84 lines
2.1 KiB
Typst
84 lines
2.1 KiB
Typst
#import "@preview/polylux:0.3.1": *
|
|
#import themes.metropolis: *
|
|
|
|
#show: metropolis-theme.with(
|
|
footer: [CC BY-NC-SA]
|
|
)
|
|
|
|
#set text(font: "STIX Two Text", weight: "light", size: 20pt)
|
|
#show math.equation: set text(font: "STIX Two Text")
|
|
#set strong(delta: 100)
|
|
#set par(justify: true)
|
|
|
|
#title-slide(
|
|
author: [Arthur Grisel-Davy],
|
|
title: "Seminar: Process-Power Consistency as Sanity Check",
|
|
subtitle: "Subtitle",
|
|
date: "September 2024",
|
|
extra: ""
|
|
)
|
|
|
|
#slide(title: "State of the IDS")[
|
|
// Most IDS rely on host-based information
|
|
// Process List is a very common default info to verify
|
|
]
|
|
#slide(title:"State of the IDS")[
|
|
// Process masquerading is trivialy posible and used by many attacks (Mitre AttCK list)
|
|
|
|
]
|
|
#slide(title:"State of the IDS")[
|
|
// Countermeasure to process masquerading
|
|
Listed by MITRE|ATT&CK:
|
|
- Monitor OS API Calls (e.g. forks)
|
|
- Monitor process creation source.
|
|
Listed by Red Canary:
|
|
- Heuristic on process properties (name, location, etc.)
|
|
|
|
#uncover(2)[#align(center)[#text(fill:red, weight:"bold")[All Host-Based Methods!]]]
|
|
]
|
|
|
|
#slide(title:"State of the IDS")[
|
|
#align(center)[You would not blindly trust the saying of a hostage, they might be speaking under threat]
|
|
]
|
|
|
|
#slide(title:"Process List Verification")[
|
|
// We can't stop using the process list, so let's try to verify it
|
|
// Power as a trusted source of information
|
|
#only(1)[#align(center)[#image("images/wein_1.svg", height:100%)]]
|
|
#only(2)[#align(center)[#image("images/wein_2.svg", height:100%)]]
|
|
#only(3)[#align(center)[#image("images/wein_3.svg", height:100%)]]
|
|
|
|
]
|
|
|
|
#slide(title:"Power Side-Channel")[
|
|
// Why is power trusted
|
|
// Why is it correlated with the process list
|
|
// Why is it the best/most practical side-channel
|
|
Power is:
|
|
- Easy to measure (at high sampling rate)
|
|
- Position independant
|
|
- Ubiquitus
|
|
- Scaling from global to granular
|
|
]
|
|
|
|
#slide(title:"Experimental Setup")[
|
|
// Setup of the experiment
|
|
// What data to gather
|
|
// Log data
|
|
// Power data (comparison hardware/software)
|
|
// Resulting dataset
|
|
]
|
|
|
|
#slide(title:"Problem Statement")[
|
|
]
|
|
|
|
#slide(title:"Proposed Approach")[
|
|
// Proposed approach
|
|
//
|
|
]
|
|
|
|
#slide(title:"Evaluation")[
|
|
]
|
|
|
|
#slide(title:"Future Developements")[
|
|
]
|