600.436 High-Assurance Systems
Fall 01/System Security Realization
25
Descriptive Low Level Design
¨The low-level design shall
–be presented informally.
–be internally consistent.
–describe the TSF in terms of modules.
–describe the purpose of each module.
–define the interrelationships between the modules in terms of provided security functionality and dependencies on other modules.
–describe how each TSP-enforcing function is provided.
–identify all interfaces to the modules of the TSF.
–identify which of the interfaces to the modules of the TSF are externally visible.
–describe the purpose and method of use of all interfaces to the modules of the TSF, providing details of effects, exceptions and error messages, as appropriate.
–describe the separation of the TOE into TSP-enforcing and other modules.