A Pump for Rapid, Reliable, Secure Communication
NAVAL RESEARCH LAB WASHINGTON DC INFORMATION TECHNOLOGY DIV
Pagination or Media Count:
Communication from a low- to a high-level system without acknowledgements will be unreliable with acknowledgements, it can be insecure. We propose to provide quantifiable security, acceptable reliability, and minimal performance penalties by interposing a device called the Pump to push messages to the high system and provide a controlled stream of acknowledgements to the low system. This paper describes how the Pump supports the transmission of messages upward and limits the capacity of the covert timing channel in the acknowledgement stream without a affecting the average acknowledgement delay seen by the low system or the message delivery delay seen by the high system in the absence of actual Trojan horses. By adding random delays to the acknowledgment stream, we show how to further reduce the covert channel capacity even in the presence of cooperating Trojan horses in both the high and low systems. We also discuss engineering tradeoffs relevant to practical use of the Pump.
- Computer Systems Management and Standards