| Pair-wise Correspondence |
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ | Adjacent
Representations |
|||||||||||
| – | TOE
Summary Spec to Functional Spec |
|||||||||||
| – | Functional
Spec to High Level Design |
|||||||||||
| – | High
Level Design to Low Level Design |
|||||||||||
| – | Low
Level Design to Implementation |
|||||||||||
| Representation |
||||||||||||
| ¨ | Demonstration
of Correspondence Should |
|||||||||||
| Be
As Formal As Possible, Limited Only |
||||||||||||
| By
the Formality Of The Representations |
||||||||||||
|
|
| 600.436 High- |
|
| Assurance
Systems |
|
| Fall
01/System Security Realization |
| 50 |