grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deneir/scolarship_CPI/research.typ
Arthur Grisel-Davy feaee51248 resotre old files
2024-06-25 10:48:39 -04:00

64 lines
4.3 KiB
Typst
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#import "@preview/acrostiche:0.3.0": *
#set page("us-letter",
margin: (x:1.8cm, top:2cm, bottom:1cm),
header: [
#set text(8pt)
#smallcaps[Arthur Grisel-Davy]
#h(1fr) _CPI Scholarship Application_
],
)
#init-acronyms((
"IDS": ("Intrusion Detection System"),
))
#let cn = {text(fill:purple, weight:"bold")[#smallcaps[\[citation needed\]]]}
#set par(
first-line-indent: 1em,
justify: true,
)
#text(weight: "bold", size: 2em)[Areas of Research]
#v(0pt)
#line(length:100%, stroke: 2pt)
As a Ph.D. student, my research projects revolve around enforcing security policies or detecting abnormal behaviour
using embedded systems power consumption. The power consumption, like other side-channel emissions noise,
temperature, or timing information for example —, are, from a computation point of view, a necessary but useless by-product that the machine has to deal with. However, for a few decades, researchers have found ways to leverage theseseemingly useless information channels to extract insights about machine states and activities. Although primarily
leveraging this information to design attacks, the research on side-channel analysis also proposes considering them
as a source of information to power defense mechanisms with their own intrinsic characteristics. These mechanisms
require the use or development of a processing algorithm to overcome the non-actionable nature of raw time series
and extract the information embedded in the collected data. My projects focus on exploring the applicability of side-channel (or physics-based) Intrusion Detection System (IDS) through the development of processing algorithms and
decision models.
= Boot Process Verification
The boot sequence of a machine is a critical state for the machines security. The bootloader and firmware that executes
during this sequence control the lowest level of software, which sets important security parameters. Moreover, this
is a particularly vulnerable sequence as no host-based IDS is running. There are hardware-based mechanisms, often
leveraging cryptographic signatures, that strive to prevent firmware tampering, but studies illustrated the possibility of bypassing them. One of my research projects was the development of a boot sequence verifier based on power traces.
This approach is fully independent from the target system and thus not bypassable —, can leverage data even before
the machine starts and provides an additional layer of protection against firmware tampering.
= Device State Detection
Once the machine starts, the power consumption is a useful runtime monitoring input. The ability to detect a machines
state is crucial for anomaly detection, rule mining, policy enforcement, and predictive maintenance. However, log collection systems can be the target of attackers, suffer malfunction, or simply not be compatible with bespoke embedded
systems. The power consumption, on the other hand, is ubiquitous across all embedded systems, easy and reliable to
measure, and contains information about the target state. Leveraging this power consumption to infer the state of a
machine requires the development of a pattern recognition algorithm. I proposed an approach to this problem in the
context of rare events in which training data is reduced to a single sample per label.
= Log Verification
Logs from applications and operating systems are a valuable source of information for host-based IDS. However, logs
are not reliable as they are produced and reported by software running on the machine to protect. This means that the
logs that help detect intrusions are only trustworthy when there is no intrusion. Once again, power consumption can
provide a secondary, independent and trusted source of information for validating the integrity of a log journal. This
problem is complex due to the high dimensionality of both time and event series and the intrinsic hybrid nature of the
input data. It is, however, a compelling problem to study with broad applications that I am currently working on.
= Miscellaneous
In addition to these broad projects, my studies led me to explore satellite projects and domains such as a power-cable-based bidirectional covert channel, the design of a PCB for the automated capture and analysis of USB-C power
for laptops and mobile devices, and the collaboration on a trust-management system leveraging physics-based state
recognition.
Reference in a new issue View git blame Copy permalink