grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remove all ??, \agd, \cn

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-09-29 13:38:06 -04:00
parent 2ea0650c00
commit e1e9b0183e
4 changed files with 21 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

15
PhD/research_proposal/introduction.tex
View file

@ -15,16 +15,16 @@ A wide variety range of solutions are available to protect computer systems in g
Among them, \gls{ids} aim at detecting security policies violations or suspicious activities from or among computers.
Collection and analysis of data related to the machines activity often enable the detection.
If the \gls{ids} only consideres local ressources (e.g. CPU load, RAM data, disks read/write speed), then it is called \gls{hids}.
\gls{hids} have access to relevant local data\cn but they require to install a software on the machine (either for collection only or for local analysis).
\gls{hids} have access to relevant local data but they require to install a software on the machine (either for collection only or for local analysis).
This represent a potential flaw for multiple reasons.
First, the host machine may not be trusted and can be compromised, allowing the attacker to deploy stealth attacks \cite{10.1145/586110.586145}.
Second, an \gls{hids} can lack the broader vision required to detect intrusions distributed over a network of machines\cn.
Second, an \gls{hids} can lack the broader vision required to detect intrusions distributed over a network of machines.
Finally, the operation of the \gls{hids} may interfer with the critical operation of the system (for example if the \gls{hids} missbehave and block other operations).
For these reasons, \gls{hids} may be difficult to implement on a wide range of embedded systems.
The other main class of \gls{ids} aims at solving these issues.
\gls{nids} \cite{vigna1999netstat, bivens2002network} consider the communication between machines in a network to detect intrusions.
This solution does not require installing individual software on each machines and can detect network-level intrusions \cn.
This solution does not require installing individual software on each machines and can detect network-level intrusions.
However, \gls{nids} present their own concerns.
First, machine-specific attacks can remain undetected as only network information are accessible.
Then, they require the installation of dedicated equipment to collect network traffic.
@ -41,7 +41,7 @@ Modifying an existing system to add intrusion detection capabilities is expensiv
A third, under-exploited, source of information for embedded systems activity are the side-channels.
The side-channels are all the physical emissions that a machine involuntarely generates.
For example, the sound of a fan, the temperature of a CPU, or the power consumption of a \gls{psu} are common side-channels \cn.
For example, the sound of a fan, the temperature of a CPU, or the power consumption of a \gls{psu} are common side-channels.
\begin{figure}[H]
\centering
@ -68,13 +68,14 @@ A wide variety of side-channels have since been leveraged to recover information
Among them, power consumption is the most common and widely studied side-channel because of its numerous advantages.
Power consumption leaks information about the activity of an embedded system with a low inertia --- i.e., it can transmit high frequency information contrary to thermal ---, is easy to measure with low-cost equipment at specific points in a machine --- contrary to electromagnetic fields or sound --- and is guaranteed to be present in any system.
This combination of properties allow for a granular detection of a system activity, even at the instruction level.
Quisquater et al.~\cite{quisquater2002automatic} present an approach to identify instructions with the use of self-organizing maps, power analysis and analysis of electromagnetic traces.\agd{this citation comes out of nowhere}
Eisenbarth et al.~\cite{eisenbarth2010building} propose a methodology for recovering the instruction flow of microcontrollers using its power consumption.\agd{this citation comes out of nowhere}
%Quisquater et al.~\cite{quisquater2002automatic} present an approach to identify instructions with the use of self-organizing maps, power analysis and analysis of electromagnetic traces.\agd{this citation comes out of nowhere}
%Eisenbarth et al.~\cite{eisenbarth2010building} propose a methodology for recovering the instruction flow of microcontrollers using its power consumption.\agd{this citation comes out of nowhere}
Eventhough the information portential of side-channel analysis enable powerfull attacks, it also enables defensive capabilities.
Zhai et al.~\cite{zhai2015method} propose a self-organizing maps approach that uses features extracted from an embedded processor to detect abnormal behavior in embedded devices.
Different teams at Georgia Tech University leveraged power and electromagnetic backscattering \cite{8701559, jorgensen2022efficient} to detect hardware trojans and counterfeit integrated circuit.
Due to its non-intrusive and architectur-agnostic nature, power fingerprinting has a wide range of applications from energy production systems \cite{6378346}, Software Defined Radio compliance assesments \cite{5379826}, or applications activity on mobile devices \ref{8057232}.
Due to its non-intrusive and architectur-agnostic nature, power fingerprinting has a wide range of applications from energy production systems \cite{6378346}, Software Defined Radio compliance assesments \cite{5379826}, or applications activity on mobile devices \cite{8057232}.
Literature shows promising work in assessing integrity through cache monitoring~\cite{7163050} and power monitoring~\cite{10.1145/2976749.2978299}.
Works by Moreno et al. offer two building blocks for this work.
In~\cite{moreno2013non}, the team proposes a solution for non-intrusive debugging and program tracing using side-channel analysis.