back up to date
This commit is contained in:
Arthur Grisel-Davy
parent
032ec32da7
commit
f4eec6ea31
12 changed files with 9424 additions and 17 deletions
|
|
@ -16,7 +16,7 @@
|
|||
\usepackage{xspace}
|
||||
|
||||
\title{Side-channel Based Runtime Intrusion Detection for Network Equipment}
|
||||
\subtitle{}
|
||||
\subtitle{Arthur Grisel-Davy, Goksen U. Guler, Julian Dickert, Philippe Vibien, Waleed Khan, Jack Morgan, Carlos Moreno, Sebastian Fischmeister.}
|
||||
\date{}
|
||||
\author{Arthur Grisel-Davy, agriseld@uwaterloo.ca}
|
||||
\institute{University of Waterloo, Canada}
|
||||
|
|
@ -30,27 +30,42 @@
|
|||
\begin{frame}{Introduction}
|
||||
\begin{center}
|
||||
{\LARGE We cannot entrust machines to assess their own integrity.}\\
|
||||
\vspace{1.5cm}
|
||||
{\LARGE Integrity assessement require access to relevant information.}
|
||||
\vspace{1cm}
|
||||
\includegraphics[width=0.9\textwidth]{images/trust.pdf}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Common IDS Solution}
|
||||
\begin{frame}{Introduction}
|
||||
\begin{center}
|
||||
{\LARGE Process assessement requires process-related information.}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Introduction}
|
||||
\begin{center}
|
||||
{\LARGE Get information without machine cooperation\\
|
||||
$\downarrow$\\
|
||||
Side-Channel Analysis}
|
||||
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Common IDS Solutions}
|
||||
\begin{center}
|
||||
\includegraphics[width=\textwidth]{images/main_illustration_1.pdf}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
\begin{frame}{Common IDS Solution}
|
||||
\begin{frame}{Common IDS Solutions}
|
||||
\begin{center}
|
||||
\includegraphics[width=\textwidth]{images/main_illustration_2.pdf}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
\begin{frame}{Common IDS Solution}
|
||||
\begin{frame}{Common IDS Solutions}
|
||||
\begin{center}
|
||||
\includegraphics[width=\textwidth]{images/main_illustration_3.pdf}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
\begin{frame}{Common IDS Solution}
|
||||
\begin{frame}{Common IDS Solutions}
|
||||
\begin{center}
|
||||
\includegraphics[width=\textwidth]{images/main_illustration_4.pdf}
|
||||
\end{center}
|
||||
|
|
@ -59,9 +74,9 @@
|
|||
\begin{frame}{Threat Model}
|
||||
\only<1>{\begin{tcolorbox}[colback=orange!5!white,colframe=orange!50!black,
|
||||
colbacktitle=orange!75!black,title=Firmware Manipulation]
|
||||
Change settings, upgrade/downgrade firmware, Replace firmware.
|
||||
Change settings, Upgrade/Downgrade firmware, Replace firmware.
|
||||
\tcblower
|
||||
Machine takeover, Advanced Persistent Threats.
|
||||
Machine takeover, Advanced Persistent Threats (APT).
|
||||
\end{tcolorbox}
|
||||
|
||||
\begin{tcolorbox}[colback=orange!75!black,colframe=orange!50!black, coltext=white]
|
||||
|
|
@ -79,7 +94,7 @@
|
|||
|
||||
\begin{tcolorbox}[colback=orange!5!white,colframe=orange!50!black,
|
||||
colbacktitle=orange!75!black,title=Runtime Monitoring]
|
||||
Log tampering, login (brute force/dictionary) attacks.
|
||||
Log tampering, Login (brute force/dictionary) attacks.
|
||||
\tcblower
|
||||
Intrusion, Covert operations.
|
||||
\end{tcolorbox}
|
||||
|
|
@ -100,9 +115,9 @@
|
|||
|
||||
\begin{tcolorbox}[colback=orange!5!white,colframe=orange!50!black,
|
||||
colbacktitle=orange!75!black,title=Hardware Tampering]
|
||||
Installation/removal of peripherals.
|
||||
Installation/Removal of peripherals.
|
||||
\tcblower
|
||||
MAC Flooding attacks.
|
||||
MAC flooding attacks.
|
||||
\end{tcolorbox}
|
||||
}
|
||||
|
||||
|
|
@ -138,8 +153,9 @@ Experiment 1: Classifying Firmware Version
|
|||
\end{frame}
|
||||
|
||||
\begin{frame}{Experiment Family I - Firmware Manipulation}
|
||||
Experiment 2: Detecting changes in subsequent firmware traces.
|
||||
\begin{center}
|
||||
\includegraphics[height=0.9\textheight]{images/fam_I_exp_2.pdf}
|
||||
\includegraphics[height=0.8\textheight]{images/fam_I_exp_2.pdf}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
|
|
@ -252,21 +268,26 @@ Experiment 1: Detecting SSH Login Attempts
|
|||
\begin{itemize}
|
||||
\item Host-independance
|
||||
\item Fail-safe design
|
||||
\item Relevant and trustworthy input data
|
||||
\end{itemize}
|
||||
\end{tcolorbox}
|
||||
|
||||
\begin{tcolorbox}[colback=orange!5!white,colframe=orange!50!black,
|
||||
colbacktitle=orange!75!black,title=Capabilities]
|
||||
\begin{itemize}
|
||||
\item Boot Process Assessement \footnote{Work-in-Progress: Boot Sequence Integrity Verification with Power Analysis, EMSOFT 22}.
|
||||
\item Boot process assessement (published and submited work)\footnote{Work-in-Progress: Boot Sequence Integrity Verification with Power Analysis, EMSOFT 22}.
|
||||
|
||||
\item Run-time Monitoring / Log Verification.
|
||||
\item Hardware Tampering Detection.
|
||||
\item Run-time monitoring / Log verification. (submited work)
|
||||
\item Hardware tampering detection.
|
||||
\end{itemize}
|
||||
\end{tcolorbox}
|
||||
}
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}{Thank You}
|
||||
Paper: Side-channel Based Runtime Intrusion Detection for Network Equipment\\
|
||||
Contact: \textbf{agriseld@uwaterloo.ca}
|
||||
\end{frame}
|
||||
|
||||
\end{document}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue