Deception on the network: thinking differently about covert channels

The concept of covert channels has been visited frequently by academia in a quest to analyse their occurrence and prevention in trusted systems. This has lead to a wide variety of approaches being developed to prevent and identify such channels and implement applicable countermeasures. However, little of this research has actually trickled down into the field of operational security management and risk analysis. Quite recently a number of covert channels and enabling tools have appeared that did have a significant impact on the operational security of organizations. This paper identifies a number of those channels and shows the relative ease with which new ones can be devised. It identifies how risk management processes do not take this upcoming threat into account and suggests where improvements would be helpful.

[1]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[2]  Jonathan K. Millen 20 years of covert channel modeling and analysis , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[3]  James N. Menendez,et al.  A Guide to Understanding Audit in Trusted Systems , 1988 .

[4]  Niels Provos,et al.  Detecting Steganographic Content on the Internet , 2002, NDSS.

[5]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[6]  F. Meade A Guide to Understanding Audit in Trusted Systems , 1988 .

[7]  Xiapu Luo,et al.  TCP covert timing channels: Design and detection , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[8]  Laia Miralles,et al.  First Monday. Peer-reviewed Journal on the Internet , 2001 .