grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deneir/resume/publications.json
Arthur Grisel-Davy d34d65dfbe start resume
2024-05-05 11:09:22 -04:00

50 lines
7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"publications":[
{
"title": "Work-in-Progress: Boot Sequence Integrity Verification with Power Analysis",
"date": "2022-10-07",
"venue": "International Conference on Embedded Software (EMSOFT)",
"authors": "Arthur Grisel-Davy, Amrita Milan Bhogayata, Srijan Pabbi, Apurva Narayan, Sebastian Fischmeister",
"abstract": "The current security mechanisms for embedded systems often rely on Intrusion Detection System (IDS) running on the system itself. This provides the detector with relevant internal resources but also exposes it to being bypassed by an attacker. If the host is compromised, its IDS can not be trusted anymore and becomes useless. Power consumption offers an accurate and trusted representation of the systems state that can be leveraged to verify its integrity during the boot sequence. We present a novel IDS that uses the side-channel power consumption of a target device to protect it against various firmware and hardware attacks. The proposed Boot Process Verifier (BPV) uses a combination of rule-based and machine-learning-based side-channel analysis to monitor and evaluate the integrity of different networking equipment with an overall accuracy of 0,942. The BPV is part of a new layer of cybersecurity mechanisms that leverage the physical emissions of devices for protection.",
"link": "https://ieeexplore.ieee.org/abstract/document/9934955?casa_token=Ewgb1ThfbJYAAAAA:g406L5EzABlPQhFCHx6KXbfIGkNQbldo9lHnwVjuwBv4fsertzVz2gmYHDpj8XOZGq9FguYzaDE",
"files": {
"Article":"BPV_EMSOFT.pdf"
}
},
{
"title": "MAD: One-Shot Machine Activity Detector for Physics-Based Cyber Security",
"date": "2023-09-22",
"venue": "International Conference on Software Security and Reliability (QRS)",
"authors": "Arthur Grisel-Davy, Sebastian Fischmeister",
"abstract": "Side channel analysis offers several advantages over traditional machine monitoring methods. The low intrusiveness, independence with the host, data reliability and difficulty to bypass are compelling arguments for using involuntary emissions as input for enforcing security policies. However, side-channel information often comes in the form of unlabeled time series of a proxy variable of the activity. Enabling the definition and enforcement of high-level security policies requires extracting the state or activity of the system from the input data. We present in this paper a novel time series, one-shot pattern locator and classifier called Machine Activity Detector (MAD) specifically designed and evaluated for side-channel analysis. We evaluate MAD in two case studies on a variety of machines and datasets where it outperforms other traditional state detection solutions and presents formidable performances for security rules enforcement. Results of state detection with MAD enable the definition and verification of high-level security rules to detect various attacks without any interaction with the monitored machine.",
"link": "https://ieeexplore.ieee.org/abstract/document/10366561?casa_token=LVq8bjQM7WIAAAAA:bBfGN6vm7HgZ0oZ-4c0JLIRSUhZLwq-CpohKgy8m9r-IHizgOUgUR7NYV6wwN8CxLtYnq31CXE8",
"files": {
"Article":"DSD_QRS.pdf"
},
"award": "Best Paper Award"
},
{
"title": "Independent Boot Process Verification using Side-Channel Power Analysis",
"date":"2023-09-22",
"venue":"International Conference on Software Security and Reliability(QRS)",
"authors":"Arthur Grisel-Davy, Sebastian Fischmeister",
"abstract":"Firmware attacks on embedded systems can have disastrous security implications. Through the firmware update mechanism, an attacker can tamper with the firmware to open known vulnerabilities, change security settings, or deploy custom backdoors, to pave the way for subsequent attacks or gain complete machine control. Firmware protection solutions often share the flaw of requiring the cooperation of the machine they aim to protect. If the machine gets compromised, the results from the protection mechanism become untrustworthy. One solution to this problem is to leverage an independent source of information to assess the integrity of the firmware and the boot-up sequence. In this paper, we propose a physics-based Intrusion Detection System called the Boot Process Verifier that only relies on side-channel power consumption measurement to verify the integrity of the boot-up sequence. The BPV works in complete independence from the machine to protect and requires only a few nominal training samples to establish a baseline of nominal behaviour. The range of application of this approach potentially extends to any embedded systems. We present three test cases that illustrate the performances of the BPV on micro-PC, network equipment (switches and wireless access points), and a drone.",
"link":"https://ieeexplore.ieee.org/abstract/document/10430037",
"files": {
"Article":"BPV_QRS.pdf"
}
},
{
"title": "Side-channel Based Runtime Intrusion Detection for Network Equipment",
"date":"2023-08-22",
"venue":"Machine Learning for Cybersecurity (MLCS)",
"authors":"Arthur Grisel-Davy, Goksen U. Guler, Julian Dickert, Philippe Vibien, Waleed Khan, Jack Morgan, Carlos Moreno, Sebastian Fischmeister",
"abstract":"Current security protection mechanisms for embedded systems often include running a Host-Based Intrusion Detection System (HIDS) on the system itself. HIDS cover a wide attack surface but still present some blind side and vulnerabilities. In the case of a compromized device, the detection capability of its HIDS becomes untrustworthy. In this context, embedded systems such as network equipment remain vulnerable to firmware and hardware tampering, as well as log manipulation. Side-channel emissions provide an independent and extrinsic source of information about the system, purely based on the physical by-product of its activities. Leveraging side-channel information, we propose a physics-based Intrusion Detection System (IDS) as an additional layer of protection for embedded systems. The physics-based IDS uses machine-learning-based power analysis to monitor and assess the behaviour and integrity of network equipment. The IDS successfully detects three different classes of attacks on an HP Procurve Network Switch 5406zl: (i) firmware manipulation with 99% accuracy, (ii)brute-force SSH login attempts with 98% accuracy, and (iii) hardware tampering with 100% accuracy. The machine-learning models require a small number of power traces for training and still achieve a high accuracy for attack detection. The concepts and techniques discussed in the paper can also extend to offer intrusion detection for embedded systems in general.",
"link":"",
"files": {
"Article":"EET1_MLCS.pdf"
}
}
]
}
Reference in a new issue View git blame Copy permalink