 |
Security Evaluation Services |
Through
a combination of expertise in security methodology, Java™ software and
hardware security, Trusted Labs assess your product’s security level
within proprietary or standard schemes.
Evaluation activities
The evaluation activities are divided into three main categories:
• Static analysis of source code
• Functional and security test suites
• Attack simulation
Static analysis
Static analysis consists of reviewing the source code of
applications and operating systems, either in white box mode or with a
dedicated tool.
 Automatic code review through TL ADT
Challenging the Java application bytecode (CAP file) against security
rules defined by or for the certification authority. Implementing the
rules inside TL ADT allows an exhaustive examination of the source code.
White box review
Performing native or Java source code review (smart card, terminals) by
our experts in security of embedded systems and Java Card™. Can be
preceded by security guidelines for developers, in order to set common
security requirements.
|
|
Functional and security test suite
Trusted Labs develops and runs test suites for product evaluations,
with two levels of coverage. For more flexibility in the product
evaluation process, these tests can be performed either on final
devices or on emulator boards.
Functional test suite
Checking the compliance of a product against its specifications.
Security test suite
Checking the robustness of the application when stressing it under
extreme conditions. Security test suites have a coverage beyond the
functional level and focus on application weaknesses and
inconsistencies. In particular, they use hidden effect detection and
combinatorial tests.
|
|
All
test suite are based on the TL CAT test environment, helping to improve
test coverage and diagnosis. For more details, see test services and tools.
Attack simulation
To tackle the security of embedded applications beyond test suites,
Trusted Labs performs software attacks and pilots physical attacks in
hardware laboratories.
Logical attacks
Identifying vulnerabilities inside a Java platform to determine the
physical tests roadmap, based on illegal access attempts and software
reverse engineering.
Physical attacks
Piloting the external hardware laboratory to optimize the focus of
physical attacks. Management based on the results of the previous
evaluation steps (static analysis, test suites, logical attacks).
|
|
CAST program
Trusted Labs evaluates Java Card™ platforms and M/Chip4 applications
within the scope of the MasterCard CAST program (Compliance Assessment
and Security Testing). These evaluations are performed with a high
degree of effectiveness thanks to security-dedicated test suites and
security tools for static bytecode analysis.
For more details on the CAST evaluations (questions on process,
training on CAST process and requirements), please contact us at contact@trusted-labs.com.
Markets
Trusted Labs’ evaluation services are intended for consortia managing
smart cards and terminals (banking, identity, health and government)
and also product issuers (smart card vendors, terminal vendors, mobile
operators, security product issuers, etc.).
For more information, contact us at contact(@)trusted-labs(.)com.
Next page : References in Evaluation Services
Back to the top
