1) Requirements are often difficult to derive, especially when the environments in which the system will function, and the specific tasks it will perform, are unknown. Explain the problems that this causes during development of assurance.
2) Why is the waterfall model of software engineering the most commonly used method for development of trusted systems?
3) What are the conceptual differences between a reference validation mechanism, a trusted computing base, and the TOE Security Functions?
4) Identify the specific requirements in the Common Criteria that describe a reference validation mechanism. Hint: Look in both security functional classes and security assurance classes. Ref: Common Criteria for Information Technology Security Evaluation, Part 3: Security assurance components, September 2007 http://www.commoncriteriaportal.org/files/ccfiles/CCPART3V3.1R2.pdf