Foundations of Computer SecurityLecture 15: Covert Channels IIIDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 15: 1 Covert Channels IIICovert Channels: Who CaresDefinition: A covert channel is a path for the illegal flow ofinformation between subjects within a system, utilizing systemresources that were not designed to be used for inter-subjectcommunication.It might seem that such channels would be so slow that youwouldn’t really care.That’s not true. Covert channels on real processors operate atthousands of bits per second, with no appreciable impact onsystem processing.Lecture 15: 2 Covert Channels IIICovert ChannelsThe important characteristics of a covert channel are:Existence: is a channel present or not?Bandwidth: how much information can be transmitted persecond?Noiseless/noisy: can the information be transmitted without lossor distortion?It is usually infeasible for realistic systems to eliminate everypotential covert channel.Lecture 15: 3 Covert Channels IIIDealing with Covert ChannelsOnce a potential covert channel is identified, several responses arepossible.We can eliminate it by modifying the system implementation.We can reduce the bandwidth by introducing noise into thechannel.We can monitor it for patterns of usage that indicate someoneis trying to exploit it. This is intrusion detection.Lecture 15: 4 Covert Channels IIIUsing a Covert Storage ChannelSenderReceiverModifyattributeReferenceFor a sender and receiver to use a covertstorage channel, what must be true?1Both senderand receiver must have accessto some attribute of a shared object.2The sender must be able to modifythe attribute.3The receiver must be able toreference (view) that attribute.4A mechanism for initiating bothprocesses, and sequencing theiraccesses to the shared resource,must exist.Lecture 15: 5 Covert Channels IIIUsing a Covert Timing ChannelFor a sender and receiver to use a covert timing channel, thefollowing must be true:1Both sender and receiver must have access to some attributeof a shared object.2Both sender and receiver have access to a time reference(real-time clock, timer, ordering of events).3The sender must be able to control the timing of thedetection of a change in the attribute of the receiver.4A mechanism for initiating both processes, and sequencingtheir accesses to the shared resource, must exist.Lecture 15: 6 Covert Channels IIILessonsImportant characteristics of any covert channel are: existence,bandwidth, and noisy/noiseless.Dealing with a covert channel may include: eliminating it,restricting the bandwidth, or monitoring it.Certain conditions must hold for a covert channel to exist.Next lecture: Detecting Covert ChannelsLecture 15: 7 Covert Channels
View Full Document
Unlocking...