Informal Evaluation Methods

An informal evaluation allows identifying vulnerabilities independent of formal requirements. This procedure is useful e.g. for smart cards for Pay-TV or mobile applications since there are no formal requirements for these products.

Our expertise

In addition to formal methods, SRC also offers informal evaluation methods. When conducting informal evaluations, SRC applies the knowledge gained from a large number of formal evaluations. The customer benefits from SRC’s extensive experience e.g. in the analysis of operating systems (hardening) or the verification of resistance against typical hardware attacks.

Our offer

SRC performs the following steps during informal evaluations:

  • The customer and SRC discuss and jointly define the scope of the evaluation, i.e. they identify the parts of the product or system that should be evaluated.
  • The customer and SRC perform a security analysis which then serves as a basis for defining the security requirements the product should meet; these requirements should therefore be checked during the evaluation.
  • The decision on concrete evaluation methods is then based on the defined security requirements. Possible methods are: document-based design analysis, code-analysis, functional interface tests or penetration tests. It is of course possible to take budget considerations into account when defining the testing methods.

The Customer and SRC discuss and agree on how the evaluation results should be documented. 

Contact

Detlef Kraus
Dr. Bertolt Krüger
Sandro Amendola
Thilo W. Pannen
Christina Dahl

info[at]src-gmbh.de
telephone: +49(0)228 2806-0
telefax: +49(0)228 2806-199