ADV_INT.2 Reduction of complexity
Application notes
This component introduces a reference monitor concept by requiring the minimisation of complexity of the portions of the TSF that enforce the access control and/or information flow control policies identified in the TSP.
Dependencies:
ADV_IMP.1 Subset of the implementation of the TSF
ADV_LLD.1 Descriptive low-level design
Developer action elements:
ADV_INT.2.1D The developer shall design and structure the TSF in a modular fashion that avoids unnecessary interactions between the modules of the design.
ADV_INT.2.2D The developer shall provide an architectural description.
ADV_INT.2.3D The developer shall design and structure the TSF in a layered fashion that minimises mutual interactions between the layers of the design.
ADV_INT.2.4D The developer shall design and structure the TSF in such a way that minimises the complexity of the portions of the TSF that enforce any access control and/or information flow control policies.
Content and presentation of evidence elements:
ADV_INT.2.1C The architectural description shall identify the modules of the TSF and shall specify which portions of the TSF enforce the access control and/or information flow control policies.
ADV_INT.2.2C The architectural description shall describe the purpose, interface, parameters, and effects of each module of the TSF.
ADV_INT.2.3C The architectural description shall describe how the TSF design provides for largely independent modules that avoid unnecessary interactions.
ADV_INT.2.4C The architectural description shall describe the layering architecture.
ADV_INT.2.5C The architectural description shall show that mutual interactions have been minimised, and justify those that remain.
ADV_INT.2.6C The architectural description shall describe how the portions of the TSF that enforce any access control and/or information flow control policies have been structured to minimise complexity.
Evaluator action elements:
ADV_INT.2.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
ADV_INT.2.2E The evaluator shall determine that both the low-level design and the implementation representation are in compliance with the architectural description.