Development of Informal Security Policy Models


This paper describes our recent experience with the development of informal Security Policy Models (SPMs) from two viewpoints: the evaluation view, in which we examine SPMs produced by a vendor, and the vendor view, in which we assist vendors in SPM development. From an evaluator point of view, we have found that the CEM provides a framework for the integration of the SPM with the other developer documentation, but lacks requirements for specific content. From the developer point of view, we have found that the SPM is seen as a somewhat vague and mysterious entity for which the CC documentation provides little concrete guidance. We have been requested on many occasions to "explain it in English". This paper will attempt to do just that. It will review the CC requirements for the informal SPM, show how a developer would approach the task of meeting these requirements, and describe the key features of the model. The resulting SPM not only meets the requirements of the CC, but is also useful to the developer as a documented statement of the security policy of the product and as a framework for future security enhancements.