600.436 High-Assurance Systems
Fall 01/Introduction
29
Security Policy Model
¨Precise formulation of the security policy that the TOE enforces via the interfaces described in the Functional Specification
¨At higher assurance levels, this must be expressed either
–Semi-formally: Using, e.g., restricted natural language or graphical representation
–Formally: Using mathematical notation