blob: 01d0f3b7d3732b4c941cbff26b335b1148df9123 [file] [log] [blame]
<?nsuri gsn?>
<?render-egx gsn.egx?>
<?import ccp.flexmi?>
<_>
<model>
<context name="TIS" desc="Tokeneer ID Station includes functions of biometric authentication and smartcards in a networked system requiering identification and authentication mechanisms"/>
<context name="Rets" desc="Requirements will be provided to Altran in the document from known as a Protection Profile"/>
<goal name="Top" desc="Development process of Tokeneer can show compliance to Common Criteria (CC) at EAL5" />
<contextOf source="Top" target="TIS"/>
<contextOf source="Top" target="Rets"/>
<supp source="Top" target="TwoAims"/>
<strat name="TwoAims" desc="a) Feasibility (does the process achieve 'good' software, and b) Cost-effectiveness (is it a cheaper approach?)" />
<goal name="Demo" desc="The practicality/cost -effectiveness of the design process is demonstrated"/>
<supp source="TwoAims" target="Demo"/>
<supp source="TwoAims" target="G1"/>
<strat name="Metrics" desc="Argument by collecting metrics to enable comparision to previous development"/>
<supp source="Demo" target="Metrics"/>
<goal name="G1" desc="The development process shows compliance at EAL5 for the Tokeneer System"/>
<!-- Use the pattern template -->
<compliance goal="G1" process="CbC" system="TIS">
<!-- Informal phases -->
<informal-phase name="Security Target" document="S.P1229.40.1" standard="REQIF 1.2 Specification"/>
<informal-phase name="Security Properties" document="S.P1229.40.4" standard="REQIF 1.2 Specification"/>
<informal-phase name="INFORMED Design" document="S.P1229.50.2" standard="SPARK 2014 Specification"/>
<informal-phase name="System Test Specification" document="S.P1229.63.1" standard="SPRE Test Script"/>
<!-- Formal phases -->
<formal-phase name="Formal Specification" spec="TIS Formal Specification (S.P1229.41.2)">
<activity name="Proof of Security Properties (Z)"/>
<activity name="Proof of Formal Specification (Z)"/>
<input name="Security Properties"/>
<input name="Formal Specification"/>
<evidence name="Proof of Security Properties (Z)"/>
<evidence name="Proof of Formal Specification (Z)"/>
</formal-phase>
<formal-phase name="Formal Design" spec="TIS Formal Design (S.P1229.50.1)">
<activity name="Refinement Proof of Formal Design (Z)"/>
<input name="Formal Specification"/>
<input name="Formal Design"/>
<evidence name="Refinement Proof of Formal Design (Z)"/>
</formal-phase>
<formal-phase name="SPARK Implementation" spec="ADA Source Code">
<activity name="Proof of Security Properties (SPARK Proof)"/>
<activity name="Proof of Functional Properties (SPARK Proof)"/>
<activity name="Static Analysis"/>
<activity name="System Test"/>
<input name="Security Properties"/>
<input name="Formal Design"/>
<input name="SPARK Implementation"/>
<input name="System Test Specification"/>
<evidence name="Static Analysis"/>
<evidence name="System Test"/>
<evidence name="Proof of Security Properties (SPARK Proof)"/>
<evidence name="Proof of Functional Properties (SPARK Proof)"/>
</formal-phase>
</compliance>
</model>
</_>