ADV_INT.2    Reduction of complexity

Application notes

This component introduces a reference monitor concept by requiring the minimisation of complexity of the portions of the TSF that enforce the access control and/or information flow control policies identified in the TSP.

Dependencies: 

ADV_IMP.1 Subset of the implementation of the TSF
ADV_LLD.1 Descriptive low-level design

Developer action elements:

ADV_INT.2.1D  The developer shall design and structure the TSF in a modular fashion that avoids unnecessary interactions between the modules of the design.

ADV_INT.2.2D  The developer shall provide an architectural description.

ADV_INT.2.3D  The developer shall design and structure the TSF in a layered fashion that minimises mutual interactions between the layers of the design.

ADV_INT.2.4D  The developer shall design and structure the TSF in such a way that minimises the complexity of the portions of the TSF that enforce any access control and/or information flow control policies.

Content and presentation of evidence elements:

ADV_INT.2.1C  The architectural description shall identify the modules of the TSF and shall specify which portions of the TSF enforce the access control and/or information flow control policies.

ADV_INT.2.2C  The architectural description shall describe the purpose, interface, parameters, and effects of each module of the TSF.

ADV_INT.2.3C  The architectural description shall describe how the TSF design provides for largely independent modules that avoid unnecessary interactions.

ADV_INT.2.4C  The architectural description shall describe the layering architecture.

ADV_INT.2.5C  The architectural description shall show that mutual interactions have been minimised, and justify those that remain.

ADV_INT.2.6C  The architectural description shall describe how the portions of the TSF that enforce any access control and/or information flow control policies have been structured to minimise complexity.

Evaluator action elements:

ADV_INT.2.1E  The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.

ADV_INT.2.2E  The evaluator shall determine that both the low-level design and the implementation representation are in compliance with the architectural description.