Раздел: Документация
0 ... 32 33 34 35 36 37 38 ... 73 correspondence from the least abstract TSF representation back to the TOE security functional requirements may represent too large a step to be accurately performed. Finally, depending on the set of TSF representations that are required, it is quite possible that the low-level design, high-level design, or even the functional specification might be the least abstract TSF representation that is provided. 10.1 Functional specification (ADV FSP) Objectives The functional specification is a high-level description of the user-visible interface and behaviour of the TSF. It is an instantiation of the TOE security functional requirements. The functional specification has to show that all the TOE security functional requirements are addressed. Component levelling The components in this family are levelled on the basis of the degree of formalism required of the functional specification, and the degree of detail provided for the external interfaces to the TSF. Application notes The ADV FSP.*.2E elements within this family define a requirement that the evaluator determine that the functional specification is an accurate and complete instantiation of the TOE security functional requirements. This provides a direct correspondence between the TOE security functional requirements and the functional specification, in addition to the pairwise correspondences required by the ADVRCR family. It is expected that the evaluator will use the evidence provided in ADVRCR as an input to making this determination, and the requirement for completeness is intended to be relative to the level of abstraction of the functional specification. For ADVFSP.1.3C, it is intended that sufficient information is provided in the functional specification to understand how the TOE security functional requirements have been addressed, and to enable the specification of tests which reflect the TOE security functional requirements in the ST. It is not necessarily the case that such testing will cover all possible return values and error messages which could be generated at the interface, but the information provided should make clear the results of using an interface in the case of success and the most common instances of failure. ADVFSP.2.3C introduces a requirement for a complete presentation of the functional interface. This will provide the necessary detail for supporting both thorough testing of the TOE and the assessment of vulnerabilities. In the context of the level of formality of the functional specification, informal, semiformal and formal are considered to be hierarchical in nature. Thus, ADVFSP.1.1C and ADVFSP.2.1C may also be met with either a semiformal or formal functional specification, provided that it is supported by informal, explanatory text where appropriate. In addition, ADVFSP.3.1C may also be met with a formal functional specification. ADV FSP.1 Informal functional specification Dependencies: ADVRCR.1 Informal correspondence demonstration Developer action elements: adv fsp.1.1d The developer shall provide a functional specification. Content and presentation of evidence elements: adv fsp.1.1c The functional specification shall describe the TSF and its external interfaces using an informal style. adv fsp.1.2c The functional specification shall be internally consistent. adv fsp.1.3c The functional specification shall describe the purpose and method of use of all external TSF interfaces, providing details of effects, exceptions and error messages, as appropriate. adv fsp.1.4c The functional specification shall completely represent the TSF. Evaluator action elements: adv fsp.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. The evaluator shall determine that the functional specification is an accurate and complete instantiation of the TOE security functional requirements. advfsp.1.2e ADV FSP.2 Fully defined external interfaces Dependencies: ADV RCR.1 Informal correspondence demonstration Developer action elements: adv fsp.2.1d The developer shall provide a functional specification. Content and presentation of evidence elements: adv fsp.2.1c The functional specification shall describe the TSF and its external interfaces using an informal style. adv fsp.2.2c The functional specification shall be internally consistent. adv fsp.2.3c The functional specification shall describe the purpose and method of use of all external TSF interfaces, providing complete details of all effects, exceptions and error messages. adv fsp.2.4c The functional specification shall completely represent the TSF. adv fsp.2.5c The functional specification shall include rationale that the TSF is completely represented. 0 ... 32 33 34 35 36 37 38 ... 73
|