Covert Channel Detection Using Process Query Systems

In this paper we use traffic analysis to investigate a stealthy form of data exfiltration. We present an approach to detect covert channels based on a Process Query System (PQS), a new type of information retrieval technology in which queries are expressed as process descriptions.

[1]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[2]  Richard A. Kemmerer,et al.  Shared resource matrix methodology: an approach to identifying storage and timing channels , 1983, TOCS.

[3]  Hilarie Orman,et al.  Covert Channel Elimination Protocols , 1996 .

[4]  Bruce E. Hajek,et al.  An information-theoretic and game-theoretic study of timing channels , 2002, IEEE Trans. Inf. Theory.

[5]  Richard A. Kemmerer,et al.  A practical approach to identifying storage and timing channels: twenty years later , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[6]  Vincent H. Berk,et al.  An overview of process query systems , 2004, SPIE Defense + Commercial Sensing.

[7]  Vincent H. Berk,et al.  Implementing Large-Scale Autonomic Server Monitoring Using Process Query Systems , 2005, Second International Conference on Autonomic Computing (ICAC'05).

[8]  Vincent H. Berk,et al.  Process query systems for network security monitoring , 2005, SPIE Defense + Commercial Sensing.