From 7335d083b67853665c667cd7a03c36e6a1db49e2 Mon Sep 17 00:00:00 2001 From: Arthur Grisel-Davy Date: Tue, 3 Oct 2023 06:06:16 -0400 Subject: [PATCH] final changes to conclusion --- PhD/research_proposal/conclusion.tex | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/PhD/research_proposal/conclusion.tex b/PhD/research_proposal/conclusion.tex index da74e2f..a187e93 100644 --- a/PhD/research_proposal/conclusion.tex +++ b/PhD/research_proposal/conclusion.tex @@ -2,16 +2,16 @@ The problem of leveraging power side-channel analysis to defend embedded systems presents unique capabilities. Contrary to current common \glspl{ids} techniques, physics-based security is not built on purpose-made actionable data. The very nature of the input information sets this technique aside. -Power consumption is closely related to instruction execution and makes it a good proxy variable for machine activity. +Power consumption is closely related to instruction execution, making it a good proxy variable for machine activity. Moreover, power is easy and cheap to measure reliably at a high sampling rate, enabling analysis of any machine consuming electricity. Finally, a sequence of instructions is generally related to a unique power consumption pattern. This \textit{one-to-one} relationship allows us to consider the power consumption as a signature for software of machine activity. However, power consumption is not an actionable information. -Little can be extracted from the raw time series format about the machine's activity or integrity. +Little can be extracted from the raw time series format about the machine's activity or integrity. To enable further analysis, a set of algorithms is required for both runtime online analysis and offline monitoring of specific activity. + The full range of capabilities remains to be discovered. Successful runtime monitoring enables the detection of activity policy violations, anomalous activity detection, machine failure detection or distributed attacks. -On the other hand, pre-OS monitoring enables the detection of boot process violation at a level where common \glspl{ids} are not enabled yet. -These are just some of the possible applications of this technology, with many more to discovered. - - +Pre-OS monitoring enables the detection of boot process violation at a level where common \glspl{hids} are not enabled yet and \glspl{nids} are blind. +Developing robust and practical time series analysis techniques for the specific application of activity recognition from machine's power consumption would enable the exploration of all these applications. +Among all the many possible directions, this proposal presents the problems of activity recognition as the main stepping stone in the development of physics-based \glspl{ids}.