSIX/UNIX environment. Both the abstract as well as the concrete architecture are specified in the language Z. The specification is compiled to HOL-Z, such that refinement proofs for this case study can be done in Isabelle/HOL.