85 lines
6.6 KiB
TeX
85 lines
6.6 KiB
TeX
\chapter{Timetable}\label{chap:timetable}
|
|
The planned work is segmented into three main parts: finishing the \gls{dsd}, building the data acquisition system and building to algorithm for the single-source multi-measure system, and setting up an experiment for the multi-source single-measure system.
|
|
Each of these three parts has its own specificities and challenges that call for careful planning.
|
|
|
|
\section{Fall 2023}
|
|
This term will have a dual goal.
|
|
On one hand, finishing the \gls{dsd} paper and submitting it to a conference.
|
|
On the other, start working on the single-source multi-measure capture system.
|
|
The current capture system is composed of a box placed in series with the machine to monitor.
|
|
This system is reliable and serves its purpose perfectly, but it is not possible to fit in a more constrained space or able to measure multiple consumptions at once.
|
|
The single-source multi-measure system aims for integration in the machine with minimal modification to allow for easy \textit{drop-in} installation.
|
|
The goal could be a computer's \gls{psu} or an external box with multiple measurement systems.
|
|
In any case, the design and prototyping of this new measurement system is an important part of the single-source multi-measure system.
|
|
|
|
\section{Winter 2024}
|
|
Fall 2023 will be dedicated to designing and evaluating the single-source multi-measure system.
|
|
This work's challenge is enabling the processing of multi-variate time series to yield better results.
|
|
The system's performances will be put in perspective with the capabilities of the DSD (single-source single-measure).
|
|
A series of experiments will also provide a complementary evaluation of the performances of these new techniques.
|
|
The experiments will be collected in a paper with a publication aimed at the next term.
|
|
|
|
\section{Spring 2024}
|
|
After evaluating the single-source multi-measure system, a paper will summarize the findings and present the solution.
|
|
This term will also be dedicated to beginning the design of the multi-source single-measure system.
|
|
For this third system, the capture system is already available.
|
|
The workload is mainly centred on the design of the processing algorithm.
|
|
|
|
\section{Complementary Projects}
|
|
Although it is difficult to plan work after one year, there are some complementary projects that are worth exploring.
|
|
|
|
\textbf{Cover Channel:}
|
|
Some work in the literature explored the potential of power consumption as a covert channel.
|
|
This application complements the defense work that this thesis focuses on.
|
|
As an attacker trying to exfiltrate information from a machine, understanding the method of generating meaningful power consumption patterns is crucial.
|
|
This work provides insights into how different applications generate specific consumption patterns.
|
|
A 1b/s covert channel already successfully extracted a private ECDSA SSH key through AC/DC transformers with an MSSM setup.
|
|
The improved capabilities of this covert channel will serve as a complementary project for this thesis.
|
|
|
|
\textbf{Specific Activities Detection:}
|
|
Some user's activities carry so many potential threats that detecting them more rapidly is interesting.
|
|
For example, plugging in a USB device is an entry point for many attacks \cite{cannoles2017hacking, NISSIM2017675, su2017usb}.
|
|
Fortunately, USB devices have a direct impact on the power consumption of a machine as they draw their power from the host.
|
|
Detecting this specific event enables the collection of trusted logs useful for forensics or log verification tasks.
|
|
The current work on this problem is exploring signal processing methods to build a reliable detector with the least false positive rate while still detecting all USB events.
|
|
This problem is complementary to the more general pattern detection problem that this thesis explores as a reduction to practice that, once again, provides a better understanding of the variety of patterns present in a power consumption trace.
|
|
|
|
|
|
\section{Alternative Courses of Action}
|
|
Many unforeseen events can disturb a research plan spanning multiple years.
|
|
Although it is impossible to plan an alternative course of action for each case, here are some ways to continue this thesis under different conditions.
|
|
|
|
\textbf{Pandemic or Global Lockdown Situation:}
|
|
The recent years reminded us that a global lockdown can become a necessity in a matter of months.
|
|
Without access to the university, the work of this thesis remains possible.
|
|
Thanks to the great work of all the people at Palitronica Inc., the capture system is now a robust product deployable anywhere with an internet connection.
|
|
Many experiments were already performed outside of the lab, and it is even possible to store data on-premise for complete offline work.
|
|
I already experienced this situation in 2020 when the university closed, and I continued to work at home with some lab equipment.
|
|
The xPSU project was entirely developed off-campus.
|
|
|
|
\textbf{Unconvincing Results:}
|
|
The first results of the SSSM problem are encouraging for the exploration of MSSM and SSMM problems.
|
|
However, some unforeseen discoveries could force us to reevaluate the potential of this technology.
|
|
As presented before, there are plenty of alternative routes to explore for physics-based \gls{ids}.
|
|
First, there is room for improving the performance of the SSSM detector.
|
|
A better accuracy, a greater number of states, a lower training requirement or higher time efficiency, are all valuable improvements to pursue.
|
|
Second, the range of machines that can benefit from this technology is wide.
|
|
Experimentations with different machines for different use cases can reveal unknown specific challenges.
|
|
Finally, complementary projects such as the xPSU, the covert channel, or the specific activity detectors are all interesting projects that would undoubtedly reveal new problems to explore.
|
|
|
|
%There is no lack of interesting problems to study in the field of physics-based cyber-security.
|
|
|
|
\section{Publications}
|
|
|
|
From the current work, multiple articles have been submitted for publication.
|
|
|
|
\begin{itemize}
|
|
\item The initial results of the exploration of the \gls{eet} technology were compiled in a paper presented in the MLCS workshop of the ECML-PKDD conference \cite{eet1_mlcs}.
|
|
|
|
\item The resutls of the \gls{bpv} were detailed in a work-in-progress paper presented in EMSOFT 2021 \cite{grisel2022work}.
|
|
To complete the findings of this first paper, more experiments were conducted on a wider variety of machines and exploring diverse optimization techniques.
|
|
A workshop paper compiling these new findings was accepted for QRS 2023 \cite{bpv_qrs}.
|
|
|
|
\item Also accepter for QRS 2023, an article about \gls{dsd} details the capabilities of the method to detect cybersecurity policies violation \cite{dsd_qrs}.
|
|
\end{itemize}
|
|
|