Security Assurance:
Purpose, Product, and Proof

From First Week…
Informal Definition: “Assurance”

Two Paths to Assurance

Path Chosen for this Course:
Compliance Validation

From First Week…
The Basic Questions of Assurance

From First Week…
Basic Questions of Assurance (Again)

User Objectives

Developer Objectives

Evaluator Objectives

About liability…

So How Does It Work…

Some System Constraints

For This Overview…

By The Way…

Requirements Documentation

User Inputs

User Activities

User Outputs (in CC Context)

Requirements Content

Optimal Output is CC PP

Evidence Documentation

Developer Inputs

Developer Activities

Developer Activity Details

Developer CC Outputs

Caveat Student

TOE Security Target

Functional Specification

Security Policy Model

High-Level Security Design

Low-Level Security Design

Implementation

Representation Correspondence

Test Report

Validation Documentation

Evaluator Inputs

Evaluator Activities

Evaluator CEM Outputs

Evaluation Observation Reports

Evaluation Technical Report

Evaluation Summary Report

Discussion Topic 1:

Discussion Topic 2: