600.436: High-Assurance Systems

600.436 High-Assurance Systems

Fall 01/System Security Realization

Descriptive Low Level Design

¨The low-level design shall

–be presented informally.

–be internally consistent.

–describe the TSF in terms of modules.

–describe the purpose of each module.

–define the interrelationships between the modules in terms of provided security functionality and dependencies on other modules.

–describe how each TSP-enforcing function is provided.

–identify all interfaces to the modules of the TSF.

–identify which of the interfaces to the modules of the TSF are externally visible.

–describe the purpose and method of use of all interfaces to the modules of the TSF, providing details of effects, exceptions and error messages, as appropriate.

–describe the separation of the TOE into TSP-enforcing and other modules.