17 lines
1.8 KiB
TeX
17 lines
1.8 KiB
TeX
\chapter{Conclusion}
|
|
The problem of leveraging power side-channel analysis to defend embedded systems presents unique capabilities.
|
|
Contrary to current common \glspl{ids} techniques, physics-based security is not built on purpose-made actionable data.
|
|
The very nature of the input information sets this technique aside.
|
|
Power consumption is closely related to instruction execution, making it a good proxy variable for machine activity.
|
|
Moreover, power is easy and cheap to measure reliably at a high sampling rate, enabling analysis of any machine consuming electricity.
|
|
Finally, a sequence of instructions is generally related to a unique power consumption pattern.
|
|
This \textit{one-to-one} relationship allows us to consider the power consumption as a signature for software of machine activity.
|
|
However, power consumption is not an actionable information.
|
|
Little can be extracted from the raw time series format about the machine's activity or integrity.
|
|
To enable further analysis, a set of algorithms is required for both runtime online analysis and offline monitoring of specific activity.
|
|
|
|
The full range of capabilities remains to be discovered.
|
|
Successful runtime monitoring enables the detection of activity policy violations, anomalous activity detection, machine failure detection or distributed attacks.
|
|
Pre-OS monitoring enables the detection of boot process violation at a level where common \glspl{hids} are not enabled yet and \glspl{nids} are blind.
|
|
Developing robust and practical time series analysis techniques for the specific application of activity recognition from machine's power consumption would enable the exploration of all these applications.
|
|
Among all the many possible directions, this proposal presents the problems of activity recognition as the main stepping stone in the development of physics-based \glspl{ids}.
|