Accession Number:

ADA614995

Title:

Trusted Computing Exemplar: Quality Assurance Plan

Descriptive Note:

Technical rept. Nov 2013-Nov 2014

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Report Date:

2014-12-12

Pagination or Media Count:

23.0

Abstract:

This document describes the Life Cycle Management Plan for the development of a high assurance secure product. A high assurance product is one for which its users have a high level of confidence that its security policies will be enforced continuously and correctly. Such products are constructed so that they can be analyzed for these characteristics. Lifecycle activities ensure that the product reflects the intent to ensure that the product is trustworthy and that vigorous efforts have been made to ensure the absence of unspecified functionality, whether accidental or intentional. In particular, this document expands and unifies the testing requirements that are stated in the Life Cycle Management Plan, the Configuration Management Plan, and the Software Development Standards. This Quality Assurance QA Plan emphasizes requirements, restrictions, standards, responsibilities, etc., for these required tests. Specifically excluded from this plan, however, are the formal and semi-formal work, code correspondence, and covert channel analysis. In addition, there will need to be independent re-testing and penetration testing performed. It is also recognized that quality means more than just source code testing such as conformance to documentation standards, correct spelling, etc. those issues are currently covered in other documents.

Subject Categories:

  • Manufacturing and Industrial Engineering and Control of Production Systems

Distribution Statement:

APPROVED FOR PUBLIC RELEASE