ADV_INT.3 Minimisation of complexity
Application notes
This component requires that the reference monitor property "simple enough to be analysed" is fully addressed. When this component is combined with the functional requirements FPT_RVM.1 and FPT_SEP.3, the reference monitor concept would be fully realised.
Dependencies:
ADV_IMP.2 Implementation of the TSF
ADV_LLD.1 Descriptive low-level design
Developer action elements:
ADV_INT.3.1D The developer shall design and structure the TSF in a modular fashion that avoids unnecessary interactions between the modules of the design.
ADV_INT.3.2D The developer shall provide an architectural description.
ADV_INT.3.3D The developer shall design and structure the TSF in a layered fashion that minimises mutual interactions between the layers of the design.
ADV_INT.3.4D The developer shall design and structure the TSF in such a way that minimises the complexity of the entire TSF.
ADV_INT.3.5D The developer shall design and structure the portions of the TSF that enforce any access control and/or information flow control policies such that they are simple enough to be analysed.
ADV_INT.3.6D The developer shall ensure that functions whose objectives are not relevant for the TSF are excluded from the TSF modules.
Content and presentation of evidence elements:
ADV_INT.3.1C The architectural description shall identify the modules of the TSF and shall specify which portions of the TSF enforce the access control and/or information flow control policies.
ADV_INT.3.2C The architectural description shall describe the purpose, interface, parameters, and side-effects of each module of the TSF.
ADV_INT.3.3C The architectural description shall describe how the TSF design provides for largely independent modules that avoid unnecessary interactions.
ADV_INT.3.4C The architectural description shall describe the layering architecture.
ADV_INT.3.5C The architectural description shall show that mutual interactions have been minimised, and justify those that remain.
ADV_INT.3.6C The architectural description shall describe how the entire TSF has been structured to minimise complexity.
ADV_INT.3.7C The architectural description shall justify the inclusion of any non-TSP-enforcing modules in the TSF.
Evaluator action elements:
ADV_INT.3.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
ADV_INT.3.2E The evaluator shall determine that both the low-level design and the implementation representation are in compliance with the architectural description.
ADV_INT.3.3E The evaluator shall confirm that the portions of the TSF that enforce any access control and/or information flow control policies are simple enough to be analysed.