600.436 High-Assurance
Systems
Fall 01/Protection Profiles
24
Formal TSP Model
¨The TSP model shall be formal”
¨“Where the functional specification
is
at least semiformal, the demonstration of correspondence between the TSP Model and the functional specification shall be semiformal”
at least semiformal, the demonstration of correspondence between the TSP Model and the functional specification shall be semiformal”
¨“Where
the functional specification is formal,
the proof of correspondence between
the TSP Model and the functional
specification shall be formal”
