Platform Security Testing

If your product is a computing platform, be it an embedded device expected to run code written by someone else, a System-On-a-Chip (SoC), or a cloud environment, security needs to be engineered into the platform components to ensure a secure ecosystem.

Our services

intWave is experienced in testing the security of reference platforms and platform components that could be device-agnostic such as operating systems, bootloaders, TEEs, TPMs, Secure Enclaves, Cryptographic Coprocessors etc.

Platform security components are examined per required functionalities (e.g. Authentication, Secure Firmware Updates, Secure Boot, Verified Boot, Full Disk Encryption, Attestation, Isolation, Execution of Digitally Signed Software etc.).

Our Platform Security Testing service is a deep dive into validating the proper implementation, integration and operation of the various platform components leading to a resilient and secure computing platform.

Deliverables

  • Detailed Security Assessment (and retest) report consisting of
    • An Executive Summary
    • A Walkthrough describing how the assessment was conducted with demonstrations of findings and proof-of-concept attacks
    • A detailed description of identified vulnerabilities with clear reproduction steps
    • Vulnerability impact & risk analysis
    • Detailed vulnerability resolution recommendations
  • Letter of Assessment

Other related services

  • Source Code Auditing for the inspection in depth of system libraries and other software in the platform (or platform component) ecosystem.
  • Web, Mobile or Desktop Application Security Testing to examine the security of Companion Applications and Backend systems in the platform ecosystem.
  • Secure Product Design to help implement new secure-by-design mechanisms.
  • Security R&D to obtain prototypes of non-trivial security features in hardware or software.
  • Product Security Documentation such as a Security Architecture document, that assists in platform development, marketing and customer procurement processes.
  • Secure Development Training to further educate on vulnerability patterns that were identified during testing.

Benefits

  • Early discovery of platform vulnerabilities.
  • In-depth security evaluation using advanced techniques (e.g. source code auditing, reverse engineering, fuzz testing, fault injection, static / dynamic analysis, emulation & rehosting).
  • Implementation of secure product building blocks ready for integration.
  • Examination of platform security controls with reference to regulatory requirements and industry standards.
  • Remediation of security vulnerabilities through expert guidance.
  • Efficient project management with bi-weekly updates and integration with client task management tools.
  • Prevention of reputational and financial damage arising from cyber risks.
Schedule a meeting