600.436 High-Assurance
Systems
Fall 01/System Security Realization
50
Pair-wise Correspondence
¨Adjacent
Representations
–TOE
Summary Spec to Functional Spec
–Functional
Spec to High Level Design
–High
Level Design to Low Level Design
–Low Level Design to Implementation Representation
¨Demonstration
of Correspondence Should Be As Formal As Possible, Limited Only By the Formality
Of The Representations