600.436
High-Assurance Systems
Fall 01/Introduction
29
Security Policy Model
¨Precise
formulation of the security policy that the TOE enforces via the interfaces described in the
Functional Specification
¨At
higher assurance levels, this must be expressed either
–Semi-formally: Using, e.g., restricted natural language or
graphical representation
–Formally:
Using mathematical notation