CalvinBackup/CS35L27-Covert-Channel-Analysis
1
0
Fork 0
mirror of https://github.com/JGoyd/CS35L27-Covert-Channel-Analysis.git synced 2026-06-06 12:03:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add comparison-and-correlation.md with correlation table and expectation comparison from analysis report.

Browse Source
This commit is contained in:
Joseph Goydish II
2025-12-19 18:34:32 -05:00
parent 772c469dff
commit dd4a7039c0
1 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
report/comparison-and-correlation.md
+31
View File
@@ -0,0 +1,31 @@
# Comparison and Correlation Report
## Section 1: Firmware vs. Runtime Correlation Table
| Firmware Feature / Function | Expected Runtime Behavior | Observed Behavior | Correlation Strength |
|---------------------------------|-------------------------------------|----------------------------|---------------------|
| Secure Init Sequence | System boots with verification | Matches expectation | High |
| Config Param 'debug_mode' = 0 | No extra debug output | No debug output observed | High |
| User Auth Check Present | Requires authentication consistently| Inconsistent (see below) | Medium |
| Hidden Function: backdoor() | No invocation in clean firmware | Triggered in backdoor run | High (backdoor only)|
| CRC Verification Enabled | Only valid firmware loads | Matches expectation | High |
> Table interpretation: Entries in the observed behavior column are based on runtime traces and logs. Correlation strength is assessed as High/Medium/Low based on coverage between firmware expectation and actual trace.
## Section 2: Comparison to Expectations
### Clean Firmware
- **Expectation:** All security checks active; no unauthorized pathways; firmware behaves as documented.
- **Observed:** All runtime behaviors matched expectations. No surprising side effects or runtime anomalies detected.
### Backdoor Firmware
- **Expectation:** Presence of a concealed function which can bypass authentication or provide root access when triggered with a specific input/state.
- **Observed:** Backdoor function detected and invoked under specific test conditions. System granted elevated permissions without standard authentication. All other behaviors were as per clean firmware.
### Summary of Observed Results
- Clean firmware displayed full conformance to security expectations.
- Backdoor firmware confirmed to exhibit correlation between a firmware function and an exploitable runtime path, validating the analysis hypothesis.
---
_This report summarizes the cross-comparison between firmware static structure and runtime analysis along with validation against security expectations._