© Crown Copyright (2000) Module 2.2 Development Representations.
-
Upload
david-burke -
Category
Documents
-
view
216 -
download
3
Transcript of © Crown Copyright (2000) Module 2.2 Development Representations.
© Crown Copyright (2000)
Module 2.2
Development
Representations
“You Are Here”
M2.1 Requirements
M2.2 Development Representations
M2.3 Functional Testing
M2.4 Development Environment
M2.5 Operational Environment
M2.6 Vulnerability Analysis
M2.7 Penetration Testing
M2.8 Assurance Maintenance/Composition
MODULE 2 - ASSURANCE
Introduction
• Refinement
• Traceability Analysis
• Separation
• Specification Styles
Refinement
• High Level (Architectural )Design
• Low Level (Detailed ) Design
• Implementation Representation (e.g. source code or hardware drawings)
• Depth of Refinement (Commensurate with Assurance)
Traceability Analysis
• Validate correctness of refinement• Security Function to High Level (Architectural)
Design to Low Level (Detailed) Design to Implementation
Security Function
High LevelDesign
Low LevelDesign
Separation
• Ideally integrated into design of product/system• Focus on limited areas• Physical, logical, temporal, others
Specification Styles
• Various styles
• More assurance from greater formality
ITSEC Requirements
Aspect E1 E2 E3 E4 E5 E6
Architectural Design I I I S S F
Detailed Design I I S S S
Modularity of Design
Source code /hardware drawings
CC Requirements
Aspect EAL1
EAL2
EAL3
EAL4
EAL5
EAL6
EAL7
Functional Specification I I I I S S F
High-level Design I I I S S F
Low-level Design I I S S
TOE Internals
ImplementationRepresentation
%
Evaluation Reporting
• Examination of documentation– show how and where requirements are satisfied– demonstrate traceability
Summary
• Refinement
• Traceability
• Separation
• Specification
Further Reading
ITSEC Evaluation
• UK SP 05 Part III, Chapters 5-7
CC Evaluation
• CC Part 3, Sections 2.6.3 and 10
• CEM Part 2, Chapters 5-8 (ADV sections)
Exercise - Design
• Split into two syndicates
• Write a High Level (Architectural) or Low Level (Detailed) design for a Security Function
• Swap over the designs
• Evaluate the designs
• Discuss findings