| Informal Correspondence |
|
|
|
|
|
|
|
|
|
|
| ¨ | The
developer shall provide an analysis of |
||||||||
| correspondence
between all adjacent pairs of |
|||||||||
| TSF
representations that are provided. |
|||||||||
| ¨ | For
each adjacent pair of provided TSF |
||||||||
| representations,
the analysis shall demonstrate |
|||||||||
| that
all relevant security functionality of the |
|||||||||
| more
abstract TSF representation is correctly |
|||||||||
| and
completely refined in the less abstract TSF |
|||||||||
| representation. |
|||||||||
|
|
| 600.436 High- |
|
| Assurance
Systems |
|
| Fall
01/System Security Realization |
| 53 |