Virgil Gligor. A guide to understanding covert channel analysis of trusted systems. Technical Report NCSC-TG-030, National Computer Security Center, Ft. George G. Meade, Maryland, U.S.A., November 1993. Approved for public release: distribution unlimited.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....enters the system though a mechanism that invokes setlogin and whose processes therefore have correct origin information, uses some form of IPC to cause a process that has other origin information to send data into the network. This is a dif cult problem to deal with, as it has always been [12], and we do not have an immediate solution for it. Any process that listens on a covert channel needs to have been started either locally or remotely, however, and in the case of an external attacker, most likely remotely. Thus, any outgoing trac from that process will still be logged. While our ....

Virgil Gligor. A guide to understanding covert channel analysis of trusted systems. Technical Report NCSC-TG-030, National Computer Security Center, Ft. George G. Meade, Maryland, U.S.A., November 1993. Approved for public release: distribution unlimited.

....algorithm can be defeated by a sufficiently aggressive attacker. We further note that if an attacker fully controls both the remote and the local host, and in particular if they are patient and or able to deploy arbitrary software, then all sorts of devious covert channels become possible 1 [Gl93], and backdoor detection becomes essentially hopeless. We do not attempt to address the problem of detecting covert channels. 1 See [Ra00] for a discussion of experiences with running NFS over email by tunneling IP packets over messages delivered by SMTP. Thus, we propose the algorithms in this ....

V. Gligor, "A Guide to Understanding Covert Channel Analysis of Trusted Systems," NCSC-TG030, version 1, http://www.radium.ncsc.mil/tpep/library /rainbow/NCSC-TG-030.html, National Computer Security Center, Nov. 1993.

....here may acquire more economic significance. Also important are covert channels: communication paths that were neither designed nor intended to transfer information at all. Common examples include timing variations and error messages in communication protocols and operating system call interfaces [95], 96] Covert channels are of particular concern in the design and evaluation of mandatory access control security concepts, where the operating system attempts to restrict the flow of information between processes in order to protect the user from computer viruses and Trojan horse software that ....

V. Gligor, "A guide to understanding covert channel analysis of trusted systems." Tech. Rep. NCSC-TG-030, National Computer Security Center, Ft. George G. Meade, Maryland, U.S.A., Nov. 1993.

....here may acquire more economic significance. Also important are covert channels: communication paths that were neither designed nor intended to transfer information at all. Common examples include timing variations and error messages in communication protocols and operating system call interfaces [97], 98] Covert channels are of particular concern in the design and evaluation of mandatory access control security concepts, where the operating system attempts to restrict the flow of information between processes in order to protect the user from computer viruses and Trojan horse software that ....

V. Gligor, "A guide to understanding covert channel analysis of trusted systems," National Computer Security Center, Ft. George G. Meade, MD, Tech. Rep. NCSC-TG-030, Nov. 1993.

....algorithm can be defeated by a sufficiently aggressive attacker. We further note that if an attacker fully controls both the remote and the local host, and in particular if they are patient and or able to deploy arbitrary software, then all sorts of devious covert channels become possible 1 [Gl93], and backdoor detection becomes essentially hopeless. We do not attempt to address the problem of detecting covert channels. Thus, we propose the algorithms in this paper not as solutions, but merely as waystations in the ongoing arms race between attackers and intrusion detection. One form of ....

V. Gligor, "A Guide to Understanding Covert Channel Analysis of Trusted Systems," NCSC-TG-030, version 1, http://www.radium.ncsc.mil/tpep/lib-rary/rainbow/ NCSC-TG-030.html, National Computer Security Center, Nov. 1993.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC