Trusted Computing Exemplar: Quality Assurance Plan
Abstract
This document describes the Life Cycle Management Plan for the development of a high assurance secure product. A high assurance product is one for which its users have a high level of confidence that its security policies will be enforced continuously and correctly. Such products are constructed so that they can be analyzed for these characteristics. Lifecycle activities ensure that the product reflects the intent to ensure that the product is trustworthy and that vigorous efforts have been made to ensure the absence of unspecified functionality, whether accidental or intentional. In particular, this document expands and unifies the testing requirements that are stated in the Life Cycle Management Plan, the Configuration Management Plan, and the Software Development Standards. This Quality Assurance (QA) Plan emphasizes requirements, restrictions, standards, responsibilities, etc., for these required tests. Specifically excluded from this plan, however, are the formal and semi-formal work, code correspondence, and covert channel analysis. In addition, there will need to be independent re-testing and penetration testing performed. It is also recognized that quality means more than just source code testing (such as conformance to documentation standards, correct spelling, etc.); those issues are currently covered in other documents.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 12, 2014
- Accession Number
- ADA614995
Entities
People
- Cynthia E. Irvine
- Paul C. Clark
- Thuy D. Nguyen
Organizations
- Naval Postgraduate School