Initial documentation requirements for a high assurance system: lessons learned
Loading...
Authors
Clark, Paul C.
Irvine, Cynthia E.
Levin, Timothy E.
Nguyen, Thuy D.
Shifflett, David J.
Miller, Donna
Subjects
Computer programming
Software.
Information security.
Software.
Information security.
Advisors
Date of Issue
2006-02
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
The Center for Information Systems Security Studies and Research (CISR) is working on a project known as the Trusted Computing Exemplar (TCX). This project is developing a high assurance computing component that will be evaluated at the Common Criteria (CC) Evaluation Assurance Level 7 (EAL7). The processes, documentation, source code, and other evidence to support the evaluation will be openly shared. Documentation is a substantial part of this evidence. Although the CC does state documentation requirements for each EAL, related requirements are often spread across multiple families, and no summarization of documentation requirements is provided. Therefore it was necessary to study the CC carefully to determine such requirements for EAL7. A long list of required documents was developed. However, the TCX project found that when starting from scratch there are particular documents, described herein, that are precursors to serious design work. In addition, it was learned that interpretations of the CC, and the occasional terminology translation were required.
Type
Technical Report
Description
Series/Report No
Department
Computer Science
Organization
National Reconnaissance Office (U.S.)
Identifiers
NPS Report Number
NPS-CS-06-007
Sponsors
Funder
Format
11 p.: ill.;28 cm.
Citation
Distribution Statement
Approved for public release; distribution is unlimited.