论文信息 - Covert Channel Analysis and Detection with Reverse Proxy Servers using Microsoft Windows

Covert Channel Analysis and Detection with Reverse Proxy Servers using Microsoft Windows

Data hiding methods can be used by intruders to communicate over open data channels (Wolf 1989; McHugh 1995; deVivo, deVivo et al. 1999), and can be used to overcome firewalls, and most other forms of network intrusion detection systems. In fact, most detection systems can detect hidden data in the payload, but struggle to cope with data hidden in the IP and TCP packet headers, or in the session layer protocol. This paper contains proposes a novel architecture for data hiding, and presents methods which can be used to detect the hidden data and prevent the use of covert channels for its transmission. It also presents the method used in creating a system for Microsoft Windows.

William J Buchanan

[1] Clark Weissman. Handbook for the Computer Security Certification of Trusted Systems , 1995 .

[2] Butler W. Lampson,et al. A note on the confinement problem , 1973, CACM.

[3] Virgil D. Gligor,et al. A guide to understanding covert channel analysis of trusted systems , 1993 .

[4] Marco de Vivo,et al. Internet vulnerabilities related to TCP/IP and T/TCP , 1999, CCRV.

[5] Manfred Wolf. Covert Channels in LAN Protocols , 1989, LANSEC.

[6] Craig H. Rowland,et al. Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.