Center for excellence in cybersecurity research

With over 4,000 square meters of lab area, Fraunhofer AISEC has more space for more researchers, more space for test environments, more space for innovative security labs and more space for collaborations and projects.

With its state-of-the-art lab environments, the Fraunhofer AISEC cybersecurity center offers the latest technologies for security analysis and for enhancing cybersecurity, as well as an ideal infrastructure for working on security-critical projects. It provides numerous opportunities to directly experience the effect of protective mechanisms.

Software Security Lab

In the Software Security Lab, approaches to software analysis and preventive hardening of software are researched. The goal of the researched technologies is on the one hand to find and fix vulnerabilities in programs and on the other hand to prevent the exploitation of vulnerabilities by preventive security measures. To detect vulnerabilities, methods of static code analysis are used (among others), with a focus on system-related programming languages. Memory-unsafe programming languages such as C and C++, as well as memory-safe programming languages such as Rust, are examined. In addition, dynamic software analysis and instrumentation of code are used, such as for efficient fuzzing of software APIs. In software hardening technologies, the focus is on compiler-based security mechanisms, such as control flow integrity (CFI) or memory safety. In addition to the development of new methods, existing approaches from the current state of research are evaluated with respect to their practicability and integrability into existing systems.

Test lab for IoT security

In the test lab for IoT security, the software of networked devices is analyzed with the aim of finding and correcting bugs. The focus is on devices for which the complete source code is usually not available. In the simplest case, external (externally accessible) interfaces (black box) are tested, for example with fuzzing tools. Much more efficient and usually preferable is a setup with access to debug functions of the device to better analyze the behavior. The extraction of the firmware and the static as well as dynamic analysis of the firmware, such as the (partial) execution of the firmware in a simulation environment or a virtual machine as well as the instrumentation of parts of the firmware, is also helpful.

Test lab for isolation mechanisms

In the test lab for isolation mechanisms, the software of complex, modularized software stacks is tested (greybox/whitebox) with the aim of evaluating isolation mechanisms and finding and correcting bugs in them.
The focus is on the isolation or the isolation properties of system-related components, such as kernel, hypervisor, or trusted execution environments. An appropriate, partially technology-specific setup is used to perform tests, consisting of several components, for example: isolated process with reduced privileges in a sandbox, a privileged process in the kernel or hypervisor, and a monitoring and control tool outside the target of evaluation. The underlying technologies are often used in a domain-specific manner, but the approach is not domain-specific.

Fraunhofer AISEC's demonstrator room offers sufficient space to present current research projects. Currently, ten exhibits are on permanent display in the exhibition room: from live hacking to adversarial examples using facial recognition as an example to solutions for trustworthy goods tracking using trackchain technology.