statement incoherent IDS
This commit is contained in:
Arthur Grisel-Davy
parent
31819bb3f4
commit
3fcea8ade0
1 changed files with 3 additions and 0 deletions
|
|
@ -105,6 +105,9 @@ The integrity verification can also be performed at run-time as part of the firm
|
||||||
The above solutions to firmware attacks share the common flaw of being applied to the same machine they are installed on.
|
The above solutions to firmware attacks share the common flaw of being applied to the same machine they are installed on.
|
||||||
This allows an attacker to bypass these countermeasures after infecting the machine.
|
This allows an attacker to bypass these countermeasures after infecting the machine.
|
||||||
An attacker that could avoid triggering a verification, tamper with the verification mechanism, feed forged data to the verification mechanism, or falsify the verification report could render any defense useless.
|
An attacker that could avoid triggering a verification, tamper with the verification mechanism, feed forged data to the verification mechanism, or falsify the verification report could render any defense useless.
|
||||||
|
//This idea of necessary independence between target and the @IDS can be summarize with teh following statement.\
|
||||||
|
//#align(center,text(weight: "bold", [An @IDS is incoherent if its deployement requires the cooperation of the entity it pretends to protect.]))
|
||||||
|
|
||||||
@IDS are subjected to a trade-off between having access to relevant and meaningful information and keeping the detection mechanism separated from the target machine.
|
@IDS are subjected to a trade-off between having access to relevant and meaningful information and keeping the detection mechanism separated from the target machine.
|
||||||
Our solution addresses this trade-off by leveraging side-channel information.
|
Our solution addresses this trade-off by leveraging side-channel information.
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue