grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deneir/PhD/research_proposal/timetable.tex
Arthur Grisel-Davy 68afe79049 update publications list
2023-06-28 15:58:53 -04:00

101 lines
7.6 KiB
TeX
Raw Blame History

\chapter{Timetable}\label{chap:timetable}
The planned work is segmented into three main parts: finishing the \gls{dsd}, building the data acquisition system and building to algorithm for the single-source multi-measure system, and setting up an experiment for the multi-source single-measure system.
Each of these three parts has its own specificities and challenges that call for careful planning.
\section{Spring 2023}
The main focus for this term is the writing of the \gls{dsd} paper.
The algorithm has now reached a satisfactory state with a good range of detection and useful precision.
However, more experiments are required to evaluate the robustness and capabilities of the detector in a wider variety of situations.
The goal for this paper is the submission to a major conference in the next term.
\section{Fall 2023}
This term will have a dual goal.
On one hand, finishing the \gls{dsd} paper and submitting it to a conference.
On the other, start working on the single-source multi-measure capture system.
The current capture system is composed of a PoE box that is placed in series with the machine to monitor.
This system is reliable and serves its purpose perfectly, but it is not possible to fit in a more constrained space or able to measure multiple consumptions at once.
The single-source multi-measure system aims for integration in the machine with minimal modification to allow for easy \textit{drop-in} installation.
The goal could be a computer's \gls{psu} or an external box with multiple measurement systems.
In any case, the design and prototyping of this new measurement system is an important part of the single-source multi-measure system.
\section{Winter 2024}
Fall 2023 will be dedicated to designing and evaluating the single-source multi-measure system.
The challenge of this work is to enable the processing of multi-variate time series to yield better results.
The system's performances will be put in perspective with the capabilities of the DSD (single-source single-measure).
A series of experiments will also provide a complementary evaluation of the performances of these new techniques.
The experiments will be collected in a paper with a publication aimed at the next term.
\section{Spring 2024}
After evaluating the single-source multi-measure system, a paper will summarize the findings and present the solution.
This term will also be dedicated to beginning the design of the multi-source single-measure system.
For this third system, the capture system is already available.
The workload is mainly centred on the design of the processing algorithm.
\section{Complementary Projects}
Although it is difficult to plan work after one year, there are some complementary projects that I intend on exploring.
\textbf{Cover Channel:}
Some work in the litterature explored potential of power consumption as a covert channel.
This application is complementary with the defense work I am focusing on in this thesis.
As an attacker trying to exfiltrate information from a machine, understanding the method from generating meaningfull power consumption patterns is crucial.
This work provide insights on how different applications generate specific consumption patterns.
A 1b/s covert channel already successfully extracted a private ECDSA SSH key through AC/DC transformers with an MSSM setup.
I intend on improving the capabilities of this covert channel as a complementary project for this thesis.
\textbf{Specific Activities Detection:}
Some users activities carry so much potential threats that detecting them quickly is interesting.
For example, plugging in a USB device is an entry point for many attacks \cite{cannoles2017hacking, NISSIM2017675, su2017usb}.
Fortunately, USB devices have a direct impact on the power consumption of a machine as they draw their power from the host.
Detecting this specific event enable the collection of trusted logs usefull for forensics or log verification tasks.
The current work on this problem is exploring signal processing methods to build a reliable detector with the least false positive rate while still detecting all USB events.
This problem is complementary to the more general pattern detection problem that this thesis explores as a reduction to practice that, once again, provide a better understanding of the variety of patterns present in a power consumption trace.
\section{Alternative Courses of Action}
Many unforseen event can disturb a a research plan on multiple years.
Although it is not possible to plan an alternative course of action for each case, here are some ways to continue this thesis under different conditions.
\textbf{Pandemic or Global Lockdown Situation:}
The recent years reminded us that a global lockdown can become a necessity in a matter of months.
Without access to the university, the xork of this thesis remain possible.
Thanks to the great work of all the people at Palitronica Inc. the capture system is deployable anywhere with an internet connection.
Many experiment were already performed outside of the lab and it is even possible to store data on premise for complete offline work.
I already experienced this situation in 2020 when the university closed and I continued the work at home with some lab equipement.
The xPSU project was entirely developped off-campus.
\textbf{Unconvincing Results:}
The first results of the SSSM problem are encouraging for the eploration of MSSM and SSMM problems.
However, some unforeseen discovery could force to reevaluate the potential of this technology.
As presented before, there is plenty of alternative routes to explore for physics-based \gls{ids}.
First, there is room for improving the performances of the SSSM detector.
A better accuracy, a greater number of states, a lower training requirement or higher time-efficiency are all valuable improvements to pursue.
Second, the range of machines that can benefit from this technology is wide.
Experimentations with different machines for different use-cases can reveal unknown specific challenges.
Finally, complementary projects such as the xPSU, the covert channel, or the specific activities detectors are all interesting projects that would undoubtebly reveal new problems to explore.
%There is no lack of interesting problems to study in the field of physics-based cyber-security.
\section{Publications}
From the current work, multiple articles have been submitted for publications.
\begin{itemize}
\item The initial results of the exploration of the \gls{eet} technology were compiled
\item The resutls of the \gls{bpv} were detailed in a work-in-progress paper presented in EMSOFT 2021 \cite{grisel2022work}.
The complete the findings of this first paper, more experiment were conducted on a wider variety of machines and exploring diverse optimisations techniques.
A paper compiling these new findings is currently under review for QRS 2023.
\item Also for submitted for QRS 2023, an article about \gls{dsd} is under review.
\end{itemize}
For futur work, multiple conferences are apropriate for publishing.
\begin{itemize}
\item KDD is a major conference in the domain of knowledge discovery and information mining.
The algorithmes developped for mining and identifying consumption patterns will make adequate submissions for this conferencee
\item QRS is a software-oriented conference with an interest for intrusion detection and security.
An evaluation of the intrusion detection capabilities of the different application of the physics-based IDS would make adequate submissions for this conference.
\item WIFS is an anual workshop centered on Security and Forensics.
Side projects like the power consumption covert channel or forensic capabilities of main work of this thesis would fit well in this workshop.
\end{itemize}
Reference in a new issue View git blame Copy permalink