论文信息 - Estimating and Measuring Covert Channel Bandwidth in Multilevel Secure Operating Systems

Estimating and Measuring Covert Channel Bandwidth in Multilevel Secure Operating Systems

Covert channels are illicit means of leaking sensitive or private information through system global variables that usually are not part of the interpretation of data objects in the security model. We discovered that some covert channels can be modeled as finite-state graphs while others cannot. By using various techniques given in the paper, multiple bits of information can be simultaneously transferred through single or multiple covert channels. We present methods to determine and estimate the maximum bandwidths of both finite-state and infinite-state channels, and give the problems and basic rules for their measurement.

Shiuh-Pyng Shieh

[1] Virgil D. Gligor,et al. A Formal Method for the Identification of Covert Storage Channels in Source Code , 1987, 1987 IEEE Symposium on Security and Privacy.

[2] Richard A. Kemmerer,et al. Shared resource matrix methodology: an approach to identifying storage and timing channels , 1983, TOCS.

[3] R. Gallager. Information Theory and Reliable Communication , 1968 .

[4] J. C. Huskamp. Covert communication channels in timesharing systems , 1978 .

[5] Virgil D. Gligor,et al. A bandwidth computation model for covert storage channels and its applications , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[6] Steven B. Lipner,et al. A comment on the confinement problem , 1975, SOSP.

[7] Jonathan K. Millen. Finite-state noiseless covert channels , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[8] Virgil D. Gligor,et al. Design and Implementation of Secure Xenix , 1987, IEEE Transactions on Software Engineering.

[9] Shiuh-Pyng Shieh,et al. Detecting Illicit Leakage of Information in Operating Systems , 1996, J. Comput. Secur..

[10] Virgil D. Gligor,et al. A guide to understanding covert channel analysis of trusted systems , 1993 .

[11] Butler W. Lampson,et al. A note on the confinement problem , 1973, CACM.