Automatic Detection of Covert Channels in Networks

Brodley, C. E.

Automatic Detection of Covert Channels in Networks

Active / Technical Report | Accession Number: ADA469998 |

Open PDF

Abstract:

A covert channel is a mechanism that can be used to violate a security policy by allowing information to leak to an unauthorized process. Two types of covert channels exist storage and timing channels. A storage channel involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage by another process. A timing channel involves a sender process that signals information to another by modulating its own use of systems resources in such a way that this manipulation affects the real response time observed by the second process. In this research, we focused on the analysis and detection of covert timing channels in the TCPIP protocol suite.

Author(s):

Brodley, C. E.

Author Organization(s):

TUFTS UNIV MEDFORD MA

Descriptive Note:

Final technical rept. Nov 2005-Mar 2007

Supplementary Note:

The original document contains color images.

Pagination:

0014

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

AFRL-IF-RS-TR-2007-132

Contract/Grant Number(s):

FA8750-05-2-0015

Task Number(s):

TB

Project Number(s):

4519

Monitor Series:

TR-2007-132, AFRL-IF-RS

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_5.2_Understand; JCA_5.3_Planning; JCA_1.2.7_Experimentation; JCA_1.2.3_Educating

Modernization Areas:

Quantum Science and Computing

Communities of Interest:

Materials and Manufacturing Processes

Descriptor(s):

*DETECTION, *SECURITY, *AUTOMATIC, *BUFFER STORAGE, *INTRUSION DETECTION(COMPUTERS), SIGNAL PROCESSING, NETWORKS, DATA STORAGE SYSTEMS, INTERNET, ONLINE SYSTEMS, COVERT OPERATIONS, REAL TIME, POLICIES

Field(s)/Group(s):

Information Science, Computer Hardware, Computer Systems Management and Standards

Keyword(s):

*TRANSMISSION CONTROL PROTOCOL, *COVERT TIMING CHANNELS, INTERNET PROTOCOL, VIOLATIONS, PE62702F, WUAFRL4519TB03

Report Date:

2007 May 01

Creation Date:

2007 Aug 01