From 0beeb7eef89d609af17a357829a6c841bf8916eb Mon Sep 17 00:00:00 2001 From: Arthur Grisel-Davy Date: Mon, 2 Oct 2023 09:54:12 -0400 Subject: [PATCH] gramarly timetable --- PhD/research_proposal/timetable.tex | 76 ++++++++++++----------------- 1 file changed, 30 insertions(+), 46 deletions(-) diff --git a/PhD/research_proposal/timetable.tex b/PhD/research_proposal/timetable.tex index daec07a..b6f7a5f 100644 --- a/PhD/research_proposal/timetable.tex +++ b/PhD/research_proposal/timetable.tex @@ -2,17 +2,11 @@ The planned work is segmented into three main parts: finishing the \gls{dsd}, building the data acquisition system and building to algorithm for the single-source multi-measure system, and setting up an experiment for the multi-source single-measure system. Each of these three parts has its own specificities and challenges that call for careful planning. -\section{Spring 2023} -The main focus for this term is the writing of the \gls{dsd} paper. -The algorithm has now reached a satisfactory state with a good range of detection and useful precision. -However, more experiments are required to evaluate the robustness and capabilities of the detector in a wider variety of situations. -The goal for this paper is the submission to a major conference in the next term. - \section{Fall 2023} This term will have a dual goal. On one hand, finishing the \gls{dsd} paper and submitting it to a conference. On the other, start working on the single-source multi-measure capture system. -The current capture system is composed of a PoE box that is placed in series with the machine to monitor. +The current capture system is composed of a box placed in series with the machine to monitor. This system is reliable and serves its purpose perfectly, but it is not possible to fit in a more constrained space or able to measure multiple consumptions at once. The single-source multi-measure system aims for integration in the machine with minimal modification to allow for easy \textit{drop-in} installation. The goal could be a computer's \gls{psu} or an external box with multiple measurement systems. @@ -20,7 +14,7 @@ In any case, the design and prototyping of this new measurement system is an imp \section{Winter 2024} Fall 2023 will be dedicated to designing and evaluating the single-source multi-measure system. -The challenge of this work is to enable the processing of multi-variate time series to yield better results. +This work's challenge is enabling the processing of multi-variate time series to yield better results. The system's performances will be put in perspective with the capabilities of the DSD (single-source single-measure). A series of experiments will also provide a complementary evaluation of the performances of these new techniques. The experiments will be collected in a paper with a publication aimed at the next term. @@ -32,70 +26,60 @@ For this third system, the capture system is already available. The workload is mainly centred on the design of the processing algorithm. \section{Complementary Projects} -Although it is difficult to plan work after one year, there are some complementary projects that I intend on exploring. +Although it is difficult to plan work after one year, there are some complementary projects that are worth exploring. \textbf{Cover Channel:} -Some work in the litterature explored potential of power consumption as a covert channel. -This application is complementary with the defense work I am focusing on in this thesis. -As an attacker trying to exfiltrate information from a machine, understanding the method from generating meaningfull power consumption patterns is crucial. -This work provide insights on how different applications generate specific consumption patterns. +Some work in the literature explored the potential of power consumption as a covert channel. +This application complements the defense work that this thesis focuses on. +As an attacker trying to exfiltrate information from a machine, understanding the method of generating meaningful power consumption patterns is crucial. +This work provides insights into how different applications generate specific consumption patterns. A 1b/s covert channel already successfully extracted a private ECDSA SSH key through AC/DC transformers with an MSSM setup. -I intend on improving the capabilities of this covert channel as a complementary project for this thesis. +The improved capabilities of this covert channel will serve as a complementary project for this thesis. \textbf{Specific Activities Detection:} -Some users activities carry so much potential threats that detecting them quickly is interesting. +Some user's activities carry so many potential threats that detecting them more rapidly is interesting. For example, plugging in a USB device is an entry point for many attacks \cite{cannoles2017hacking, NISSIM2017675, su2017usb}. Fortunately, USB devices have a direct impact on the power consumption of a machine as they draw their power from the host. -Detecting this specific event enable the collection of trusted logs usefull for forensics or log verification tasks. +Detecting this specific event enables the collection of trusted logs useful for forensics or log verification tasks. The current work on this problem is exploring signal processing methods to build a reliable detector with the least false positive rate while still detecting all USB events. -This problem is complementary to the more general pattern detection problem that this thesis explores as a reduction to practice that, once again, provide a better understanding of the variety of patterns present in a power consumption trace. +This problem is complementary to the more general pattern detection problem that this thesis explores as a reduction to practice that, once again, provides a better understanding of the variety of patterns present in a power consumption trace. \section{Alternative Courses of Action} -Many unforseen event can disturb a a research plan on multiple years. -Although it is not possible to plan an alternative course of action for each case, here are some ways to continue this thesis under different conditions. +Many unforeseen events can disturb a research plan spanning multiple years. +Although it is impossible to plan an alternative course of action for each case, here are some ways to continue this thesis under different conditions. \textbf{Pandemic or Global Lockdown Situation:} The recent years reminded us that a global lockdown can become a necessity in a matter of months. -Without access to the university, the xork of this thesis remain possible. -Thanks to the great work of all the people at Palitronica Inc. the capture system is deployable anywhere with an internet connection. -Many experiment were already performed outside of the lab and it is even possible to store data on premise for complete offline work. -I already experienced this situation in 2020 when the university closed and I continued the work at home with some lab equipement. -The xPSU project was entirely developped off-campus. +Without access to the university, the work of this thesis remains possible. +Thanks to the great work of all the people at Palitronica Inc., the capture system is now a robust product deployable anywhere with an internet connection. +Many experiments were already performed outside of the lab, and it is even possible to store data on-premise for complete offline work. +I already experienced this situation in 2020 when the university closed, and I continued to work at home with some lab equipment. +The xPSU project was entirely developed off-campus. \textbf{Unconvincing Results:} -The first results of the SSSM problem are encouraging for the eploration of MSSM and SSMM problems. -However, some unforeseen discovery could force to reevaluate the potential of this technology. -As presented before, there is plenty of alternative routes to explore for physics-based \gls{ids}. -First, there is room for improving the performances of the SSSM detector. -A better accuracy, a greater number of states, a lower training requirement or higher time-efficiency are all valuable improvements to pursue. +The first results of the SSSM problem are encouraging for the exploration of MSSM and SSMM problems. +However, some unforeseen discoveries could force us to reevaluate the potential of this technology. +As presented before, there are plenty of alternative routes to explore for physics-based \gls{ids}. +First, there is room for improving the performance of the SSSM detector. +A better accuracy, a greater number of states, a lower training requirement or higher time efficiency, are all valuable improvements to pursue. Second, the range of machines that can benefit from this technology is wide. -Experimentations with different machines for different use-cases can reveal unknown specific challenges. -Finally, complementary projects such as the xPSU, the covert channel, or the specific activities detectors are all interesting projects that would undoubtebly reveal new problems to explore. +Experimentations with different machines for different use cases can reveal unknown specific challenges. +Finally, complementary projects such as the xPSU, the covert channel, or the specific activity detectors are all interesting projects that would undoubtedly reveal new problems to explore. %There is no lack of interesting problems to study in the field of physics-based cyber-security. \section{Publications} -From the current work, multiple articles have been submitted for publications. +From the current work, multiple articles have been submitted for publication. \begin{itemize} - \item The initial results of the exploration of the \gls{eet} technology were compiled + \item The initial results of the exploration of the \gls{eet} technology were compiled in a paper presented in the MLCS workshop of the ECML-PKDD conference \cite{eet1_mlcs}. \item The resutls of the \gls{bpv} were detailed in a work-in-progress paper presented in EMSOFT 2021 \cite{grisel2022work}. -The complete the findings of this first paper, more experiment were conducted on a wider variety of machines and exploring diverse optimisations techniques. -A paper compiling these new findings is currently under review for QRS 2023. +To complete the findings of this first paper, more experiments were conducted on a wider variety of machines and exploring diverse optimization techniques. + A workshop paper compiling these new findings was accepted for QRS 2023 \cite{bpv_qrs}. - \item Also for submitted for QRS 2023, an article about \gls{dsd} is under review. + \item Also accepter for QRS 2023, an article about \gls{dsd} details the capabilities of the method to detect cybersecurity policies violation \cite{dsd_qrs}. \end{itemize} -For futur work, multiple conferences are apropriate for publishing. - -\begin{itemize} - \item KDD is a major conference in the domain of knowledge discovery and information mining. - The algorithmes developped for mining and identifying consumption patterns will make adequate submissions for this conferencee - \item QRS is a software-oriented conference with an interest for intrusion detection and security. - An evaluation of the intrusion detection capabilities of the different application of the physics-based IDS would make adequate submissions for this conference. - \item WIFS is an anual workshop centered on Security and Forensics. - Side projects like the power consumption covert channel or forensic capabilities of main work of this thesis would fit well in this workshop. -\end{itemize}