Security Evaluation

Fraunhofer Institute for Applied and Integrated Security

Security Evaluation
© Fraunhofer AISEC / Volker Steger

IT systems are nowadays part of our daily live and part of many common devices. They perform various sophisticated, and sometimes safety-critical tasks. Security has a direct impact on safety. Lack of security can cause loss of reputation, loss of revenue, and even liability claims.

Many security holes are caused by design or implementation faults. Often developers are not aware of the whole bandwidth of possible attacks on their system. An analysis and evaluation of the system's security aspects is often never done. In addition, security rivals with other goals as costs, duration of the development process, and functionality.

A security evaluation is a crucial part of a high-quality system development. With a security evaluation during the development process, threats can be detected and corrected early. But also after the end of a project, a security evaluation can be useful to know existing threats and potential vulnerabilities of your system, e.g., to avoid them in future systems.

Expertise

Fraunhofer AISEC offers comprehensive and independent tests for the security evaluation of distributed and embedded systems, hardware and software products, or web-based and cloud services. For this purpose, Fraunhofer AISEC can resort to its modern test labs to conduct security tests, compliance tests, and interoperability tests.

Skills and services at a glance

  • analyses of vulnerabilities of products and solutions
  • technical pre-auditing
  • side channel analyses and fault-attacks on embedded systems
  • fault-detection and fault-tolerance in digital circuits
  • embedded system security evaluation
  • tamper-resistant design strategies
  • development and improvement of countermeasures
  • penetration tests
  • analysis of systems and applications
  • development of test cases
  • security evaluation of cloud services and platforms, also in compliance with the minimal requirements of the BSI
  • verification of privacy issues of cloud services, web servers, etc.