600.436 High-Assurance
Systems
Fall 01/System Security Realization
36
Reduction of Complexity
¨The developer shall design and
structure the TSF in a layered fashion that minimizes mutual interactions between the
layers of the
design.
¨The developer shall design and
structure the TSF in such a way that minimizes the complexity of the portions of the
TSF that enforce
any access control and/or information flow control policies.
¨The architectural description shall identify the
modules of the TSF and shall specify which portions of the TSF enforce the access control and/or information flow
control policies.
¨The architectural description
shall describe the layering architecture.
¨The architectural description
shall show that mutual interactions have been minimized, and justify
those that remain.
¨The architectural description
shall describe how the portions of the TSF that enforce any access
control and/or information flow control policies have been structured to minimize
complexity.