1. © Crown Copyright (2000) Module 2.2 Development Representations

2. You Are Here M2.1 Requirements M2.2 Development Representations M2.3 Functional Testing M2.4 Development Environment M2.5 Operational Environment M2.6 Vulnerability Analysis M2.7 Penetration Testing M2.8 Assurance Maintenance/Composition MODULE 2 - ASSURANCE

3. Introduction Refinement Traceability Analysis Separation Specification Styles

4. Refinement High Level (Architectural )Design Low Level (Detailed ) Design Implementation Representation (e.g. source code or hardware drawings) Depth of Refinement (Commensurate with Assurance)

5. Traceability Analysis Validate correctness of refinement Security Function to High Level (Architectural) Design to Low Level (Detailed) Design to Implementation Security Function High Level Design Low Level Design

6. Separation Ideally integrated into design of product/system Focus on limited areas Physical, logical, temporal, others

7. Specification Styles Various styles More assurance from greater formality

8. ITSEC Requirements

9. CC Requirements

10. Evaluation Reporting Examination of documentation –show how and where requirements are satisfied –demonstrate traceability

11. Summary Refinement Traceability Separation Specification

12. Further Reading ITSEC Evaluation UK SP 05 Part III, Chapters 5-7 CC Evaluation CC Part 3, Sections 2.6.3 and 10 CEM Part 2, Chapters 5-8 (ADV sections)

13. Exercise - Design Split into two syndicates Write a High Level (Architectural) or Low Level (Detailed) design for a Security Function Swap over the designs Evaluate the designs Discuss findings