;; ================================== ;; CCO (Common Criteria Ontology) ;; ================================== ;; ;; This is the source file for a Domain Ontology covering the ;; principal concepts used in the Common Criteria for Information ;; Security Evaluation. ;; ;; Version 1.1. Revision b. November 2006. ;; ;; For further details, contact: ;; Robin Sharp (robin@imm.dtu.dk) ;; Informatics & Mathematical Modelling, ;; Technical University of Denmark, ;; DK-2800 Kongens Lyngby, Denmark. ;; This ontology is based on definitions from the standard upper ;; ontology SUMO, originally defined in: ;; Niles, I., and Pease, A. 2001. Towards a Standard Upper Ontology. ;; In Proceedings of the 2nd International Conference on Formal ;; Ontology in Information Systems (FOIS-2001), Chris Welty and Barry ;; Smith, eds, Ogunquit, Maine, October 17-19, 2001. ;; Also see http://www.ontologyportal.org ;;==================================================================== ;; NOTE: ;; The entries directly related to the CC are ordered alphabetically. ;; A few definitions of more general utility have been collected up ;; separately and can be found at the end of the alphabetic list. ;; Some definitions of terms related to IT systems from the SUMO-based ;; QoSontology.kif are needed for this ontology. To make the ontology ;; self-contained, the relevant definitions have been added to the end ;; of the main part of the file. ;;=============================================================== ;; A ;;=============================================================== (subclass Acceptance TOEProcess) (documentation Acceptance "the &%Process of acknowledging the successful &%Outcome of the &%AcceptanceProcedures after &%Delivery of the &%TOE.") (=> (and (instance ?ACC Acceptance) (patient ?ACC ?T)) (exists (?APROC) (and (instance ?T TOE) (instance ?APROC AcceptanceProcedure) (holdsDuring (BeginFn (WhenFn ?ACC)) (attribute ?T Delivered)) (holdsDuring (EndFn (WhenFn ?ACC)) (forall (?PART) (=> (member ?PART ?T) (passed ?PART ?APROC))))))) (subclass AcceptanceCriteria Set) (documentation AcceptanceCriteria "the set of &%Criteria to be applied to decide whether an &%AcceptanceProcedure has given a successful &%Outcome (e.g. criteria for successful document review or successful testing).") (=> (instance ?ACRIT AcceptanceCriteria) (exists (?APROC) (and (instance ?APROC AcceptanceProcedure) (forall (?CRIT) (=> (element ?CRIT ?ACRIT) (and (instance ?CRIT AssessmentCriterion) (isCriterion ?CRIT ?APROC))))))) (subclass AcceptanceProcedure Assessment) (documentation AcceptanceProcedure "a procedure to be followed in order to decide whether to accept a newly delivered part of a &%TOE or a new set of &%CMitems for a &%TOE.") (=> (and (instance ?APROC AcceptanceProcedure) (agent ?APROC ?AGENT) (patient ?APROC ?OBJ)) (and (instance ?AGENT CognitiveAgent) (attribute ?AGENT Developer) (or (instance ?OBJ TOEComponent) (instance ?OBJ CMitems)))) (instance Accepted TOELifePhase) (documentation Accepted "the &%Attribute of a &%TOE which indicates that its parts have been delivered and accepted, but not yet installed in its intended &%Environment.") (=> (holdsDuring ?NOW (attribute ?T Accepted)) (exists (?ACC) (and (instance ?ACC Acceptance) (patient ?ACC ?T) (before (EndFn (WhenFn ?ACC)) ?NOW)))) (subclass ActiveEntity Entity) (documentation ActiveEntity "an &%Entity which can initiate a &%Process.") (=> (instance ?AE ActiveEntity) (exists (?PROC) (and (instance ?PROC Process) (agent ?PROC ?AE)))) (instance Administrator CCRole) (documentation Administrator "an &%Agent who can set up or alter the operational properties of a &%TOE.") (=> (attribute ?AGENT Administrator) (exists (?T) (and (instance ?T TOE) (holdsRight (modifiesOpProps ?AGENT ?T) ?AGENT)))) (subclass Assessment IntentionalProcess) (documentation Assessment "the general activity of determining the quality of an &%Object with respect to &%Criteria. This is modelled in terms of two subprocesses: an &%EvidenceProduction followed by a &%Judgement.") (=> (and (instance ?ASSESS Assessment) (patient ?ASSESS ?OBJ) (instrument ?ASSESS ?CRIT)) (exists (?EPROD ?JUDGE) (and (instance ?EPROD EvidenceProduction) (instance ?JUDGE Judgement) (instance ?OBJ Object) (instance ?CRIT AssessmentCriteria) (starts (WhenFn ?EPROD) (WhenFn ?ASSESS)) (earlier (WhenFn ?EPROD) (WhenFn ?JUDGE))))) (subclass AssessmentCriteria Collection) (documentation AssessmentCriteria "a set of &%ContentBearingPhysical, each of which expresses a &%Criterion for passing an &%Assessment.") (=> (and (instance ?AC AssessmentCriteria) (member ?CRIT ?AC)) (instance ?CRIT AssessmentCriterion)) (subclass AssessmentCriterion ContentBearingPhysical) (documentation AssessmentCriterion "a &%ContentBearingPhysical which expresses a &%Criterion for passing an &%Assessment.") (=> (instance ?CRIT AssessmentCriterion) (exists (?PRED) (and (instance ?PRED Criterion) (represents ?CRIT ?PRED)))) (subclass AssessmentEvidence ContentBearingPhysical) (documentation AssessmentEvidence "the evidence which forms the basis for a &%Judgement, and thus for an &%Assessment.") (=> (instance ?EVID AssessmentEvidence) (exists (?JUDGE) (and (instance ?JUDGE Judgement) (patient ?JUDGE ?EVID)))) (subclass AssessmentResult ContentBearingPhysical) (documentation AssessmentResult "the result of a &%Judgement, and thus of an &%Assessment.") (=> (instance ?ARES AssessmentResult) (exists (?JUDGE) (and (instance ?JUDGE Judgement) (result ?JUDGE ?ARES)))) (subclass AssessmentVerdict RelationalAttribute) (contraryAttribute Pass Fail Inconclusive) (documentation AssessmentVerdict "the &%Class of assessment verdicts, such as &%Pass, &%Fail, &%Inconclusive. These are &%Attributes of &%AssessmentResults.") (=> (and (attribute ?ARES ?VERD) (instance ?VERD AssessmentVerdict)) (instance ?ARES AssessmentResult)) (subclass Asset Entity) (documentation Asset "(In the development environment:) An &%Entity that the &%Developer of the &%CCproduct places value upon. (In the operational environment:) An &%Entity that the &%Owner of the &%TOE places value upon.") (=> (instance ?ASSET Asset) (exists (?PROD ?AGENT ?UNIT) (and (instance ?PROD CCproduct) (instance ?AGENT CognitiveAgent) (or (attribute ?AGENT Developer) (attribute ?AGENT Owner)) (instance ?UNIT UnitOfMeasure) (greaterThan (WorthFn ?AGENT (member ?ASSET ?PROD)) (MeasureFn 0 ?UNIT))))) (subclass Assignment CCoperation) (documentation Assignment "the specification of an identified parameter in a &%CCcomponent or &%Requirement.") (=> (and (instance ?ASS Assignment) (patient ?ASS ?COMP)) (exists (?ELEM ?FORM1 ?FORM2 ?VSET1 ?VSET2) (and (instance ?COMP CCcomponent) (instance ?ELEM CCelement) (element ?ELEM ?COMP) (instance ?FORM1 Formula) (instance ?FORM2 Formula) (holdsDuring (BeginFn (WhenFn ?ASS)) (and (part ?FORM1 ?ELEM) (definesSet ?FORM1 ?VSET1))) (holdsDuring (EndFn (WhenFn ?ASS)) (and (part ?FORM2 ?ELEM) (not (part ?FORM1 ?ELEM)) (definesSet ?FORM2 ?VSET2))) (subset ?VSET2 ?VSET1)))) (subclass Assumption Proposition) (documentation Assumption "a &%Predicate applying to the &%TOE or its environment, which is assumed to be unconditionally satisfied.") (=> (instance ?ASS Assumption) (exists (?SUPP ?T) (and (instance ?SUPP Supposing) (result ?SUPP ?ASS) (instance ?T TOE) (refers ?ASS ?T)))) (subclass Assurance Collection) (documentation Assurance "a set of &%ConfidenceGrounds that a &%TOE meets the &%TSP.") (=> (instance ?ASS Assurance) (exists (?TOE ?TSP) (forall (?CG) (=> (member ?CG ?ASS) (and (instance ?CG ConfidenceGround) (isCGFor ?CG ?TOE ?TSP)))))) (subclass AssuranceRequirement CCrequirement) (documentation AssuranceRequirement "a &%Requirement which must be satisfied in order to provide a &%ConfidenceGround that a &%TOE meets the &%TSP.") (=> (instance ?AR AssuranceRequirement) (exists (?T ?SP) (isARFor ?AR ?T ?SP))) (subclass AssuranceRequirements Set) (documentation AssuranceRequirements "a &%Set of &%AssuranceRequirements.") (<=> (and (instance ?IRQS AssuranceRequirements) (element ?IRQ ?IRQS)) (instance ?IRQ AssuranceRequirement)) (instance AssuranceScale UniqueList) (documentation AssuranceScale "a &%List of unique items, each of which is a pair consisting of a &%Label and a &%Collection of &%AssuranceRequirements, specifying the assurance levels of an ordered assurance system such as CC.") (<=> (instance ?LIST AssuranceScale) (=> (inList ?PAIR ?LIST) (and (instance ?PAIR Pair) (instance (p1 ?PAIR) SymbolicString) (instance (p2 ?PAIR) AssuranceRequirements)))) (instance Attacker CCRole) (documentation Attacker "a &%CognitiveAgent who performs a &%SecurityAttack.") (=> (attribute ?AGENT Attacker) (exists (?T) (attacks ?AGENT ?T))) (instance AttackEffortFn TernaryFunction) (domain AttackEffortFn 1 Agent) (domain AttackEffortFn 2 SecurityAttack) (domain AttackEffortFn 3 TOE) (range AttackEffortFn AttackPotential) (documentation AttackEffortFn "Maps an &%Agent, a &%SecurityAttack and a &%TOE to the effort required for that &%Agent to perform the &%SecurityAttack on the &%TOE. This is here defined only for &%TOEs which have reached the &%Operational stage of their life cycle.") (=> (equal (AttackEffortFn ?ATT ?AGENT ?T) ?APOT) (and (agent ?ATT ?AGENT) (patient ?ATT ?T) (attribute ?T Operational))) (subclass AttackPotential ConstantQuantity) (documentation AttackPotential "a measure of the effort expended (or to be expended) in performing a &%SecurityAttack on a &%TOE, expressed in terms of the &%Attacker's expertise, resources and motivation.") (instance attacks BinaryPredicate) (instance attacks AsymmetricRelation) (domain attacks 1 CognitiveAgent) (domain attacks 2 TOE) (documentation attacks "(attacks ?AGENT ?T) is true if the &%CognitiveAgent ?AGENT performs a &%SecurityAttack on the &%TOE ?T.") (=> (attacks ?AGENT ?T) (exists (?ATT) (and (instance ?ATT SecurityAttack) (agent ?ATT ?AGENT) (patient ?ATT ?T)))) (subclass Augmentation DualObjectProcess) (documentation Augmentation "the addition of one or more &%Requirements to a &%Package.") (=> (and (instance ?AUG Augmentation) (patient ?AUG ?PACK) (patient ?AUG ?REQS)) (and (instance ?PACK Package) (instance ?REQS ReqSet) (holdsDuring (BeginFn (WhenFn ?AUG)) (equal (IntersectionFn (p2 ?PACK) ?REQS) NullSet)) (holdsDuring (EndFn (WhenFn ?AUG)) (equal (IntersectionFn (p2 ?PACK) ?REQS) ?REQS)))) (subclass Authorisation IntentionalProcess) (documentation Authorisation "the process of authorising a &%CCsubject to use one or more of the &%OperationBySubject available in a &%TOE.") (=> (and (instance ?AUTH Authorisation) (patient ?AUTH ?SUB)) (and (instance ?SUB CCsubject) (exists (?OBS ?T) (and (instance ?OBS OperationBySubject) (instance ?T TOE) (holdsDuring (EndFn (WhenFn ?AUTH)) (isAuthorisedFor ?SUB ?OBS ?T)))))) (instance Authorised Attribute) (documentation Authorised "the &%Attribute of a &%CCsubject which has been authorised to use one or more of the &%OperationBySubject available in a &%TOE.") (=> (holdsDuring ?NOW (attribute ?SUB Authorised)) (exists (?AUTH) (and (instance ?AUTH Authorisation) (patient ?AUTH ?SUB) (before (EndFn (WhenFn ?AUTH)) ?NOW)))) (instance AuthorisedUser CCRole) (documentation AuthorisedUser "a &%User who is authorised (via a &%CCsubject) to use a non-empty subset of the &%OperationBySubject available in a &%TOE.") (=> (attribute ?AGENT AuthorisedUser) (and (attribute ?AGENT User) (holdsRight (exists (?OBS ?SUB) (and (instance ?OBS OperationBySubject) (instance ?SUB CCsubject) (agent ?OBS ?SUB) (userBinding ?AGENT ?SUB) (attribute ?SUB Authorised))) ?AGENT))) (instance Availability SecurityProperty) (documentation Availability "the &%Attribute that the set of &%CCobjects and &%OperationBySubject on these &%CCobjects, which an &%AuthorisedUser of a &%TOE has been authorised to use during a certain &%TimeInterval, will in fact be available for use throughout this &%TimeInterval.") (=> (holdsDuring ?NOW (attribute ?T Availability)) (holdsDuring ?NOW (not (exist (?PROC ?OBS ?SUB) (and (instance ?PROC ?INHIB) (inhibits ?INHIB OperationBySubject) (member ?PROC ?T) (instance ?OBS OperationBySubject) (agent ?OBS ?SUB) (isAuthorisedFor ?SUB ?OBS ?T)))))) ;;=============================================================== ;; B ;;=============================================================== (subclass Binding DualObjectProcess) (documentation Binding "the activity of binding a &%User outside the &%TOE to a particular &%CCsubject within the &%TOE.") (=> (instance ?BIND Binding) (exists (?USER ?SUB) (and (instance ?USER User) (instance ?SUB CCsubject) (patient ?USER ?BIND) (patient ?SUB ?BIND) (holdsDuring (EndFn (WhenFn ?BIND)) (userBinding ?USER ?SUB))))) ;;=============================================================== ;; C ;;=============================================================== (subclass CCclass Collection) (documentation CCclass "a &%Group of &%CCfamilies that share a common focus.") (=> (and (instance ?CLASS CCclass) (member ?FAM1 ?CLASS) (member ?FAM2 ?CLASS)) (and (instance ?FAM1 CCfamily) (instance ?FAM2 CCfamily) (exists (?FORMULA) (and (hasPurpose ?FAM1 ?FORMULA) (hasPurpose ?FAM2 ?FORMULA))))) (subclass CCcomponent Collection) (documentation CCcomponent "the smallest selectable set of &%CCelements that may be used to base &%Requirements on.") (=> (and (instance ?COMP1 CCcomponent) (member ?ELEM ?COMP1)) (and (instance ?ELEM CCelement) (not (exists (?COMP2) (and (instance ?COMP2 CCcomponent) (subCollection ?COMP2 ?COMP1) (not (equal ?COMP2 ?COMP1))))))) ;; Note that CCcomponents are modelled as Collections, so that they ;; are Physical entities, like the CCelements of which they are ;; composed. (subclass CCelement ContentBearingPhysical) (documentation CCelement "an indivisible statement of &%SecurityNeed.") (=> (instance ?ELEM1 CCelement) (exists (?NEED1) (and (instance ?NEED1 SecurityNeed) (containsInformation ?ELEM1 ?NEED1) (not (exists (?ELEM2 ?NEED2) (and (properPart ?ELEM2 ?ELEM1) (instance ?NEED2 SecurityNeed) (containsInformation ?ELEM2 ?NEED2))))))) (subclass CCfamily Collection) (documentation CCfamily "a &%Collection of &%CCcomponents that share a similar goal but may differ in emphasis or rigour.") (=> (and (instance ?FAM CCfamily) (member ?COMP1 ?FAM) (member ?COMP2 ?FAM)) (and (instance ?COMP1 CCcomponent) (instance ?COMP2 CCcomponent) (exists (?PROP) (and (hasPurpose ?COMP1 ?PROP) (hasPurpose ?COMP2 ?PROP))))) (subclass CCobject PassiveEntity) (documentation CCobject "a &%PassiveEntity in the &%TOE upon which &%CCsubjects perform &%OperationBySubject.") (=> (instance ?OBJ CCobject) (exists (?T ?OP ?SUB) (and (instance ?T TOE) (member ?OBJ ?T) (instance ?OP OperationBySubject) (instance ?SUB CCsubject) (member ?SUB ?T) (agent ?OP ?SUB) (patient ?OP ?OBJ)))) (subclass CCoperation ContentDevelopment) (partition CCoperation Assignment Iteration Refinement Selection) (documentation CCoperation "modifying or repeating a &%CCcomponent. Allowed &%CCoperations on &%CCcomponents are &%Assignment, &%Iteration, &%Refinement and &%Selection.") (subclass CCproduct Collection) (documentation CCproduct "a &%Collection of software, firmware, hardware and/or &%Guidance.") (=> (and (instance ?PROD CCproduct) (member ?Subsys ?PROD)) (or (instance ?Subsys ComputationalSystem) (instance ?Subsys Guidance))) (subclass CCproductType PairwiseDisjointClass) (documentation CCproductType "a &%Class of &%CCproducts with a common purpose.") (=> (instance ?TYP CCproductType) (forall (?PROD1 ?PROD2) (=> (and (instance ?PROD1 ?TYP) (instance ?PROD2 ?TYP)) (and (instance ?PROD1 CCproduct) (instance ?PROD2 CCproduct) (exists (?PURP) (and (hasPurpose ?PROD1 ?PURP) (hasPurpose ?PROD2 ?PURP))))))) (subclass CCrequirement Requirement) (documentation CCrequirement "a &%Proposition expressing an &%Obligation related to some aspect of the design, test or operation of a &%CCproduct.") (partition CCrequirement FunctionalRequirement AssuranceRequirement) (=> (instance ?REQ CCrequirement) (exists (?PROD ?PROC) (and (instance ?PROD CCproduct) (refers ?REQ ?PROD) (instance ?PROC Process) (refers ?REQ ?PROC) (patient ?PROC ?PROD)))) (subclass CCRole RelationalAttribute) (contraryAttribute CCRole Administrator Developer Evaluator Sponsor User) (documentation CCRole "the &%Class of &%Attributes which apply to &%Agents, describing their current role in the CC development, evaluation and operation process. It is not possible for an &%Agent to take on more than one of the roles of &%Administrator, &%Developer, &%Evaluator, &%Sponsor or &%User at any one time.") (=> (and (attribute ?AGENT ?ATTR) (instance ?ATTR CCRole)) (instance ?AGENT Agent)) (subclass CCsubject ActiveEntity) (documentation CCsubject "an &%ActiveEntity in the &%TOE that can perform an &%OperationBySubject on &%CCobjects.") (=> (instance ?SUB CCsubject) (exists (?T ?OP ?OBJ) (and (instance ?T TOE) (member ?SUB ?T) (instance ?OP OperationBySubject) (instance ?OBJ CCobject) (member ?OBJ ?T) (agent ?OP ?SUB) (patient ?OP ?OBJ)))) (instance Certified TOEAttribute) (documentation Certified "the &%Attribute applying to a &%TOE which has been successfully evaluated by an &%EvaluationAuthority.") (=> (holdsDuring ?NOW (attribute ?T Certified)) (exists (?EVAL ?AUTH) (and (instance ?EVAL Evaluation) (instance ?AUTH EvaluationAuthority) (agent ?EVAL ?AUTH) (patient ?EVAL ?T) (result ?EVAL ?PASS) (instance ?PASS AssessmentResult) (attribute ?PASS Pass) (before (EndFn (WhenFn ?EVAL)) ?NOW)))) (subclass CMitem Object) (documentation CMitem "(Configuration Item) an object managed by the &%CMSystem during development of a &%TOE. &%CMitems may be parts of the &%TOE, or objects related to the development of the &%TOE such as evaluation documents and development tools.") (=> (instance ?CMI CMitem) (exists (?PROD) (and (instance ?PROD CCproduct) (or (member ?CMI ?PROD) (isToolFor ?CMI ?PROD) (isEDocFor ?CMI ?PROD))))) (subclass CMitems Collection) (documentation CMitems "a &%Collection of &%CMitems, typically referring to a particular &%CCproduct.") (=> (and (instance ?CMIS CMitems) (member ?CMI ?CMIS)) (instance ?CMI CMitem)) (subclass CMlist CMoutput) (documentation CMlist "a CM output document listing all &%CMitems for a specific &%CCproduct together with the exact version of each &%CMitem which is relevant for a specific version of the complete product.") (=> (instance ?CML CMlist) (exists (?CMIS ?PROD) (and (instance ?CMIS CMitems) (represents ?CML ?CMIS) (instance ?PROD CCproduct) (isConfigFor ?CMIS ?PROD) (forall (?PROD2) (=> (isConfigFor ?CMIS ?PROD2) (equal ?PROD ?PROD2)))))) (subclass CMoutput ContentBearingPhysical) (disjointDecomposition CMoutput CMlist CMplan) (documentation CMoutput "results produced or enforced by the &%CMSystem, such as a &%CMlist or &%CMplan.") (subclass CMplan CMoutput) (subclass CMplan GuidanceDocumentation) (documentation CMplan "an item of &%GuidanceDocumentation produced by the &%CMS, describing how the &%CMSystem is used in relation to the &%TOE.") (=> (instance ?CMP CMplan) (exists (?CMS ?PROP ?PROC) (and (instance ?CMS CMSystem) (instance ?PROP Proposition) (instance ?PROC Process) (refers ?CMP ?CMS) (refers ?CMP ?PROC) (patient ?PROC ?CMS) (represents ?CMP ?PROP) (modalAttribute (attribute ?PROP True) Obligation)))) (subclass CMSystem ITSystem) (documentation CMSystem "(Configuration Management System, CMS) a part of the &%DevelopmentEnvironment which is used to maintain the configuration of a &%CCproduct during its life cycle.") (=> (instance ?CMS CMSystem) (exists (?PROD ?ENV ?MAINT ?CMIS) (and (instance ?PROD CCproduct) (isDevelopmentEnvironment ?ENV ?PROD) (member ?CMS ?ENV) (instance ?MAINT ContentDevelopment) (instance ?CMIS CMitems) (isConfigFor ?CMIS ?PROD) (agent ?MAINT ?CMS) (patient ?MAINT ?CMIS)))) (subclass Community Collection) (documentation Community "a &%Collection of &%Agents which have common interests.") (=> (and (instance ?COMM Community) (member ?MEMB1 ?COMM) (member ?MEMB2 ?COMM)) (and (instance ?MEMB1 Agent) (instance ?MEMB2 Agent) (exists (?ENTITY) (and (inScopeOfInterest ?MEMB1 ?ENTITY) (inScopeOfInterest ?MEMB2 ?ENTITY))))) (subclass ComponentTOE TOE) (documentation ComponentTOE "a certified &%TOE that is part of another &%TOE.") (=> (instance ?COMPO ComponentTOE) (exists (?T) (and (instance ?T TOE) (subCollection ?COMPO ?T) (attribute ?T Certified)))) (instance Compromised TOELifePhase) (documentation Compromised "The &%Attribute of a &%TOE which indicates that it has been successfully attacked and is no longer acceptable for use.") (=> (holdsDuring ?NOW (attribute ?T Compromised)) (exists (?ATT) (and (instance ?ATT SecurityAttack) (patient ?ATT ?T) (before (EndFn (WhenFn ?ATT)) ?NOW)))) (subclass ConfidenceGround ContentBearingPhysical) (documentation ConfidenceGround "an item used to establish confidence in the correct operation of the &%TOE.") (=> (instance ?CG ConfidenceGround) (exists (?T ?SP) (isCGFor ?CG ?T ?SP))) (instance Confidentiality SecurityProperty) (documentation Confidentiality "the &%Attribute of a &%TOE that &%Information within the &%TOE is not disclosed to unauthorised &%CCsubjects.") (=> (holdsDuring ?NOW (attribute ?T Confidentiality)) (holdsDuring ?NOW (not (exists (?SUB ?OP) (and (instance ?OP ReadOp) (instance ?SUB CCsubject) (agent ?OP ?SUB) (not (isAuthorisedFor ?SUB ?OP ?T))))))) (instance Configuring Selecting) (documentation Configuring "the activity of using a &%CMSystem to select appropriate development tools, components and documentation for a &%CCproduct.") (=> (and (instance ?CONFIG Configuring) (patient ?CONFIG ?CMIS1) (result ?CONFIG ?CMIS2) (agent ?CONFIG ?AGENT)) (and (instance ?CMIS1 CMitems) (instance ?CMIS2 CMitems) (subcollection ?CMIS2 ?CMIS1) (attribute ?AGENT Developer) (exists (?PROD ?CMS) (and (instance ?PROD CCproduct) (instance ?CMS CMSystem) (uses ?CMS ?AGENT) (holdsDuring (EndFn (WhenFn ?CONFIG)) (forall (?CMI) (=> (member ?CMI ?CMIS2) (isCMIFor ?CMI ?PROD)))))))) (subclass Confirming EvalProcess) (documentation Confirming "the process of reviewing in detail, where an independent determination of sufficiency needs to be made.") (=> (instance ?CONF Confirming) (exists (?DOC1 ?PROD ?DOC2 ?COMP) (and (instance ?DOC1 AssessmentEvidence) (instance ?PROD EvidenceProduction) (instance ?DOC2 AssessmentEvidence) (result ?PROD ?DOC2) (instance ?COMP Comparing) (patient ?COMP ?DOC1) (patient ?COMP ?DOC2)))) (instance contentValue BinaryPredicate) (instance contentValue AsymmetricRelation) (domain contentValue 1 CCobject) (domain contentValue 2 ContentBearingObject) (documentation contentValue "(contentValue ?OBJ ?VAL) states that the content of the &%CCobject ?OBJ is the &%ContentBearingObject ?VAL, which represents some kind of value.") (=> (contentValue ?OBJ ?VAL) (part ?VAL ?OBJ)) (instance correctop BinaryPredicate) (subclass correctop AsymmetricRelation) (domain correctop 1 TOE) (domain correctop 2 TSP) (documentation correctop "(correctop ?T ?SP) means that the &%TOE ?T operates correctly with respect to the &%TSP ?SP.") (=> (correctop ?T ?SP) (exists (?OPER ?ORES) (and (instance ?OPER Operation) (instance ?ORES OperationResult) (result ?OPER ?ORES) (holds ?SP ?ORES)))) (subclass Criterion Predicate) (documentation Criterion "a &%Predicate expressing the conditions for making some decision, such as whether an &%Entity passes a test.") ;;=============================================================== ;; D ;;=============================================================== (instance Delivered TOELifePhase) (documentation Delivered "the &%Attribute of a &%TOE which indicates that it has been delivered to its intended &%SiteOfOperation.") (=> (holdsDuring ?NOW (attribute ?T Delivered)) (exists (?DELI) (and (instance ?DELI Delivery) (patient ?DELI ?T) (before (EndFn (WhenFn ?DELI)) ?NOW)))) (instance delivers BinaryPredicate) (instance delivers AsymmetricRelation) (domain delivers 1 Agent) (domain delivers 2 Object) (documentation delivers "&%Relation between an &%Agent and an &%Object, such that (delivers ?AGENT ?OBJ) means that ?AGENT performs the process of &%Delivery of ?OBJ.") (=> (delivers ?AGENT ?OBJ) (exists (?DELI) (and (instance ?DELI Delivery) (agent ?DELI ?AGENT) (patient ?DELI ?OBJ)))) (subclass Delivery Transfer) (subclass Delivery TOEProcess) (documentation Delivery "the process which is performed by an &%Agent in order to transfer the &%TOE physically to its intended &%SiteOfOperation.") (=> (and (instance ?DELI Delivery) (patient ?DELI ?T) (destination ?DELI ?SITE)) (and (instance ?T TOE) (instance ?SITE SiteOfOperation) (holdsDuring (BeginFn (WhenFn ?DELI)) (attribute ?T Produced)) (holdsDuring (EndFn (WhenFn ?DELI)) (located ?T ?SITE)))) (subclass Demoing EvalProcess) (documentation Demoing "(CC: Demonstrating) the process of performing a detailed analysis leading to a conclusion, at a level of rigour lower than that of a proof.") (=> (instance ?DEMO Demoing) (exists (?ARG) (and (instance ?ARG Argument) (realization ?DEMO ?ARG)))) (instance dependsOn BinaryPredicate) (instance dependsOn TransitiveRelation) (instance dependsOn IrreflexiveRelation) (domain dependsOn 1 CCcomponent) (domain dependsOn 2 CCcomponent) (documentation dependsOn "a relationship between &%CCcomponents such that (dependsOn ?CCC1 ?CCC2) means that if a &%CCrequirement based on ?CCC1 is included in a &%PP, &%ST or &%Package, then a &%CCRequirement based on ?CCC2 must normally also be included in that &%PP, &%ST or &%Package.") (<=> (dependsOn ?CCC1 ?CCC2) (forall (?PPSTP) (and (instance ?PPSTP PPST) (=> (exists (?REQ1) (and (instance ?REQ1 CCrequirement) (prescribes ?PPSTP ?REQ1) (containsInformation ?CCC1 ?REQ1))) (exists (?REQ2) (and (instance ?REQ2 CCrequirement) (prescribes ?PPSTP ?REQ2) (containsInformation ?CCC2 ?REQ2))))))) (subclass DependedComponent CCcomponent) (documentation DependedComponent "a &%CCcomponent such that a &%CCrequirement based on this &%CCcomponent in a &%PP, &%ST or &%Package is mandated by the inclusion of another &%CCcomponent in the same &%PP, &%ST or &%Package.") (=> (instance ?COMP1 DependedComponent) (exists (?COMP2) (and (instance ?COMP2 CCcomponent) (dependsOn ?COMP1 ?COMP2)))) (subclass DependingComponent CCcomponent) (documentation DependingComponent "a &%CCcomponent such that a &%CCrequirement based on this &%CCcomponent in a &%PP, &%ST or &%Package mandates the inclusion of another &%CCcomponent in the same &%PP, &%ST or &%Package.") (=> (instance ?COMP1 DependingComponent) (exists (?COMP2) (and (instance ?COMP2 CCcomponent) (dependsOn ?COMP2 ?COMP1)))) (subclass Describing EvalProcess) (documentation Describing "the process of providing specific details of the &%Entity being evaluated.") (=> (and (instance ?DESC Describing) (patient ?DESC ?ENTITY) (result ?DESC ?DOC)) (and (instance ?ENTITY Entity) (instance ?DOC ContentBearingPhysical) (forall (?SUBDOC) (=> (part ?SUBDOC ?DOC) (exists (?DETAIL) (and (part ?DETAIL ?ENTITY) (represents ?SUBDOC ?DETAIL))))))) (subclass Determining EvalProcess) (documentation Determining "the process of carrying out an independent analysis with the aim of reaching a conclusion. There is no implication that any previous analysis has been carried out. Note that this distinguishes this process from &%Confirming or &%Verifying, where it is the results of an already existing analysis which are scrutinised.") (instance Developed TOELifePhase) (documentation Developed "the &%Attribute of a &%TOE which indicates that an implementation representation for it has been generated.") (=> (holdsDuring ?NOW (attribute ?T Developed)) (exists (?DMENT) (and (instance ?DMENT Development) (patient ?DMENT ?T) (before (EndFn (WhenFn ?DMENT)) ?NOW)))) (instance Developer CCRole) (documentation Developer "a &%CognitiveAgent who takes part in the process of &%Development of a &%CCproduct.") (<=> (attribute ?AGENT Developer) (exists (?PROD) (develops ?AGENT ?PROD))) (subclass Development TOEProcess) (documentation Development "the process of designing and implementing a &%CCproduct. This process results in the production of an &%ImplementationRep which represents the product.") (=> (and (instance ?DMENT Development) (patient ?DMENT ?T) (result ?DMENT ?IMPREP)) (and (instance ?T TOE) (instance ?IMPREP ImplementationRep) (represents ?IMPREP ?T))) (subclass DevelopmentEnvironment Environment) (documentation DevelopmentEnvironment "the &%Environment in which &%Development of the &%TOE takes place.") (=> (instance ?ENV DevelopmentEnvironment) (exists (?T) (isDevelopmentEnvironment ?ENV ?T))) (subclass DevelopmentTool SoftwareSystem) (documentation DevelopmentTool "a &%SoftwareSystem within the 6%DevelopmentEnvironment used during the process of &%Development of a &%TOE.") (=> (instance ?TOOL DevelopmentTool) (exists (?T ?ENV) (and (isDevelopmentEnvironment ?ENV ?T) (member ?TOOL ?ENV) (isToolFor ?TOOL ?T)))) (instance develops BinaryPredicate) (instance develops AsymmetricRelation) (domain develops 1 CognitiveAgent) (domain develops 2 CCproduct) (documentation develops "(&%develops ?AGENT ?PROD) means that the &%CognitiveAgent ?AGENT takes part in the process of &%Development of the &%CCproduct ?PROD.") (=> (develops ?AGENT ?PROD) (exists (?DEVEL) (and (instance ?DEVEL Development) (agent ?DEVEL ?AGENT) (patient ?DEVEL ?PROD)))) (subclass Documentation ContentBearingObject) (documentation Documentation "a &%ContentBearingObject describing a &%CCproduct.") (=> (instance ?DOCU Documentation) (exists (?PROD) (and (instance ?PROD CCproduct) (represents ?DOCU ?PROD)))) (subclass DocumentReview Judgement) (documentation DocumentReview "a form of &%Judgement in which the &%AssessmentEvidence has the form of an &%EvaluationDocument.") (=> (and (instance ?DOCREV DocumentReview) (patient ?DOCREV ?DOC)) (instance ?DOC EvaluationDocument)) ;;=============================================================== ;; E ;;=============================================================== (instance Embedded InstallationState) (documentation Embedded "the &%Attribute of a &%TOE which applies after the &%Process of &%Embedding in the operational environment has been performed during &%Installation.") (=> (holdsDuring ?NOW (attribute ?T Embedded)) (exists (?EMB) (and (instance ?EMB Embedding) (patient ?EMB ?T) (before (EndFn (WhenFn ?EMB)) ?NOW)))) (subclass Embedding DualObjectProcess) (subProcess Embedding Installation) (documentation Embedding "the &%Process of providing an &%OperationalEnvironment for a &%TOE as part of the &%Process of &%Installation.") (=> (and (instance ?EMB Embedding) (agent ?EMB ?AGENT) (patient ?EMB ?T) (patient ?EMB ?ENV)) (and (instance ?AGENT User) (instance ?T TOE) (isOperationalEnvironment ?ENV ?T) (holdsDuring (BeginFn (WhenFn ?EMB)) (attribute ?T Accepted)) (holdsDuring (EndFn (WhenFn ?EMB)) (attribute ?T Embedded)))) (subclass Enforcement IntentionalProcess) (documentation Enforcement "an activity whose goal is to ensure that a policy is obeyed.") (=> (instance ?ENF Enforcement) (exists (?POL) (and (instance ?POL Proposition) (modalAttribute ?POL Obligation) (hasPurpose ?ENF (attribute ?POL True))))) (subclass Ensuring EvalProcess) (documentation Ensuring "the process of carrying out an action where there is a strong causal relationship between the action and its consequences.") (=> (instance ?ENS Ensuring) (exists (?PROC) (causes ?ENS ?PROC))) (subclass Environment ITSystem) (documentation Environment "a &%Collection of software, firmware and hardware which lie outside the &%TOE and on which the &%Development or &%Operation of the &%TOE depends.") (=> (instance ?ENV Environment) (exists (?T) (and (instance ?T TOE) (forall (?SUBSYSE) (=> (member ?SUBSYSE ?ENV) (not (member ?SUBSYSE ?T))))))) (subclass EvalAttribute InternalAttribute) (documentation EvalAttribute "an &%Attribute of an &%EvalProcess, such as its degree of rigour.") (=> (and (attribute ?EVAL ?ATTR) (instance ?ATTR EvalAttribute)) (instance ?EVAL EvalProcess)) (subclass EvalProcess IntentionalProcess) (partition EvalProcess Confirming Demoing Describing Determining Ensuring Explaining Justifying Proving Specifying Verifying) (subProcess EvalProcess Evaluation) (documentation EvalProcess "a &%Process carried out as part of the task of &%Evaluation. The various processes correspond to various levels of rigour in the production of evidence.") (instance Evaluated TOEAttribute) (documentation Evaluated "the &%Attribute of a &%TOE which indicates that it has been evaluated. The attribute does not indicate whether the &%TOE has actually passed the evaluation.") (=> (holdsDuring ?NOW (attribute ?T Evaluated)) (exists (?EVAL) (and (instance ?EVAL Evaluation) (patient ?EVAL ?T) (before (EndFn (WhenFn ?EVAL)) ?NOW)))) (instance evaluates BinaryPredicate) (instance evaluates AsymmetricRelation) (domain evaluates 1 CognitiveAgent) (domain evaluates 2 CCproduct) (documentation evaluates "(&%evaluates ?AGENT ?PROD) means that the &%CognitiveAgent ?AGENT takes part in the process of &%Evaluation of the &%CCproduct ?PROD.") (=> (evaluates ?AGENT ?PROD) (exists (?EVAL) (and (instance ?EVAL Evaluation) (agent ?EVAL ?AGENT) (patient ?EVAL ?PROD)))) (subclass Evaluation Assessment) (documentation Evaluation "assessment of a &%PP, an &%ST or a &%TOE against defined &%Criteria. The result of this &%Process is an &%AssessmentResult, whose &%AssessmentVerdict attribute expresses the extent to which the item being evaluated fulfils the &%Criteria.") (=> (and (instance ?EVAL Evaluation) (agent ?EVAL ?AGENT) (patient ?EVAL ?OBJ)) (exists (?COMM) (and (instance ?COMM EvaluationCommunity) (member ?AGENT ?COMM) (attribute ?AGENT Evaluator) (or (instance ?OBJ PPST) (instance ?OBJ TOE))))) (subclass EvaluationAssuranceLevel AssuranceRequirements) (documentation EvaluationAssuranceLevel "(EAL) an assurance package, consisting of a &%Collection of &%AssuranceRequirements drawn from CC Part 3, representing a point on the CC predefined &%AssuranceScale.") (=> (instance ?EAL EvaluationAssuranceLevel) (exists (?SCALE ?LEVEL) (and (instance ?SCALE AssuranceScale) (instance ?LEVEL NonnegativeInteger) (lessThanOrEqualTo ?LEVEL (ListLengthFn ?SCALE)) (equal ?EAL (p2 (ListOrderFn ?SCALE ?LEVEL)))))) (subclass EvaluationAuthority Organization) (documentation EvaluationAuthority "a &%Body that implements the CC for a specific &%Community by means of an &%EvaluationScheme and thereby sets the standards and monitors the quality of &%Evaluations conducted by bodies within that &%Community.") (=> (instance ?EA EvaluationAuthority) (exists (?REG ?COMM ?SCHEME) (and (instance ?REG RegulatoryProcess) (instance ?COMM EvaluationCommunity) (instance ?SCHEME EvaluationScheme) (agent ?REG ?EA) (destination ?REG ?COMM) (realization ?REG ?SCHEME)))) (subclass EvaluationCommunity Community) (documentation EvaluationCommunity "a &%Community, (at least some of) whose members (at some time) conduct &%Evaluations.") (=> (instance ?COMM EvaluationCommunity) (exists (?MEMB ?PROD ?TIME) (and (member ?MEMB ?COMM) (holdsDuring ?TIME (evaluates ?MEMB ?PROD))))) (subclass EvaluationCriteria Collection) (documentation EvaluationCriteria "a &%Collection of &%EvaluationCriterion for a &%PP, &%ST or &%TOE.") (=> (and (instance ?CRITSET EvaluationCriteria) (member ?CRIT ?CRITSET)) (instance ?CRIT EvaluationCriterion)) (subclass EvaluationCriterion AssessmentCriterion) (documentation EvaluationCriterion "a description of a &%Criterion deciding the outcome of an &%Evaluation of a &%PP, an &%ST or a &%TOE (or &%TOEComponent).") (=> (instance ?CRIT EvaluationCriterion) (exists (?EVAL ?AGENT ?ERES ?VERDICT) (and (instance ?EVAL Evaluation) (instance ?VERDICT AssessmentVerdict) (agent ?EVAL ?AGENT) (result ?EVAL ?ERES) (hasPurpose ?CRIT (believes ?AGENT (attribute ?ERES ?VERDICT)))))) (subclass EvaluationDocument AssessmentEvidence) (documentation EvaluationDocument "a &%ContentBearingPhysical which describes some aspect of the system being evaluated, and can be used as evidence for certain forms of &%Assessment.") (=> (instance ?DOC EvaluationDocument) (exists (?SYST) (and (instance ?SYST CCproduct) (refers ?DOC ?SYST)))) (subclass EvaluationScheme Procedure) (documentation EvaluationScheme "the administrative and regulatory framework under which the CC is applied by an &%EvaluationAuthority within a specific &%EvaluationCommunity.") (=> (instance ?SCHEME EvaluationScheme) (exists (?EA ?COMM ?REG) (and (instance ?EA EvaluationAuthority) (instance ?COMM EvaluationCommunity) (instance ?REG RegulatoryProcess) (agent ?REG ?EA) (destination ?REG ?COMM) (realization ?REG ?SCHEME)))) (instance Evaluator CCRole) (documentation Evaluator "a &%CognitiveAgent who takes part in the process of &%Evaluation of a &%CCproduct.") (=> (attribute ?AGENT Evaluator) (exists (?PROD) (evaluates ?AGENT ?PROD))) (subclass EvidenceProduction IntentionalProcess) (subprocess EvidenceProduction Assessment) (documentation EvidenceProduction "the activity of producing &%AssessmentEvidence which can be held up against the &%Criteria used in a process of &%Judgement and hence as part of an &%Assessment.") (=> (and (instance ?EPROD EvidenceProduction) (result ?EPROD ?EVID)) (instance ?EVID AssessmentEvidence)) (subclass ExecOp OperationBySubject) (documentation ExecOp "an &%OperationBySubject which consists of starting a new &%CCsubject which will follow the &%Procedure given within the &%CCobject on which the &%OperationBySubject operates.") (=> (and (instance ?XOP ExecOp) (patient ?XOP ?OBJ) (contentValue ?OBJ ?VAL)) (exists (?PROC) (and (containsInformation ?VAL ?PROP) (holdsDuring (EndFn (WhenFn ?XOP)) (realization ?PROC ?PROP))))) (subclass Explaining EvalProcess) (documentation Explaining "the process of producing a set of reasons for why something happens or some action is taken. There is no implication that any attempt is made to argue that the course of action was necessarily optimal in any sense.") (=> (instance ?EXPL Explaining) (exists (?ARG) (and (instance ?ARG Explanation) (realization ?EXPL ?ARG)))) ;;=============================================================== ;; F ;;=============================================================== (instance Fail AssessmentVerdict) (documentation Fail "the &%AssessmentVerdict that the evaluation has been failed.") (instance Formal LanguageAttribute) (documentation Formal "expressed in a &%RestrictedSyntaxLanguage with defined &%MathematicalSemantics.") (=> (attribute ?TEXT Formal) (and (expressedInLanguage ?TEXT ?LANG) (instance ?LANG RestrictedSyntaxLanguage) (attribute ?LANG HasMathSemantics))) (subclass FunctionalRequirement CCrequirement) (documentation FunctionalRequirement "a &%CCrequirement describing the ability of a &%CCproduct to demonstrate a given behaviour in response to given events or other forms of input.") (=> (instance ?FR FunctionalRequirement) (exists (?SYST ?PROC ?IP ?OP ?PROP) (and (instance ?SYST ComputationalSystem) (instance ?PROC ComputerProcess) (instance ?IP ComputerData) (instance ?OP ComputerData) (modalAttribute (systemRunning ?PROC ?SYST) Possibility) (patient ?PROC ?IP) (result ?PROC ?OP) (instance ?PROP Predicate) (represents ?FR ?PROP) (modalAttribute (and (holds ?PROP @ROW) (inList ?IP (ListFn @ROW)) (inList ?OP (ListFn @ROW))) Obligation)))) ;;=============================================================== ;; G ;;=============================================================== (subclass Guidance Procedure) (documentation Guidance "a set of rules for the correct &%Delivery and &%Installation of the &%CCproduct, and the &%Operation, &%Management and use of the &%TOE as these activities apply to the (human) users, administrators, and integrators.") (=> (and (instance ?GUID Guidance) (subProposition ?RULE ?GUID)) (exists (?AGENT ?PROC) (and (instance ?AGENT CognitiveAgent) (or (attribute ?AGENT User) (attribute ?AGENT Administrator) (attribute ?AGENT Integrator)) (instance ?PROC TOEProcess) (agent ?PROC ?AGENT) (holdsObligation ?RULE ?AGENT)))) (subclass GuidanceDocumentation Documentation) (documentation GuidanceDocumentation "&%Documentation containing &%Guidance.") (=> (instance ?GDOC GuidanceDocumentation) (exists (?PART ?PROC) (and (part ?PART ?GDOC) (containsInformation ?PART ?PROC) (instance ?PROC Guidance)))) ;;=============================================================== ;; H ;;=============================================================== (instance HasDefinedSemantics LanguageAttribute) (documentation HasDefinedSemantics "an &%Attribute of a &%Language, expressing the fact that each valid syntactic construct of the %Language has a well-defined semantics in a given domain of interpretation.") (instance HasMathSemantics LanguageAttribute) (subAttribute HasMathSemantics HasDefinedSemantics) (documentation HasMathSemantics "an &%Attribute of a &%Language, expressing the fact that each valid syntactic construct of the &%Language has a well-defined semantics in a mathematical domain of interpretation, i.e. a domain defined by a set of axioms.") ;;=============================================================== ;; I ;;=============================================================== (subclass ImplementationRep ContentBearingPhysical) (documentation ImplementationRep "a representation of the &%TOE produced during the &%Process of &%Development.") (=> (instance ?IMPL ImplementationRep) (exists (?T) (and (instance ?T TOE) (represents ?IMPL ?T)))) (instance Inconclusive AssessmentVerdict) (documentation Inconclusive "the &%AssessmentVerdict that the result of the evaluation has been inconclusive.") (instance Informal LanguageAttribute) (documentation Informal "expressed in &%HumanLanguage.") (=> (attribute ?TEXT Informal) (and (expressedInLanguage ?TEXT ?LANG) (instance ?LANG HumanLanguage))) (subclass InstallationState TOEAttribute) (contraryAttribute InstallationState Embedded Secured) (documentation InstallationState "an &%Attribute which describes the status of the &%TOE within the &%Process of &%Installation.") (subclass Installation TOEProcess) (documentation Installation "the process which the &%User performs after &%Acceptance of the &%TOE to progress it to the &%SecureState as described in the &%ST, including the &%Embedding of the &%TOE in its &%OperationalEnvironment.") (=> (and (instance ?INST Installation) (agent ?INST ?AGENT) (patient ?INST ?T)) (and (instance ?T TOE) (instance ?AGENT User) (exists (?EMB) (and (instance ?EMB Embedding) (agent ?EMB ?AGENT) (patient ?EMB ?T) (before (EndFn (WhenFn ?EMB)) (EndFn (WhenFn ?INST))) (holdsDuring (BeginFn (WhenFn ?INST)) (attribute ?T Accepted)))))) (instance Installed TOELifePhase) (documentation Installed "the &%Attribute of a &%TOE which applies after the &%Process of &%Installation has been performed. The definition given here assumes that a &%TOE will be installed once and once only.") (=> (holdsDuring ?NOW (attribute ?T Installed)) (exists (?INST) (and (instance ?INST Installation) (patient ?INST ?T) (before (EndFn (WhenFn ?INST)) ?NOW)))) (instance installs BinaryPredicate) (instance installs AsymmetricRelation) (domain installs 1 Agent) (domain installs 2 Object) (documentation installs "&%Relation between an &%Agent and an &%Object, such that (installs ?AGENT ?OBJ) means that ?AGENT performs the process of &%Installation of ?OBJ.") (=> (installs ?AGENT ?OBJ) (exists (?INST) (and (instance ?INST Installation) (agent ?INST ?AGENT) (patient ?INST ?OBJ)))) (instance Integrator CCRole) (documentation Integrator "a &%CognitiveAgent whose task is to integrate parts of a &%TOE into a whole. This involves use of the CM system.") (=> (attribute ?AGENT Integrator) (exists (?T ?CMS) (and (instance ?T TOE) (instance ?CMS CMSystem) (holdsRight (uses ?CMS ?AGENT) ?AGENT)))) (instance Integrity SecurityProperty) (documentation Integrity "the &%Attribute of a &%TOE that information in the &%TOE cannot be changed by &%CCsubjects which are not authorised to do so.") (=> (holdsDuring ?NOW (attribute ?T Integrity)) (holdsDuring ?NOW (not (exists (?SUB ?OP) (and (instance ?OP WriteOp) (instance ?SUB CCsubject) (agent ?OP ?SUB) (not (isAuthorisedFor ?SUB ?OP ?T))))))) (instance isARFor TernaryPredicate) (domain isARFor 1 AssuranceRequirement) (domain isARFor 2 TOE) (domain isARFor 3 TSP) (documentation isARFor "(isARFor ?AR ?T ?SP) means that the &%AssuranceRequirement ?AR is one of the &%CCrequirements which must be met in order for the &%TOE T to meet the &%TSP ?SP.") (=> (isARFor ?AR ?T ?SP) (exists (?CG) (=> (attribute ?AR True) (isCGFor ?CG ?T ?SP)))) (instance isAuthorisedFor TernaryPredicate) (instance isAuthorisedFor AsymmetricRelation) (domain isAuthorisedFor 1 CCsubject) (domain isAuthorisedFor 2 OperationBySubject) (domain isAuthorisedFor 3 TOE) (documentation isAuthorisedFor "(isAuthorisedFor ?SUB ?OBS ?T) means that the &%CCsubject ?SUB is authorised to use the OperationBySubject ?OBS on the TOE ?T.") (=> (isAuthorisedFor ?SUB ?OBS ?T) (and (member ?SUB ?T) (modalAttribute (agent ?OBS ?SUB) Permission))) (instance isCGFor TernaryPredicate) (domain isCGFor 1 ConfidenceGround) (domain isCGFor 2 TOE) (domain isCGFor 3 TSP) (documentation isCGFor "(isCGFor ?CG ?T ?SP) means that the &%ConfidenceGround ?CG is a ground for confidence that the &%TOE T meets the &%TSP ?SP.") (=> (isCGFor ?CG ?T ?SP) (exists (?AGENT) (and (instance ?AGENT CognitiveAgent) (isEvidenceForAgent ?CG (correctop ?T ?SP) ?AGENT)))) (instance isCMIFor BinaryPredicate) (instance isCMIFor AsymmetricRelation) (domain isCMIFor 1 CMitem) (domain isCMIFor 2 CCproduct) (documentation isCMIFor "(isCMIFor ?CI ?PROD) is true if ?CI is a &%CMitem for the &%CCproduct ?PROD.") (=> (isCMIFor ?CMI ?PROD) (and (component ?CMI ?PROD) (refers ?CMI ?PROD))) (instance isConfigFor BinaryPredicate) (instance isConfigFor AsymmetricRelation) (domain isConfigFor 1 CMitems) (domain isConfigFor 2 CCproduct) (documentation isConfigFor "(isConfigFor ?CMIS ?PROD) is true if the set of &%CMitems ?CMIS is the appropriate set for the specific &%CCproduct ?PROD.") (=> (isConfigFor ?CMIS ?PROD) (=> (member ?CMI ?CMIS) (isCMIFor ?CMI ?PROD))) (instance isCriterion BinaryPredicate) (instance isCriterion AsymmetricRelation) (domain isCriterion 1 AssessmentCriterion) (domain isCriterion 2 AcceptanceProcedure) (documentation isCriterion "(isCriterion ?CRIT ?APROC) is true if ?CRIT is one of the &%AssessmentCriteria which must be fulfilled in order for the result of the &%AcceptanceProcedure ?APROC to be accepted.") (=> (isCriterion ?CRIT ?APROC) (exists (?ACRIT) (and (instance ?ACRIT AssessmentCriteria) (member ?CRIT ?ACRIT) (instrument ?APROC ?ACRIT)))) (instance isDevelopmentEnvironment BinaryPredicate) (instance isDevelopmentEnvironment AsymmetricRelation) (domain isDevelopmentEnvironment 1 Environment) (domain isDevelopmentEnvironment 2 TOE) (documentation isDevelopmentEnvironment "(isDevelopmentEnvironment ?ENV ?T) is true if ?ENV is a &%DevelopmentEnvironment for the &%TOE ?T. Note that the definition states that _every_ component of the development environment must be useful for the &%Development of at least one component of the &%TOE.") (=> (isDevelopmentEnvironment ?ENV ?T) (forall (?SUBSYSE) (=> (member ?SUBSYSE ?ENV) (exists (?SUBSYST) (and (member ?SUBSYST ?T) (exists (?DEV) (and (instance ?DEV Development) (patient ?DEV ?SUBSYST) (instrument ?DEV ?SUBSYSE)))))))) (instance isEDocFor BinaryPredicate) (instance isEDocFor AsymmetricRelation) (domain isEDocFor 1 AssessmentEvidence) (domain isEDocFor 2 TOE) (documentation isEDocFor "(isEDocFor ?DOC ?T) is true if ?DOC is a document produced during an &%Evaluation of the &%TOE ?T for use as &%AssessmentEvidence.") (=> (isEDocFor ?DOC ?T) (exists (?EVAL) (and (instance ?EVAL Evaluation) (patient ?EVAL ?T) (result ?EVAL ?DOC)))) (instance isEnvironmentFor BinaryPredicate) (instance isEnvironmentFor AsymmetricRelation) (domain isEnvironmentFor 1 Environment) (domain isEnvironmentFor 2 TOE) (documentation isEnvironmentFor "(isEnvironmentFor ?ENV ?T) is true if ?ENV is an &%Environment for the &%TOE ?T. Note that the definition states that _every_ component of the environment must be useful for the &%Development or &%Operation of at least one component of the &%TOE.") (=> (isEnvironmentFor ?ENV ?T) (or (isDevelopmentEnvironment ?ENV ?T) (isOperationalEnvironment ?ENV ?T))) (instance isEvidenceFor BinaryPredicate) (instance isEvidenceFor AsymmetricRelation) (domain isEvidenceFor 1 Physical) (domain isEvidenceFor 2 Formula) (documentation isEvidenceFor "(isEvidenceFor ?PHYS ?FORM) means that &%Physical entity ?PHYS is evidence which can cause &%CognitiveAgents to believe that &%Formula ?FORM is true.") (=> (isEvidenceFor ?PHYS ?FORM) (forall (?AGENT) (isEvidenceForAgent ?PHYS ?FORM ?AGENT))) (instance isEvidenceForAgent TernaryPredicate) (domain isEvidenceForAgent 1 Physical) (domain isEvidenceForAgent 2 Formula) (domain isEvidenceForAgent 3 CognitiveAgent) (documentation isEvidenceForAgent "(isEvidenceForAgent ?PHYS ?FORM ?AGENT) means that the &%Physical entity ?PHYS is evidence whose purpose is to get &%CognitiveAgent ?AGENT to believe that &%Formula ?FORM is true.") (=> (isEvidenceForAgent ?PHYS ?FORM ?AGENT) (hasPurposeForAgent ?PHYS (believes ?AGENT ?FORM) ?AGENT)) (instance isOperationalEnvironment BinaryPredicate) (instance isOperationalEnvironment AsymmetricRelation) (domain isOperationalEnvironment 1 Environment) (domain isOperationalEnvironment 2 TOE) (documentation isOperationalEnvironment "(isOperationalEnvironment ?ENV ?T) is true if ?ENV is a &%OperationalEnvironment for the &%TOE ?T. Note that the definition states that _every_ component of the operational environment must be useful for the &%Operation of at least one component of the &%TOE.") (=> (isOperationalEnvironment ?ENV ?T) (forall (?SUBSYSE) (=> (member ?SUBSYSE ?ENV) (exists (?SUBSYST) (and (member ?SUBSYST ?T) (exists (?OP) (and (instance ?OP Operation) (patient ?OP ?SUBSYST) (instrument ?OP ?SUBSYSE)))))))) (instance isSFRFor BinaryPredicate) (instance isSFRFor AsymmetricRelation) (domain isSFRFor 1 SFR) (domain isSFRFor 2 TOE) (documentation isSFRFor "(isSFRFor ?SFR ?T) is true if ?SFR is an &%SFR for the &%TOE ?T.") (=> (isSFRFor ?SFR ?T) (forall (?PROC) (=> (and (instance ?PROC TOEProcess) (patient ?PROC ?T)) (modalAttribute (holdsDuring (EndFn (WhenFn ?PROC)) (satisfies ?T ?SFR)) Obligation)))) (instance isToolFor BinaryPredicate) (instance isToolFor AsymmetricRelation) (domain isToolFor 1 DevelopmentTool) (domain isToolFor 2 TOE) (documentation isToolFor "(isToolFor ?TOOL ?T) is true if ?TOOL is a &%DevelopmentTool for the &%TOE ?T.") (=> (isToolFor ?TOOL ?T) (exists (?DEV) (and (instance ?DEV Development) (patient ?DEV ?T) (instrument ?DEV ?TOOL)))) (instance isTSPFor BinaryPredicate) (instance isTSPFor AsymmetricRelation) (domain isTSPFor 1 TSP) (domain isTSPFor 2 TOE) (documentation isTSPFor "(isTSPFor ?SP ?T) is true if ?SP is a &%TSP for the &%TOE ?T.") (=> (isTSPFor ?SP ?T) (exists (?DOC) (and (instance ?DOC PPST) (containsInformation ?DOC ?SP) (refers ?DOC ?T)))) (subclass Iteration CCoperation) (documentation Iteration "the use of more than one &%Requirement based on the same &%CCcomponent.") (=> (instance ?ITER Iteration) (exists (?OP1 ?OP2 ?COMP ?REQ1 ?REQ2) (and (instance ?OP1 CCoperation) (subprocess ?OP1 ?ITER) (instance ?OP2 CCoperation) (subprocess ?OP2 ?ITER) (instance ?COMP CCcomponent) (instance ?REQ1 Requirement) (instance ?REQ2 Requirement) (not (equal ?OP1 ?OP2)) (patient ?OP1 ?COMP) (patient ?OP2 ?COMP) (result ?OP1 ?REQ1) (result ?OP2 ?REQ2)))) (subclass ITSystem Collection) (documentation ITSystem "A &%Collection of hardware and software which operate together. Each portion of the &%ITSystem is a &%ComputationalSystem, which can be either a &%SoftwareSystem, a &%HardwareSystem or a &%ComputerNetwork.") (=> (and (instance ?SYST ITSystem) (member ?Subsys ?SYST)) (instance ?Subsys ComputationalSystem)) ;;=============================================================== ;; J ;;=============================================================== (subclass Judgement IntentionalProcess) (subprocess Judgement Assessment) (documentation Judgement "the activity of evaluating some evidence in relation to given &%AssessmentCriteria. The result of this process is an &%AssessmentResult which has &%Attributes which reflect the result of the evaluation.") (=> (and (instance ?JUDGE Judgement) (patient ?JUDGE ?EVID) (instrument ?JUDGE ?CRIT) (result ?JUDGE ?RES)) (and (instance ?EVID AssessmentEvidence) (instance ?CRIT AssessmentCriteria) (instance ?RES AssessmentResult))) (subclass Justifying EvalProcess) (documentation Justifying "the process of performing an analysis leading to a conclusion, at a level of rigour greater than that of &%Demoing. This requires significant rigour in terms of carefully and thoroughly explaining every step of a logical argument.") (=> (instance ?JUST Justifying) (exists (?ARG) (and (instance ?ARG Argument) (realization ?JUST ?ARG) (attribute ?JUST Rigorous)))) ;;=============================================================== ;; K ;;=============================================================== ;;=============================================================== ;; L ;;=============================================================== (subclass LanguageAttribute Attribute) (documentation LanguageAttribute "an &%Attribute which applies to &%Languages, describing the nature of their syntax and/or semantics.") (=> (and (attribute ?LANG ?ATTR) (instance ?ATTR LanguageAttribute)) (instance ?LANG Language)) ;;=============================================================== ;; M ;;=============================================================== (subclass MachineAgent Agent) (subclass MachineAgent Machine) (documentation MachineAgent "a &%Machine that has been enabled to operate autonomously, and that can therefore act as an &%agent for processes.") (=> (instance ?MAC MachineAgent) (exists (?PROC) (capability ?PROC agent ?MAC))) (subclass MathematicalSemantics Semantics) (documentation MathematicalSemantics "a relationship between the constructs of a &%Language and their meaning expressed in terms of mathematical objects such as sets, functions, relations and predicates.") (instance modifiesOpProps BinaryPredicate) (instance modifiesOpProps AsymmetricRelation) (domain modifiesOpProps 1 CognitiveAgent) (domain modifiesOpProps 2 TOE) (documentation modifiesOpProps "(ModifiesOpProps ?AGENT ?T) is true if the &%CognitiveAgent ?AGENT modifies the operational properties of the &%TOE ?T by changing the initialisation or other properties of the &%TSF.") (=> (modifiesOpProps ?AGENT ?T) (exists (?CHANGE ?SF) (and (instance ?CHANGE InternalChange) (instance ?SF TSF) (agent ?CHANGE ?AGENT) (patient ?CHANGE ?SF) (subCollection ?SF ?T)))) ;;=============================================================== ;; N ;;=============================================================== ;;=============================================================== ;; O ;;=============================================================== (subclass Operation Guiding) (subclass Operation TOEProcess) (documentation Operation "usage of the &%TOE after &%Delivery, &%Acceptance and &%Installation.") (=> (and (instance ?OPER Operation) (agent ?OPER ?USER) (patient ?OPER ?T)) (and (instance ?T TOE) (instance ?USER User) (holdsDuring (BeginFn (WhenFn ?OPER)) (attribute ?T Installed)))) (instance Operational TOELifePhase) (documentation Operational "the &%Attribute of a &%TOE which applies after the &%Process of &%Installation has been performed and the &%TOE has been put into operation.") (=> (holdsDuring ?NOW (attribute ?T Operational)) (exists (?OPER) (and (instance ?OPER Operation) (patient ?OPER ?T) (before (BeginFn (WhenFn ?OPER)) ?NOW) (before ?NOW (EndFn (WhenFn ?OPER)))))) (subclass OperationalEnvironment Environment) (documentation OperationalEnvironment "the &%Environment in which the &%TOE is operated.") (=> (instance ?ENV OperationalEnvironment) (exists (?T) (isOperationalEnvironment ?ENV ?T))) (subclass OperationBySubject Process) (partition OperationBySubject ReadOp WriteOp ExecOp) (documentation OperationBySubject "a specific type of activity in which a &%CCsubject operates on an &%CCobject.") (=> (instance ?OBS OperationBySubject) (exists (?SUB ?OBJ) (and (instance ?SUB CCsubject) (instance ?OBJ CCobject) (agent ?OBS ?SUB) (patient ?OBS ?OBJ)))) (subclass OperationResult ContentBearingPhysical) (documentation OperationResult "the result of operating a &%TOE. Note that this is defined as a &%ContentBearingPhysical, which contains the output and other state components which are produced or changed by the &%Process of &%Operation.") (=> (instance ?ORES OperationResult) (exists (?OPER) (and (instance ?OPER Operation) (result ?OPER ?ORES)))) (subclass OrganisationalSecurityPolicy Proposition) (documentation OrganisationalSecurityPolicy "(OSP) a set of security rules, procedures, practices, or guidelines imposed by an &%Organization.") (=> (instance ?OSP OrganisationalSecurityPolicy) (exists (?ORG ?REG) (and (instance ?ORG Organization) (instance ?REG Guiding) (agent ?REG ?ORG) (result ?REG ?OSP) (modalAttribute (attribute ?OSP True) Obligation)))) (instance Owner CCRole) (documentation Owner "a &%CognitiveAgent who owns a &%TOE") (=> (attribute ?AGENT Owner) (and (instance ?AGENT CognitiveAgent) (exists (?T) (and (instance ?T TOE) (possesses ?AGENT ?T))))) ;;=============================================================== ;; P ;;=============================================================== (subclass Package Pair) (documentation Package "a named set of either &%FunctionalRequirements or &%AssuranceRequirementss (e.g. EAL 3).") (=> (instance ?PACK Package) (and (instance (p1 ?PACK) SymbolicString) (instance (p2 ?PACK) ReqSet) (names (p1 ?PACK) ?PACK))) (instance Pass AssessmentVerdict) (documentation Pass "the &%AssessmentVerdict that the evaluation has been passed.") (instance passed BinaryPredicate) (instance passed AsymmetricRelation) (domain passed 1 TOEComponent) (domain passed 2 AcceptanceProcedure) (documentation passed "(passed ?PART ?APROC) means that the &%TOEComponent ?PART has passed the &%AcceptanceProcedure ?APROC.") (=> (passed ?PART ?APROC) (exists (?ARES) (and (instance ?ARES AssessmentResult) (result ?APROC ?ARES) (patient ?APROC ?PART) (attribute ?ARES Pass)))) (subclass PassiveEntity Entity) (documentation PassiveEntity "an &%Entity which does not itself initiate activities.") (=> (instance ?PE PassiveEntity) (not (exists (?PROC) (and (instance ?PROC Process) (agent ?PROC ?PE))))) (subclass PPST ContentBearingPhysical) (partition PPST ProtectionProfile SecurityTarget) (documentation PPST "the class of &%PPs or &%STs. These are documents which describe &%SecurityNeeds and amongst other things contain sets of SFRs and SARs.") (=> (instance ?DOC PPST) (exists (?NEED ?SSPEC ?SFRS ?ASPEC ?SARS) (and (instance ?NEED SecurityNeed) (instance ?SFRS SecurityFunctionalRequirements) (instance ?SARS SecurityAssuranceRequirements) (represents ?DOC ?NEED) (part ?SSPEC ?DOC) (represents ?SSPEC ?SFRS) (part ?ASPEC ?DOC) (represents ?ASPEC ?SARS)))) (instance prescribes BinaryPredicate) (instance prescribes AsymmetricRelation) (domain prescribes 1 PPST) (domain prescribes 2 CCrequirement) (documentation prescribes "(prescribes ?PPSTP ?REQ) means that the &%PP or &%ST ?PPSTP (which is a &%ContentBearingPhysical) includes a specification of the &%CCrequirement ?REQ.") (=> (prescribes ?PPSTP ?REQ) (exists (?PART) (and (part ?PART ?PPSTP) (represents ?PART ?REQ)))) (instance Produced TOELifePhase) (documentation Produced "the &%Attribute of a &%TOE which indicates that an implementation of the &%TOE has been produced from the implementation representation.") (=> (holdsDuring ?NOW (attribute ?T Produced)) (exists (?PROD) (and (instance ?PROD Production) (patient ?PROD ?T) (before (EndFn (WhenFn ?PROD)) ?NOW)))) (subclass Production TOEProcess) (documentation Production "production of an implementation of the &%TOE from an implementation representation.") (=> (and (instance ?PROD Production) (patient ?PROD ?T) (resource ?PROD ?IMPRES)) (and (instance ?T TOE) (instance ?IMPRES ImplementationRep) (represents ?IMPRES ?T) (holdsDuring (BeginFn (WhenFn ?PROD)) (attribute ?T Developed)))) (subclass ProtectionProfile PPST) (documentation ProtectionProfile "(PP) an implementation-independent statement of &%SecurityNeeds for a &%CCproductType.") (=> (instance ?ST SecurityTarget) (exists (?TYP) (and (instance ?TYP CCproductType) (refers ?ST ?TYP)))) (subclass Proving EvalProcess) (documentation Proving "the process of proving in a mathematical sense. This implies use of a procedure which is completely rigorous in all ways.") (=> (instance ?PROOF Proving) (exists (?ARG) (and (instance ?ARG ValidDeductiveArgument) (realization ?PROOF ?ARG) (attribute ?PROOF Rigorous)))) ;;=============================================================== ;; R ;;=============================================================== (subclass ReadOp OperationBySubject) (documentation ReadOp "an &%OperationBySubject which consists of extracting some information from an &%CCobject.") (=> (and (instance ?ROP ReadOp) (patient ?ROP ?OBJ) (contentValue ?OBJ ?VAL)) (result ?ROP ?VAL)) (subclass Refinement CCoperation) (documentation Refinement "the addition of details to a &%CCcomponent. The added details must not weaken the requirements described by the &%CCcomponent or refer to new topics outside the scope of the &%CCcomponent.") (=> (and (instance ?REF Refinement) (patient ?REF ?COMP)) (and (instance ?COMP CCcomponent) (forall (?TOPIC) (=> (holdsDuring (EndFn (WhenFn ?REF)) (refers ?COMP ?TOPIC)) (holdsDuring (BeginFn (WhenFn ?REF)) (refers ?COMP ?TOPIC)))) (exists (?PROP1 ?PROP2) (and (holdsDuring (BeginFn (WhenFn ?REF)) (containsInformation ?COMP ?PROP1)) (holdsDuring (EndFn (WhenFn ?REF)) (containsInformation ?COMP ?PROP2)) (entails ?PROP1 ?PROP2))))) (subclass Requirement Proposition) (documentation Requirement "a &%Proposition expressing an &%Obligation.") (=> (instance ?REQ Requirement) (modalAttribute (attribute ?REQ True) Obligation)) (subclass ReqSet Set) (documentation ReqSet "a &%Set of &%CCrequirements.") (<=> (and (instance ?REQS ReqSet) (element ?REQ ?REQS)) (instance ?REQ CCrequirement)) (subclass RestrictedSyntaxLanguage ArtificialLanguage) (documentation RestrictedSyntaxLanguage "an &%ArtificialLanguage with a formally defined &%Syntax.") (=> (instance ?LANG RestrictedSyntaxLanguage) (forall (?TEXT) (=> (expressedInLanguage ?TEXT ?LANG) (syntax ?TEXT ?LANG)))) (instance Rigorous EvalAttribute) (documentation Rigorous "rigorous, possibly to the extent of being based on mathematical principles, formal proofs etc.") ;;=============================================================== ;; S ;;=============================================================== (subclass SAR AssuranceRequirement) (subclass SAR SecurityRequirement) (documentation SAR "(SecurityAssuranceRequirement) an &%AssuranceRequirement related to the desired security properties of a &%CCproduct.") (instance satisfies BinaryPredicate) (instance satisfies AsymmetricRelation) (domain satisfies 1 TOE) (domain satisfies 2 Requirement) (documentation satisfies "(satisfies ?T ?REQ) means that the &%TOE ?T satisfies the &%Requirement ?REQ.") (=> (satisfies ?T ?REQ) (and (refers ?REQ ?T) (attribute ?REQ True))) (instance satisfiesAll BinaryPredicate) (instance satisfiesAll AsymmetricRelation) (domain satisfiesAll 1 TOE) (domain satisfiesAll 2 ReqSet) (documentation satisfiesAll "(satisfiesAll ?T ?REQS) means that the &%TOE ?T satisfies all the &%Requirements in the set of requirements ?REQS.") (=> (satisfiesAll ?T ?REQS) (forall (?REQ) (=> (element ?REQ ?REQS) (satisfies ?T ?REQ)))) (instance Secured InstallationState) (documentation Secured "the &%Attribute of a &%TOE which applies after it has been brought to the secure configuration defined in the ST as part of the &%Process of &%Installation.") (=> (holdsDuring ?NOW (attribute ?T Secured)) (exists (?SEC) (and (instance ?SEC Securing) (patient ?SEC ?T) (before (EndFn (WhenFn ?SEC)) ?NOW)))) (subclass Securing IntentionalProcess) (subProcess Securing Installation) (documentation Securing "the process of bringing the &%TOE into the secure configuration specified in the &%SecurityTarget. This configuration must be consistent with the &%SecurityObjectives for the &%OperationalEnvironment of the &%TOE.") (=> (and (instance ?SECU Securing) (patient ?SECU ?T)) (exists (?ST ?SOS ?OE) (and (instance ?T TOE) (instance ?ST SecurityTarget) (instance ?SOBS SecurityObjectives) (instance ?OE OperationalEnvironment) (containsInformation ?ST ?SOS) (refers ?SOBS ?T) (refers ?SOBS ?OE) (holdsDuring (BeginFn (WhenFn ?SECU)) (attribute ?T Embedded )) (holdsDuring (EndFn (WhenFn ?SECU)) (forall (?SO) (=> (element ?SO ?SOBS) (attribute ?SO True))))))) (subclass SecurityAssuranceRequirements ReqSet) (documentation SecurityAssuranceRequirements "a set of SARs which must all be satisfied in order to achieve the desired level of assurance for a &%CCproduct.") (=> (instance ?SARS SecurityAssuranceRequirements) (exists (?PROD) (and (instance ?PROD CCproduct) (=> (element ?REQ ?SARS) (and (instance ?REQ SAR) (modalAttribute (satisfies ?PROD ?REQ) Obligation)))))) (subclass SecurityAttack TOEProcess) (documentation SecurityAttack "an attempt to compromise the security of a &%System with respect to &%Confidentiality, &%Integrity or &%Availability.") (=> (and (instance ?ATT SecurityAttack) (agent ?ATT ?AGENT) (patient ?ATT ?T)) (and (instance ?T TOE) (instance ?AGENT CognitiveAgent) (hasPurposeForAgent ?ATT (holdsDuring (EndFn (WhenFn ?ATT)) (attribute ?T Compromised)) ?AGENT))) (subclass SecurityAttribute RelationalAttribute) (documentation SecurityAttribute "characteristics of &%CCsubjects and/or &%CCobjects that are used for the &%Enforcement of the &%TSP.") (=> (and (property ?ITEM ?SECA) (instance ?SECA SecurityAttribute)) (or (instance ?ITEM CCsubject) (instance ?ITEM CCobject))) (subclass SecurityFunctionalRequirements ReqSet) (documentation SecurityFunctionalRequirements "a set of SFRs which must all be satisfied in order to provide the desired security properties for a &%CCproduct.") (=> (instance ?SFRS SecurityFunctionalRequirements) (exists (?PROD) (and (instance ?PROD CCproduct) (=> (element ?REQ ?SFRS) (and (instance ?REQ SFR) (modalAttribute (satisfies ?PROD ?REQ) Obligation)))))) (subclass SecurityNeed Proposition) (documentation SecurityNeed "a goal for one or more of the security properties of a &%CCproduct.") (=> (instance ?NEED SecurityNeed) (exists (?PROD ?ATTR ?AGENT) (and (instance ?PROD CCproduct) (instance ?ATTR SecurityProperty) (instance ?AGENT CognitiveAgent) (refers ?NEED ?ATTR) (desires ?AGENT (attribute ?PROD ?ATTR))))) (subclass SecurityObjectives Set) (documentation SecurityObjectives "a &%Set of &%SO applying to a &%TOE.") (=> (instance ?SOBS SecurityObjectives) (exists (?T) (and (instance ?T TOE) (=> (element ?SO ?SOBS) (and (refers ?SO ?T) (instance ?SO SO)))))) (subclass SecurityProperty TOEAttribute) (subclass SecurityProperty InternalAttribute) (documentation SecurityProperty "an &%Attribute of a &%TOE which describes one of its security properties, such as &%Availability, &%Confidentiality or &%Integrity.") (subclass SecurityRequirement CCrequirement) (documentation SecurityRequirement "a &%CCrequirement related to the desired &%SecurityProperties of a &%CCproduct.") (=> (instance ?SR SecurityRequirement) (exists (?SEC ?PROD ?PROP) (and (instance ?SEC SecurityProperty) (instance ?PROD CCproduct) (refers ?SR ?PROD) (instance ?PROP Predicate) (represents ?SR ?PROP) (modalAttribute (and (holds ?PROP @ROW) (inList ?SEC (ListFn @ROW))) Obligation)))) (subclass SecurityTarget PPST) (documentation SecurityTarget "(ST) an implementation-dependent statement of &%SecurityNeeds for a specific identified &%TOE.") (=> (instance ?ST SecurityTarget) (exists (?T1) (and (instance ?T1 TOE) (refers ?ST ?T1) (forall (?T2) (=> (and (instance ?T2 TOE) (refers ?ST ?T2)) (equal ?T2 ?T1)))))) (subclass Selection CCoperation) (documentation Selection "the activity of specifying one or more items from a &%List in a &%CCcomponent.") (=> (and (instance ?SEL Selection) (patient ?SEL ?COMP)) (exists (?ELEM ?FORM1 ?FORM2 ?VSET1 ?VSET2) (and (instance ?COMP CCcomponent) (instance ?ELEM CCelement) (element ?ELEM ?COMP) (instance ?FORM1 Formula) (instance ?FORM2 Formula) (holdsDuring (BeginFn (WhenFn ?ASS)) (and (part ?FORM1 ?ELEM) (definesSet ?FORM1 ?VSET1))) (holdsDuring (EndFn (WhenFn ?ASS)) (and (part ?FORM2 ?ELEM) (not (part ?FORM1 ?ELEM)) (definesSet ?FORM2 ?VSET2))) (subset ?VSET2 ?VSET1)))) (subclass Semantics Proposition) (documentation Semantics "a &%Semantics is an element in a domain of interpretation for a linguistic construct.") (instance semantics BinaryPredicate) (domain semantics 1 LinguisticExpression) (domain semantics 2 Semantics) (documentation semantics "a relationship between the &%LinguisticExpressions of a given language and their meaning in some domain of interpretation. Thus (&%semantics ?EXPR ?INTERP) expresses the fact that the meaning of the &%LinguisticExpression ?EXPR in the language in question is ?INTERP in the agreed domain of interpretation.") (instance SemiFormal LanguageAttribute) (documentation SemiFormal "expressed in a &%RestrictedSyntaxLanguage with defined &%Semantics.") (=> (attribute ?TEXT SemiFormal) (and (expressedInLanguage ?TEXT ?LANG) (instance ?LANG RestrictedSyntaxLanguage) (attribute ?LANG HasDefinedSemantics))) (subclass SFR FunctionalRequirement) (subclass SFR SecurityRequirement) (documentation SFR "(Security Functional Requirement) a &%FunctionalRequirement related to the desired security properties of a &%CCproduct ") (subclass SiteOfOperation GeographicArea) (documentation SiteOfOperation "a spatial location at which &%Operation of a &%TOE can take place.") (=> (instance ?SOO SiteOfOperation) (=> (exists (?T ?PROC) (and (instance ?T TOE) (instance ?PROC Operation) (patient ?PROC ?T))) (located ?PROC ?SOO))) (subclass SO Proposition) (documentation SO "(Security Objective) a statement of intent to counter identified &%Threats and/or satisfy identified &%OrganisationalSecurityPolicies and/or &%Assumptions.") (=> (instance ?SO SO) (or (exists (?THR) (and (subclass ?THR Threat) (hasPurpose ?SO (exists (?COUNTER) (and (subclass ?COUNTER Process) (prevents ?COUNTER ?THR)))))) (exists (?OSP) (and (instance ?OSP OrganisationalSecurityPolicy) (hasPurpose ?SO (attribute ?OSP True)))) (exists (?ASS) (and (instance ?ASS Assumption) (hasPurpose ?SO (attribute ?ASS True)))))) (subclass Specifying Describing) (documentation Specifying "the process of providing specific details of the &%Entity being evaluated, at a level of rigour and precision greater than that of &%Describing.") (=> (instance ?SPEC Specifying) (and (instance ?SPEC Describing) (attribute ?SPEC Rigorous))) (instance Sponsor CCRole) (documentation Sponsor "a &%CognitiveAgent who takes part in the process of &%Funding the &%Development or &%Evaluation of a &%CCproduct.") (=> (attribute ?AGENT Sponsor) (exists (?PROD) (sponsors ?AGENT ?PROD))) (instance sponsors BinaryPredicate) (instance sponsors AsymmetricRelation) (domain sponsors 1 CognitiveAgent) (domain sponsors 2 CCproduct) (documentation sponsors "(&%sponsors ?AGENT ?PROD) means that the &%CognitiveAgent ?AGENT takes part in the process of &%Funding of the &%Development or &%Evaluation of &%CCproduct ?PROD.") (=> (sponsors ?AGENT ?PROD) (exists (?FUND ?PROC) (and (instance ?FUND Funding) (or (instance ?PROC Development) (instance ?PROC Evaluation)) (agent ?FUND ?AGENT) (hasPurposeForAgent ?FUND (terminates ?PROC) ?AGENT)))) (instance syntax BinaryPredicate) (domain syntax 1 LinguisticExpression) (domain syntax 2 Language) (documentation syntax "a set of rules for constructing the set of %LinguisticExpressions of a &%Language. (&%syntax ?EXPR ?LANG) means that ?EXPR is a properly constructed &%LinguisticExpression in the &%Language ?LANG.") (instance systemRunning BinaryPredicate) (instance systemRunning AsymmetricRelation) (domain systemRunning 1 ComputerProcess) (domain systemRunning 2 ComputationalSystem) (documentation systemRunning "(systemRunning ?PROC ?SYST) is true if the &%ComputerProcess ?PROC is running on a &%Computer which is part of the &%ComputationalSystem ?SYST.") (<=> (systemRunning ?PROC ?SYST) (exists (?COMP) (and (instance ?COMP Computer) (part ?COMP ?SYST) (computerRunning ?PROC ?COMP)))) (subclass SystemInterface ComputerProcess) (documentation SystemInterface "the mechanism for communicating between different parts of an &%ITSystem or between an external &%User and an &%ITSystem.") (=> (instance ?INTER SystemInterface) (exists (?AGENT1 ?AGENT2) (and (or (instance ?AGENT1 Agent) (instance ?AGENT1 ComputationalSystem)) (or (instance ?AGENT2 Agent) (instance ?AGENT2 ComputationalSystem)) (agent ?INTER ?AGENT1) (agent ?INTER ?AGENT2) (not (equal ?AGENT1 ?AGENT2))))) ;;=============================================================== ;; T ;;=============================================================== (subclass Testing Assessment) (documentation Testing "a form of &%Assessment in which the &%AssessmentEvidence is produced by execution of a &%TestProcess on the system being assessed.") (subclass TestProcess EvidenceProduction) (subProcess TestProcess Testing) (subclass TestProcess ComputerProcess) (documentation TestProcess "a &%ComputerProcess running on a &%ComputationalSystem, whose output is used as the basis for judging the correctness of some aspect of the design, implementation or configuration of the system.") (=> (and (instance ?TPROC TestProcess) (agent ?TPROC ?AGENT) (result ?TPROC ?DATA)) (exists (?SYST) (and (instance ?SYST ComputationalSystem) (instance ?DATA ComputerData) (instance ?AGENT CognitiveAgent) (holdsDuring (WhenFn ?TPROC) (systemRunning ?TPROC ?SYST)) (hasPurposeForAgent ?DATA (exists (?JUDGE) (and (instance ?JUDGE Judgement) (patient ?JUDGE ?DATA))) ?AGENT)))) (subclass TestResult AssessmentEvidence) (subclass TestResult ComputerData) (documentation TestResult "the &%AssessmentEvidence used in a &%Testing. This is &%ComputerData which results from execution of a &%TestProcess on the system being assessed.") (=> (instance ?TRES TestResult) (exists (?TPROC) (and (instance ?TPROC TestProcess) (result ?TPROC ?TRES)))) (subclass TestReview Judgement) (subprocess TestReview Testing) (documentation TestReview "a form of &%Judgement in which the &%AssessmentEvidence has the form of a &%TestResult which results from execution of a &%TestProcess.") (=> (and (instance ?TEST TestReview) (patient ?TEST ?TRES)) (instance ?TRES TestResult)) (subclass Threat Process) (documentation Threat "an action or event that could potentially cause harm to the &%TOE.") (=> (and (instance ?THR Threat) (patient ?THR ?T)) (and (instance ?T TOE) (modalAttribute (instance ?THR Damaging) Possibility))) (subclass ThreatAgent Entity) (documentation ThreatAgent "a method or thing used to exploit a &%Vulnerability in an information system.") (=> (instance ?TA ThreatAgent) (exists (?VUL) (and (instance ?VUL Vulnerability) (agent ?TA ?VUL)))) (subclass TOE CCproduct) (documentation TOE "(Target of Evaluation:) According to the CC, a &%CCproduct that has been &%Installed and is being &%Operated according to its &%Guidance. However, the CC also talk about Design, Development and Production of the TOE, which is confusing. In this ontology, we take the view that any &%CCproduct which is being progressed through the life-cycle phases of a TOE is a &%TOE.") (=> (instance ?T TOE) (exists (?ATTR) (and (instance ?ATTR TOELifePhase) (attribute ?T ?ATTR)))) (subclass TOEAttribute InternalAttribute) (documentation TOEAttribute "the &%Class of &%Attributes which apply to a &%CCproduct, describing its properties from the point of view of it being a TOE, i.e. its TOE life-cycle stage, installation, security properties etc.") (=> (and (attribute ?PROD ?ATTR) (instance ?ATTR TOEAttribute)) (instance ?PROD CCproduct)) (subclass TOELifePhase TOEAttribute) (contraryAttribute TOELifePhase Developed Produced Delivered Accepted Installed Operational Compromised) (documentation TOELifePhase "&%Attributes which describe the stage of a &%TOE within its life cycle, i.e. with respect to &%Development, &%Delivery, &%Acceptance, etc., together with the &%Attribute &%Compromised, which indicates that the &%TOE is no longer useful as a result of a &%SecurityAttack.") (subclass TOEComponent Collection) (documentation TOEComponent "a subcollection of a &%TOE that has a well-defined purpose. For simple &%TOEs, a &%TOEComponent would be the same as a &%Module; for more complex &%TOEs, a &%TOEComponent would be a &%Collection of &%Modules, analogous to a &%Subsystem; for very complex &%TOEs, a &%TOEComponent would be a &%Collection of &%Subsystems.") (=> (instance ?COMP TOEComponent) (exists (?T ?PURP) (and (instance ?T TOE) (subCollection ?COMP ?T) (instance ?PURP Formula) (hasPurpose ?COMP ?PURP)))) (subclass TOEProcess IntentionalProcess) (partition TOEProcess Development Production Delivery Acceptance Installation Operation SecurityAttack) (documentation TOEProcess "the main life cycle &%Processes for the &%TOE.") (subclass TSF Collection) (documentation TSF "TOE Security Functionality: a set consisting of all hardware, software, and firmware of the &%TOE that must be relied upon for the correct &%Enforcement of the &%TSP.") (=> (instance ?SF TSF) (exists (?T ?SP) (and (instance ?T TOE) (subCollection ?SF ?T) (isTSPFor ?SP ?T) (modalAttribute (hasPurpose ?SF (satisfiesAll ?T ?SP)) Obligation)))) (subclass TSFI SystemInterface) (documentation TSFI "TSF Interface: a means by which &%Users supply data to and/or receive data from the &%TSF.") (=> (instance ?INT TSFI) (exists (?USER ?TSF) (and (instance ?USER Agent) (instance ?TSF TSF) (or (and (agent ?INT ?USER) (destination ?INT ?TSF)) (and (agent ?INT ?TSF) (destination ?INT ?USER)))))) (subclass TSP SecurityFunctionalRequirements) (documentation TSP "TOE Security Policy: a description of the security properties of a &%TOE in the form of a set of &%SFRs in a &%PP or &%ST.") (=> (instance ?SP TSP) (exists (?DOC ?T) (and (instance ?DOC PPST) (instance ?T TOE) (containsInformation ?DOC ?SP) (refers ?DOC ?T)))) ;;=============================================================== ;; U ;;=============================================================== (instance User CCRole) (documentation User "an (human or machine) &%Agent outside the &%TOE which interacts with the &%TOE.") (=> (attribute ?AGENT User) (exists (?T ?PROC) (and (instance ?T TOE) (instance ?PROC Process) (located ?PROC ?T) (or (instance ?AGENT Human) (instance ?AGENT MachineAgent)) (not (member ?AGENT ?T)) (agent ?PROC ?AGENT)))) (instance userBinding BinaryPredicate) (domain userBinding 1 Agent) (domain userBinding 2 CCsubject) (documentation userBinding "(userBinding ?AGENT ?SUB) is true if the &%User ?AGENT is bound to the &%CCsubject ?SUB.") (=> (holdsDuring ?NOW (userBinding ?AGENT ?SUB)) (exists (?BIND) (and (instance ?BIND Binding) (patient ?BIND ?AGENT) (attribute ?AGENT User) (patient ?BIND ?SUB) (before (EndFn (WhenFn ?BIND)) ?NOW)))) ;;=============================================================== ;; V ;;=============================================================== (subclass Verifying Confirming) (documentation Verifying "the process of reviewing in detail, where an independent determination of sufficiency needs to be made, at a level of rigour greater than that of &%Confirming.") (=> (instance ?VERI Verifying) (and (instance ?VERI Confirming) (attribute ?VERI Rigorous))) (subclass Vulnerability Process) (documentation Vulnerability "a &%Weakness in the &%TOE that can be used to violate a &%Requirement of the &%TSP in some &%Environment.") (=> (instance ?VUL Vulnerability) (exists (?T ?ENV ?ATT) (and (instance ?T TOE) (isEnvironmentFor ?ENV ?T) (instance ?ATT SecurityAttack) (patient ?ATT ?T) (precondition ?VUL ?ATT)))) ;;=============================================================== ;; W ;;=============================================================== (subclass WorthFn BinaryFunction) (domain WorthFn 1 CognitiveAgent) (domain WorthFn 2 Formula) (range WorthFn ConstantQuantity) (documentation WorthFn "(WorthFn ?AGENT ?FORMULA) expresses the value (on some arbitrary scale) which the &%CognitiveAgent ?AGENT places on the &%Formula ?FORMULA being true.") (subclass WriteOp OperationBySubject) (documentation WriteOp "an &%OperationBySubject which consists of writing some information to a &%CCobject.") (=> (and (instance ?WOP WriteOp) (patient ?WOP ?OBJ)) (exists (?VAL1 ?VAL2) (and (holdsDuring (BeginFn (WhenFn ?WOP)) (contentValue ?OBJ ?VAL1)) (holdsDuring (EndFn (WhenFn ?WOP)) (contentValue ?OBJ ?VAL2)) (not (equal ?VAL1 ?VAL2))))) ;;=============================================================== ;; Auxiliary definitions, introduced here but really of much more ;; general utility. ;;=============================================================== (instance definesSet BinaryPredicate) (instance definesSet AsymmetricRelation) (domain definesSet 1 Formula) (domain definesSet 2 SetOrClass) (documentation definesSet "(definesSet ?FORM ?SET) is true if the &%Formula ?FORM defines the &%SetOrClass ?SET by comprehension.") (<=> (definesSet ?FORM ?SET) (exists (?VAR) (and (instance ?VAR SymbolicString) (isFreeIn ?VAR ?FORM) (equal ?SET (KappaFn ?VAR ?FORM))))) (subclass InformativeText Text) (documentation InformativeText "&%Text which provides additional information intended to assist the understanding or use of the document (ISO/IEC).") (=> (and (instance ?ITEXT InformativeText) (instance ?TEXT Text) (properPart ?ITEXT ?TEXT)) (hasPurpose ?ITEXT (exists (?INTERP) (and (instance ?INTERP Interpreting) (patient ?INTERP ?TEXT))))) (instance isFreeIn BinaryPredicate) (instance isFreeIn AsymmetricRelation) (domain isFreeIn 1 SymbolicString) (domain isFreeIn 2 Formula) (documentation isFreeIn "(isFreeIn ?VAR ?FORM) is true if the variable ?VAR is unbound in the &%Formula ?FORM.") (subclass NormativeText Text) (documentation NormativeText "&%Text which describes the scope of the document, and sets out provisions (ISO/IEC). Within &%NormativeText, the verbs &%Shall, &%Should, &%May, and &%Can have the ISO standard meanings described in this glossary and the verb &%Must is not used. Unless explicitly labelled as &%InformativeText, all &%Text within the CC is &%NormativeText.") (=> (and (instance ?NTEXT NormativeText) (represents ?NTEXT ?FORMULA)) (modalAttribute ?FORMULA Obligation)) (subclass Pair List) (documentation Pair "an ordered pair of &%Entities") (=> (instance ?PAIR Pair) (equal (ListLengthFn ?PAIR) 2)) (instance p1 UnaryFunction) (domain p1 1 Pair) (documentation p1 "projection function (p1 ?P) is the first element of the &%Pair ?P.") (=> (instance ?P Pair) (equal (p1 ?P) (ListOrderFn ?P 1))) (instance p2 UnaryFunction) (domain p2 1 Pair) (documentation p2 "projection function (p2 ?P) is the second element of the &%Pair ?P.") (=> (instance ?P Pair) (equal (p2 ?P) (ListOrderFn ?P 2))) (subclass SetComp Formula) (documentation SetComp "a &%Formula defining a &%Set by comprehension.") (<=> (instance ?COMP SetComp) (exists (?FORM ?VAR) (and (instance ?FORM Formula) (instance ?VAR SymbolicString) (isFreeIn ?VAR ?FORM) (equal ?COMP (KappaFn ?VAR ?FORM))))) (instance terminates UnaryFunction) (domain terminates 1 Process) (documentation terminates "(terminates ?PROC) is true if the &%Process ?PROC terminates before the &%TimePoint &%PositiveInfinity.") (<=> (terminates ?PROC) (terminatesBefore ?PROC PositiveInfinity)) (instance terminatesBefore BinaryPredicate) (instance terminatesBefore AsymmetricRelation) (domain terminatesBefore 1 Process) (domain terminatesBefore 2 TimePoint) (documentation terminatesBefore "(terminatesBefore ?PROC ?TIME) is true if the &%Process ?PROC terminates before the &%TimePoint ?TIME.") (<=> (terminatesBefore ?PROC ?TIME) (before (EndFn (WhenFn ?PROC)) ?TIME)) ;;==================================================================== ;; Extra definitions for computational systems and their components. ;; These are almost all taken from the collection QoSontology.kif and ;; are included here in order to make this file self-contained. ;;==================================================================== (instance productModel AsymmetricRelation) (subrelation productModel represents) (domain productModel 1 SymbolicString) (domainSubclass productModel 2 Product) (documentation productModel "(productModel ?Model ?Product) means that ?Model represents the type of the Product ?Product") (subclass ComputationalSystem Product) (documentation ComputationalSystem "Instances of &%ComputationalSystems include instances of &%SoftwareSystems, &%HardwareSystems, and &%ComputerNetworks.") (subclass Computer ElectricDevice) (documentation Computer "A general-purpose machine that processes data according to a set of instructions that are stored internally either temporarily or permanently.") (subclass ComputerNetwork ComputationalSystem) (documentation ComputerNetwork "The network includes the network operating system in the client and server machines, the cables connecting them and all supporting hardware in between such as bridges, routers and switches.") (subclass ComputerHardware EngineeringComponent) (documentation ComputerHardware "The hardware is the physical part of a computer system.") (<=> (instance ?Hardware ComputerHardware) (exists (?Computer) (and (instance ?Computer Computer) (component ?Hardware ?Computer)))) (subclass ComputerProcess InternalChange) (documentation ComputerProcess "An instance of &%ComputerProcess is a process which manipulates data in the computer.") (=> (instance ?Process ComputerProcess) (exists (?Computer ?Program) (and (instance ?Computer Computer) (computerRunning ?Process ?Computer) (instance ?Program ComputerProgram) (programRunning ?Process ?Program)))) (=> (programRunning ?Process ?Program) (exists (?Computer) (runningOn ?Program ?Computer))) (subclass ComputerFile ComputerData) (documentation ComputerFile "A collection of bytes stored as an individual entity. All data on disk is stored as a file with an assigned file name that is unique within the folder (directory) it resides in.") (subclass ComputerDirectory ComputerFile) (documentation ComputerDirectory "This is the class of catalogs that identify and locate instances of &%ComputerFiles. The catalog's entries consist of at least &%ComputerFile names and a physical address on a memory device of the &%ComputerFile or an index (e.g., file descriptor) into a table of &%ComputerFile physical addresses. &%ComputerDirectories are thus collections of data elements and must be named and stored on memory devices; hence, &%ComputerDirectory is a subset of &%ComputerFile.") (instance runningOn BinaryRelation) (domain runningOn 1 ComputerProgram) (domain runningOn 2 Computer) (documentation runningOn "(runningOn ?Program ?Computer) holds if the &%ComputerProgram ?Program is being executed on ?Computer.") (=> (runningOn ?Program ?Computer) (exists (?Process) (and (programRunning ?Process ?Program) (computerRunning ?Process ?Computer)))) (subrelation computerRunning instrument) (domain computerRunning 1 ComputerProcess) (domain computerRunning 2 Computer) (documentation computerRunning "(&%computerRunning ?Process ?Computer) means that the ComputerProcess ?Process is running on ?Computer.") (instance programRunning BinaryPredicate) (domain programRunning 1 ComputerProcess) (domain programRunning 2 ComputerProgram) (documentation programRunning "(&%programRunning ?Process ?Program) means that the &%ComputerProcess ?Process is executing the &%ComputerProgram ?Program.") (instance directoryOf BinaryPredicate) (domain directoryOf 1 ComputerFile) (domain directoryOf 2 ComputerDirectory) (documentation directoryOf "(&%directoryOf ?FILE ?DIRECTORY) means that the &%ComputerFile ?FILE is in the &%ComputerDirectory ?DIRECTORY.") (subclass SoftwareSystem ComputationalSystem) (documentation SoftwareSystem "This is the class of mutually supportive groups of instances of &%ComputerProgram for a single general purpose. For example, a database management system is a collection of many instances of &%ComputerProgram that work together to store, retrieve, modify, and delete data.") ;; "A software system is a group of computer programs for a single ;; general purpose" . (=> (instance ?System SoftwareSystem) (forall (?Program ?Process) (=> (and (part ?Program ?System) (programRunning ?Process ?Program)) (exists (?Purpose) (hasPurpose ?Process ?Purpose))))) (subclass HardwareSystem ComputerHardware) (subclass HardwareSystem ComputationalSystem) (documentation HardwareSystem "The class of hardware systems is the connection of three types of physical modules: instances of &%ComputerProcessor(s), &%ComputerMemory, and &%ComputerNetwork. &%ComputerProcessors execute instructions from &%ComputerPrograms, which usually include instructions to read and write data from memory, and send data via instances of &%ComputerNetworks.") ;; "A software system requires a hardware system to execute" . (=> (and (instance ?Software SoftwareSystem) (instance ?Process ComputerProcess) (programRunning ?Process ?Software)) (exists (?Hardware) (and (instance ?Hardware HardwareSystem) (computerRunning ?Process ?Hardware)))) ;; "A hardware system consists of three physical modules: processors, ;; memory, and networks" . (=> (instance ?System HardwareSystem) (exists (?Processor ?Memory ?Network) (and (instance ?Processor CPU) (component ?System ?Processor) (instance ?Memory ComputerMemory) (component ?System ?Memory) (instance ?Network ComputerNetwork) (component ?System ?Network)))) ;; "When the data is sent from HardwareSystems, it is send via ;; ComputerNetworks" . (=> (and (instance ?System ?HardwareSystem) (component ?Network ?System) (instance ?Event DataTransfer) (origin ?Event ?System)) (exists (?Network) (and (instance ?Network ComputerNetwork) (instrument ?Event ?Network)))) (instance runsOn BinaryPredicate) (instance runsOn AsymmetricRelation) (domain runsOn 1 ComputerProgram) (domain runsOn 2 Computer) (documentation runsOn "(runsOn ?Program ?Computer) means that ?Program is capable of running on ?Computer.") (=> (exists (?Process) (and (programRunning ?Process ?Program) (computerRunning ?Process ?Computer))) (runsOn ?Program ?Computer)) (subclass EnvironmentSoftwareAttribute Attribute) (documentation EnvironmentSoftwareAttribute "The class of attributes which correspond to environment variables. Environment variables are defined outside of a &%ComputerProgram, unlike ordinary variables that are defined in the source code of the &%ComputerProgram. Typically, the environment variable stores some value that many if not all &%ComputerProgams will need when they execute. An example is the environment variable PATH under Unix-like operating systems that stores the &%ComputerDirectories where executable &%ComputerPrograms can be found. Another example is the environment variable CLASSPATH for Java programs, which stores the directory where Java class files can be found that will be needed by any &%ComputerProgram written in Java.") (subrelation environmentAttributes property) (domain environmentAttributes 1 ComputerProgram) (domain environmentAttributes 2 EnvironmentSoftwareAttribute) (documentation environmentAttributes "(&%environmentAttributes ?Program ?Attribute) holds if ?Attribute is an &%EnvironmentSoftwareAttribute which describes the &%ComputerProgram ?Program.") (subclass ComputerInputDevice ComputerHardware) (documentation ComputerInputDevice "A peripheral device that generates input for the computer such as a keyboard, scanner, or mouse.") (subclass ComputerOutputDevice ComputerHardware) (documentation ComputerOutputDevice "Any peripheral that presents output from the computer, such as a screen or printer.") (subclass ComputerTerminal ComputerOutputDevice) (documentation ComputerTerminal "A &%ComputerOutputDevice for displaying information on some sort of screen or other reusable output surface. This is contrasted with a &%Printer, which places a substance on a surface that is for practical purposes, permanent.") (subrelation standardInputDevice instrument) (domain standardInputDevice 1 ComputerProcess) (domain standardInputDevice 2 ComputerInputDevice) (documentation standardInputDevice "(&%standardInputDevice ?PROCESS ?DEVICE) holds just in case the DEVICE is the predefined input channel with which the running version of the program PROCESS is initialised.") (=> (programRunning ?Process ?Program) (exists (?Device) (standardInputDevice ?Process ?Device))) (subrelation standardOutputDevice instrument) (domain standardOutputDevice 1 ComputerProcess) (domain standardOutputDevice 2 ComputerOutputDevice) (documentation standardOutputDevice "(&%standardOutputDevice ?PROGRAM ?DEVICE) holds just in case the DEVICE is the predefined output channel with which the running version of this program is initialised.") ;; "The program of the process contains information about the standard ;; output device of the process" (=> (programRunning ?Process ?Program) (exists (?Device) (standardOutputDevice ?Process ?Device))) (subrelation standardErrorDevice instrument) (domain standardErrorDevice 1 ComputerProcess) (domain standardErrorDevice 2 ComputerOutputDevice) (documentation standardErrorDevice "(&%standardErrorDevice ?PROGRAM ?DEVICE) holds just in case the DEVICE is the predefined error channel with which the running version of this program is initialised.") ;; "The program of the process contains information about the standard ;; error device of the process" (=> (programRunning ?Process ?Program) (exists (?Device) (standardErrorDevice ?Process ?Device))) (instance hostOf BinaryPredicate) (domain hostOf 1 ComputationalSystem) (domain hostOf 2 Computer) (documentation hostOf "(hostOf ?SYSTEM ?COMPUTER) means that ?COMPUTER is the host of the computational system ?SYSTEM.") (subclass ProcessStatus Attribute) (documentation ProcessStatus "A class of attributes. Each instance of &%ProcessStatus describes a status of a &%Process, such as &%ProcessFailure, &%ProcessSuccess, etc.") (instance ProcessFailure ProcessStatus) (documentation ProcessFailure "An attribute that denotes the failure of the &%Process to achieve its goal.") (instance ProcessSuccess ProcessStatus) (contraryAttribute ProcessSuccess ProcessFailure) (documentation ProcessSuccess "An attribute that denotes the success of the &%Process to achieve its goal.") (subrelation status property) (domain status 1 ComputerProcess) (domain status 2 ProcessStatus) (documentation status "(&%status ?PROCESS ?STATUS) holds if ?STATUS is the current status of ?PROCESS.") (=> (and (status ?Process ProcessFailure) (hasPurpose ?Process ?Purpose)) (not (holdsDuring (ImmediatePastFn (WhenFn ?Process)) ?Purpose))) (subclass ComputerComponent ComputerHardware) (documentation ComputerComponent "An instance of &%ComputerComponent is a piece of computer hardware that has measurable performance characteristics in terms of different units. Components include hard drives, the performance of which can be measured in terms of BitsPerSecond required to transfer data to and from the drive, network adapters, the performance of which can be measured by &%PacketsPerSecond units of data transfered to and from the adapter, and other common components like &%ComputerMemory and &%CentralProcessingUnit.") (subclass ComputerMemory ComputerComponent) (subclass HardDiskDrive ComputerComponent) (subclass CentralProcessingUnit ComputerComponent) (=> (instance ?Component ComputerComponent) (exists (?Unit) (unitMeasuringPerformance ?Component ?Unit))) (subclass NetworkAdapter ComputerComponent) (documentation NetworkAdapter "A network adapter, also known as a Network Interface Card or NIC, is a physical device installed in a computer on its system bus. Its purpose is to connect to a specific type of network, usually an ethernet or a token ring network.") (=> (instance ?NA NetworkAdapter) (exists (?Net) (and (instance ?Net ComputerNetwork) (connected ?NA ?Net)))) (instance Executable Attribute) (documentation Executable "Able to be run in its current format.") (<=> (exists (?Process) (programRunning ?Process ?Program)) (property ?Program Executable)) (subclass OperatingSystem SoftwareSystem) (documentation OperatingSystem "The master control program that runs the computer. It is the first program loaded when the computer is turned on, and its main part, called the kernel, resides in memory at all times. It may be developed by the vendor of the computer it's running in or by a third party.") (subclass SoftwareAttribute Attribute) (documentation SoftwareAttribute "The class of all attributes that are specific to &%SoftwareSystems.") (subclass DataSink ComputerInputDevice) (documentation DataSink "A device or part of the computer that receives data.") (=> (instance ?Sink DataSink) (exists (?Transfer) (and (instance ?Transfer DataTransfer) (destination ?Transfer ?Sink)))) (subclass ComputerUser CognitiveAgent) (documentation ComputerUser "Any individual who interacts with a computer.") (=> (instance ?User ComputerUser) (exists (?Computer) (and (instance ?Computer Computer) (uses ?User ?Computer)))) (subclass ComputerTask ComputerProcess) (documentation ComputerTask "In a multitasking environment, an independently running program or subprogram. Each task is assigned a task number.") (=> (instance ?Task ComputerTask) (exists (?Program ?Process) (and (part ?Task ?Process) (instance ?Process Multitasking) (programRunning ?Task ?Program)))) (subclass ComputerResource ComputationalSystem) (documentation ComputerResource "One element of hardware, software or data that is part of a larger system. For example, network resources are the available servers and printers in the network. Software resources can be programs, utilities or even smaller elements within a program. Data resources are the files and databases that can be accessed.") (=> (instance ?Resource ComputerResource) (exists (?System) (and (instance ?System ComputationalSystem) (part ?Resource ?System)))) (subclass NetworkResource ComputerResource) (documentation NetworkResource "Network resources are the available servers and printers in the network.") (=> (instance ?Resource NetworkResource) (or (instance ?Resource Server) (instance ?Resource Printer))) (subclass Printer ComputerOutputDevice) (documentation Printer "A device that converts computer output into printed images.") (subclass Server ComputationalSystem) (documentation Server "A computer in a network shared by multiple users. The term may refer to both the hardware and software or just the software that performs the service.") (subclass ComputerData ContentBearingObject) (documentation ComputerData "The term &%ComputerData refers to files and databases, text documents, and images.") (=> (instance ?Data ComputerData) (exists (?Hardware) (and (instance ?Hardware ComputerHardware) (located ?Data ?Hardware)))) (subclass ImageFile ComputerData) (documentation ImageFile "A picture (graphic) stored in a particular coding scheme and stored as a file. Note that this can include vector as well as raster images. Raster images will entail a particular number of horizontal and vertical pixels. Vector images will not entail a particular size or resolution.") (subclass Database ComputerData) (documentation Database "A set of related files that is created and managed by a database management system (DBMS).") (subrelation dataProcessed patient) (domain dataProcessed 1 ComputerProcess) (domain dataProcessed 2 ComputerData) (documentation dataProcessed "The data being processed during a &%ComputerProcess.") (subclass Abort ComputerProcess) (documentation Abort "To exit a function or application without saving any data that has been changed.") (instance processAborted BinaryPredicate) (instance processAborted AsymmetricRelation) (domain processAborted 1 Abort) (domain processAborted 2 ComputerProcess) (documentation processAborted "(&%processAborted ?Abort ?Process) means that the &%ComputerProcess ?Process is aborted as the result of ?Abort.") (=> (and (processAborted ?Abort ?Process) (dataProcessed ?Process ?Data)) (not (exists (?Save) (and (instance ?Save DataSaving) (dataProcessed ?Save ?Data))))) (subclass ProcessTask Abstract) (documentation ProcessTask "A function to be performed.") (=> (instance ?Task ProcessTask) (exists (?Process) (task ?Process ?Task))) (instance task BinaryPredicate) (instance task AsymmetricRelation) (domain task 1 ComputerProcess) (domain task 2 ProcessTask) (documentation task "(&%task ?Process ?Task) means that ?Task is a function to be performed by the &%ComputerProcess ?Process.") (subclass UsingAResource ComputerProcess) (documentation UsingAResource "A &%ComputerProcess which requires access to a &%ComputerResource.") (=> (instance ?Using UsingAResource) (exists (?Resource) (resourceUsed ?Using ?Resource))) (=> (and (instance ?Using UsingAResource) (resourceUsed ?Using ?Resource) (agent ?Using ?Agent)) (uses ?Agent ?Resource)) (subclass ReusingAResource ComputerProcess) (documentation ReusingAResource "To use the same resource again.") (=> (instance ?Using ReusingAResource) (exists (?Resource) (resourceUsed ?Using ?Resource))) (=> (and (instance ?Reusing ReusingAResource) (resourceUsed ?Reusing ?Resource)) (exists (?Using) (and (instance ?Using UsingAResource) (resourceUsed ?Using ?Resource) (earlier (WhenFn ?Using) (WhenFn ?Reusing))))) (subrelation resourceUsed patient) (domain resourceUsed 1 ComputerProcess) (domain resourceUsed 2 ComputerResource) (documentation resourceUsed "(&%resourceUsed ?Process ?Resource) means that the &%ComputerProcess ?Process has access to the &%ComputerResource ?Resource.") ;; UserAccount (subclass UserAccount ContentBearingObject) (documentation UserAccount "An established relationship between a user and a computer, network or information service. User accounts require a username and password, and new user accounts are given a default set of permissions.") (=> (instance ?Account UserAccount) (exists (?User) (hasAccount ?User ?Account))) ;; UserName (subclass UserName SymbolicString) (documentation UserName "The name a person uses to identify himself or herself when logging onto a computer system or online service.") (=> (hasAccount ?User ?Account) (exists (?Name) (userName ?User ?Name))) ;; userName (subrelation userName names) (instance userName AsymmetricRelation) (domain userName 1 ComputerUser) (domain userName 2 UserName) (documentation userName "(&%userName ?Name ?User) means that ?Name is the name the &%ComputerUser uses to identify himself or herself when logging onto a computer system.") ;; hasAccount (subrelation hasAccount possesses) (instance hasAccount AsymmetricRelation) (domain hasAccount 1 ComputerUser) (domain hasAccount 2 UserAccount) (documentation hasAccount "(&%hasAccount ?User ?Account) holds if ?User is assigned the &%UserAccount ?Account.") ;; ComputerPassword (subclass ComputerPassword SymbolicString) (documentation ComputerPassword "A word or code used to serve as a security measure against unauthorized access to data. It is normally managed by the operating system or DBMS.") (=> (hasAccount ?User ?Account) (exists (?Password) (password ?Password ?User))) ;; password (subrelation password names) (instance password AsymmetricRelation) (domain password 2 ComputerUser) (domain password 1 ComputerPassword) (documentation password "(&%password ?Password ?User) means that ?Password is the password the &%ComputerUser uses while logging onto a computer system.") (subclass Report ComputerData) (documentation Report "A collection of data, presented in a preformatted manner.") (subrelation hostStatus attribute) (domain hostStatus 1 Computer) (domain hostStatus 2 ComputerStatus) (documentation hostStatus "(&%hostStatus ?Computer ?Status) means that ?Status describes the status of the Computer, such as &%HostDown, &%HostReady.") (subclass ComputerStatus Attribute) (documentation ComputerStatus "An attribute which describes status of the &%Computer, such as &%HostDown, &%HostReady.") (instance HostDown ComputerStatus) (documentation HostDown "An attribute which applies to a computer that ceases to operate due to hardware or software failure.") (instance HostReady ComputerStatus) (documentation HostReady "An attribute which applies to a computer that is functional, operating properly, and ready to receive work requests.")