Information-Theoretic Modeling and Analysis of Interrupt-Related Covert Channels

We present a formal model for analyzing the bandwidth of covert channels. The focus is on channels that exploit interrupt-driven communication, which have been shown to pose a serious threat in practical experiments. Our work builds on our earlier model [1], which we used to compare the effectiveness of different countermeasures against such channels. The main novel contribution of this article is an approach to exploiting detailed knowledge about a given channel in order to make the bandwidth analysis more precise.

[1]  David Clark,et al.  Safety and Security Analysis of Object-Oriented Models , 2002, SAFECOMP.

[2]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[3]  Bruce E. Hajek,et al.  An information-theoretic and game-theoretic study of timing channels , 2002, IEEE Trans. Inf. Theory.

[4]  Virgil D. Gligor,et al.  A bandwidth computation model for covert storage channels and its applications , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[5]  Ira S. Moskowitz,et al.  The Pump: a decade of covert fun , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[6]  Enrico Tronci,et al.  Automatic Analysis of the NRL Pump , 2004, Electron. Notes Theor. Comput. Sci..

[7]  Jonathan K. Millen,et al.  Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[8]  Ira S. Moskowitz,et al.  Noisy Timing Channels with Binary Inputs and Outputs , 2006, Information Hiding.

[9]  James W. Gray On introducing noise into the bus-contention channel , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Ruggero Lanotte,et al.  Hiding Information in Multi Level Security Systems , 2006, Formal Aspects in Security and Trust.

[11]  Gavin Lowe,et al.  Quantifying information flow , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[12]  Alessandro Aldini,et al.  An Integrated View of Security Analysis and Performance Evaluation: Trading QoS with Covert Channel Bandwidth , 2004, SAFECOMP.

[13]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[14]  Ira S. Moskowitz,et al.  The channel capacity of a certain noisy timing channel , 1992, IEEE Trans. Inf. Theory.

[15]  James W. Gray,et al.  On analyzing the bus-contention channel under fuzzy time , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[16]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[17]  Suguru Arimoto,et al.  An algorithm for computing the capacity of arbitrary discrete memoryless channels , 1972, IEEE Trans. Inf. Theory.

[18]  Aimo A. Törn,et al.  Global Optimization , 1999, Science.

[19]  Jonathan K. Millen Finite-state noiseless covert channels , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[20]  Ira S. Moskowitz,et al.  An analysis of the timed Z-channel , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[21]  H. P. Benson Deterministic algorithms for constrained concave minimization: A unified critical survey , 1996 .

[22]  Ira S. Moskowitz,et al.  Quotient states and probabilistic channels , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[23]  Shiuh-Pyng Shieh Estimating and Measuring Covert Channel Bandwidth in Multilevel Secure Operating Systems , 1999, J. Inf. Sci. Eng..

[24]  R. Horst,et al.  Global Optimization: Deterministic Approaches , 1992 .

[25]  Wei-Ming Hu,et al.  Reducing timing channels with fuzzy time , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[26]  Ira S. Moskowitz,et al.  A pump for rapid, reliable, secure communication , 1993, CCS '93.

[27]  Richard E. Blahut,et al.  Computation of channel capacity and rate-distortion functions , 1972, IEEE Trans. Inf. Theory.

[28]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[29]  J. Alves-Foss,et al.  Covert Timing Channel Analysis of Rate Monotonic Real-Time Scheduling Algorithm in MLS Systems , 2006, 2006 IEEE Information Assurance Workshop.

[30]  Reiner Horst,et al.  Global optimization - deterministic approaches, 3. Auflage , 1996 .

[31]  Ira S. Moskowitz,et al.  Simple timing channels , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[32]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[33]  R. Horst,et al.  On the global minimization of concave functions , 1984 .

[34]  Richard A. Kemmerer,et al.  Shared resource matrix methodology: an approach to identifying storage and timing channels , 1983, TOCS.

[35]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[36]  Heiko Mantel,et al.  Comparing Countermeasures against Interrupt-Related Covert Channels in an Information-Theoretic Framework , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[37]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[38]  Richard A. Kemmerer,et al.  A practical approach to identifying storage and timing channels: twenty years later , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[39]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[40]  Ira S. Moskowitz,et al.  Variable noise effects upon a simple timing channel , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[41]  Ira S. Moskowitz,et al.  A Network Pump , 1996, IEEE Trans. Software Eng..