merge

scolarship_CPI/research.typ

@@ -1,6 +1,7 @@
 #import "@preview/acrostiche:0.3.0": *
 
 #set page("us-letter",
+margin: (x:1.8cm, top:2cm, bottom:1cm),
   header: [
       #set text(8pt)
       #smallcaps[Arthur Grisel-Davy]
@@ -24,15 +25,40 @@
 #v(0pt)
 #line(length:100%, stroke: 2pt)
 
-My research projects, as a Ph.D. student, all revolve around the concepts of enforcing security policies or detecting abnormal behavior using the power consumption of an embedded system.
-The power consumption, like other side-channel emmissions --- noise, temperature, or timing information for example---, are, from a computation point of view, a necessary but useless by-product that the machine has to deal with.
-However, for a few decades now, researchers and have found ways to leverage these seemingly useless information channels to extract insights about the machine states and activities.
-Although primalarily leveraging these information to design attacks, the research on side-channel analysis also proposes to consider them as a source of information to power defense mechanismes with their own intrisec characteristics.
-These mechanisms require the use or developement of processing algorithm to overcome the non-actionable nature of raw time series and extract the information embedded in the collected data.
-My projects focuses on exploring the applicability of side-channel (or physics-based) #acr("IDS") through the developement of processing algorithms and decision models.
+As a Ph.D. student, my research projects revolve around enforcing security policies or detecting abnormal behaviour
+using embedded systems’ power consumption. The power consumption, like other side-channel emissions — noise,
+temperature, or timing information for example —, are, from a computation point of view, a necessary but useless by-product that the machine has to deal with. However, for a few decades, researchers have found ways to leverage theseseemingly useless information channels to extract insights about machine states and activities. Although primarily
+leveraging this information to design attacks, the research on side-channel analysis also proposes considering them
+as a source of information to power defense mechanisms with their own intrinsic characteristics. These mechanisms
+require the use or development of a processing algorithm to overcome the non-actionable nature of raw time series
+and extract the information embedded in the collected data. My projects focus on exploring the applicability of side-channel (or physics-based) Intrusion Detection System (IDS) through the development of processing algorithms and
+decision models.
 
 = Boot Process Verification
-The boot sequence of a machine is a critical state for the machine security.
-The bootloader and firmware that executes during this sequence controles the lowest level of software that sets important security parameter.
-Moreover, this is a particularily vulnerable sequence as no host-based #acr("IDS") is running.
-There are hardware-based mechanisms, often leveraging cryptographic sugnatures, that strive to prevent firmware tampering, but studies illustrated the possibility to bypass them #cn.
+The boot sequence of a machine is a critical state for the machine’s security. The bootloader and firmware that executes
+during this sequence control the lowest level of software, which sets important security parameters. Moreover, this
+is a particularly vulnerable sequence as no host-based IDS is running. There are hardware-based mechanisms, often
+leveraging cryptographic signatures, that strive to prevent firmware tampering, but studies illustrated the possibility of bypassing them. One of my research projects was the development of a boot sequence verifier based on power traces.
+This approach is fully independent from the target system — and thus not bypassable —, can leverage data even before
+the machine starts and provides an additional layer of protection against firmware tampering.
+
+= Device State Detection
+Once the machine starts, the power consumption is a useful runtime monitoring input. The ability to detect a machine’s
+state is crucial for anomaly detection, rule mining, policy enforcement, and predictive maintenance. However, log collection systems can be the target of attackers, suffer malfunction, or simply not be compatible with bespoke embedded
+systems. The power consumption, on the other hand, is ubiquitous across all embedded systems, easy and reliable to
+measure, and contains information about the target state. Leveraging this power consumption to infer the state of a
+machine requires the development of a pattern recognition algorithm. I proposed an approach to this problem in the
+context of rare events in which training data is reduced to a single sample per label.
+
+= Log Verification
+Logs from applications and operating systems are a valuable source of information for host-based IDS. However, logs
+are not reliable as they are produced and reported by software running on the machine to protect. This means that the
+logs that help detect intrusions are only trustworthy when there is no intrusion. Once again, power consumption can
+provide a secondary, independent and trusted source of information for validating the integrity of a log journal. This
+problem is complex due to the high dimensionality of both time and event series and the intrinsic hybrid nature of the
+input data. It is, however, a compelling problem to study with broad applications that I am currently working on.
+
+= Miscellaneous
+In addition to these broad projects, my studies led me to explore satellite projects and domains such as a power-cable-based bidirectional covert channel, the design of a PCB for the automated capture and analysis of USB-C power
+for laptops and mobile devices, and the collaboration on a trust-management system leveraging physics-based state
+recognition.