 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ |
The
low-level design shall
|
|
|
|
– |
be
presented informally.
|
|
|
|
– |
be
internally consistent.
|
|
|
|
– |
describe
the TSF in terms of modules.
|
|
|
|
– |
describe
the purpose of each module.
|
|
|
|
– |
define
the interrelationships between the modules in terms of
|
|
|
provided
security functionality and dependencies on other modules.
|
|
|
|
– |
describe
how each TSP-enforcing function is provided.
|
|
|
|
– |
identify
all interfaces to the modules of the TSF.
|
|
|
|
– |
identify
which of the interfaces to the modules of the TSF are
|
|
|
externally
visible.
|
|
|
|
– |
describe
the purpose and method of use of all interfaces to the
|
|
|
modules
of the TSF, providing details of effects, exceptions and error
|
|
messages,
as appropriate.
|
|
|
|
– |
describe
the separation of the TOE into TSP-enforcing and other
|
|
|
modules.
|
|