With the emergence of computers in every day activities and with the ever-growing complexity of networks and network communication protocols, covert channels are becoming an eminent threat to the confidentiality of information. We propose a technique to detect confidential information leakage via covert channels. The proposed technique is based on relational algebra. It provides tests to verify the existence of a leakage of information via a monitored covert channel. The technique also provides computations which show how the information was leaked if a leakage exists. Our focus is limited to protocol-based covert channels and instances where the users of covert channels modulate the information that is being sent; either by encryption, or some other form of encoding. We discuss possible applications of the proposed technique in digital forensics and cryptanalysis. We also report on a prototype tool that allows for the automation of the proposed technique.
[1]
Gunther Schmidt,et al.
Relations and Graphs: Discrete Mathematics for Computer Scientists
,
1993
.
[2]
Carlos Scott,et al.
Network Covert Channels : Review of Current State and Analysis of Viability of the use of X . 509 Certificates for Covert Communications
,
2008
.
[3]
K. Sabri,et al.
Leakage via Protocol-Based Covert Channels : Detection , Automation , and Applications
,
2011
.
[4]
Ridha Khédri,et al.
Exploring Covert Channels
,
2011,
2011 44th Hawaii International Conference on System Sciences.
[5]
S. Srinivasan.
Security and Privacy in the Computer Forensics Context
,
2006,
2006 International Conference on Communication Technology.
[6]
George Washington,et al.
A Roadmap for Cybersecurity Research
,
2009
.