Computer Communications Network Design and Analysis
Computer Communications Network Design and Analysis
The Influence of Delay Upon an Idealized Channel's Bandwidth
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
On Introducing Noise into the Bus-Contention Channel
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
A Mathematical Theory of Communication
A Mathematical Theory of Communication
An entropy conservation law for testing the completeness of covert channel analysis
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
IEEE Transactions on Software Engineering
Several secure store and forward devices
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Three paradigms in computer security
NSPW '97 Proceedings of the 1997 workshop on New security paradigms
A security model for dynamic adaptive traffic masking
NSPW '97 Proceedings of the 1997 workshop on New security paradigms
Secure Concurrency Control in Firm Real-Time Database Systems
Distributed and Parallel Databases - Security of data and transaction processing
Synchronous IPC over transparent monitors
EW 9 Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system
Information Flow Control in Object-Oriented Systems
IEEE Transactions on Knowledge and Data Engineering
Experimental Results Of Covert Channel Limitation In One-Way Communication Systems
SNDSS '97 Proceedings of the 1997 Symposium on Network and Distributed System Security
Secure information flow with random assignment and encryption
Proceedings of the fourth ACM workshop on Formal methods in security
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
Avoiding timing channels in fixed-priority schedulers
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Model-Based Covert Timing Channels: Automated Modeling and Evasion
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Putting Trojans on the Horns of a Dilemma: Redundancy for Information Theft Detection
Transactions on Computational Science IV
Implementing IDS Management on Lock-Keeper
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Information-Theoretic Modeling and Analysis of Interrupt-Related Covert Channels
Formal Aspects in Security and Trust
Design of lock-keeper federated authentication gateway
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 2
Automatic Analysis of the NRL Pump
Electronic Notes in Theoretical Computer Science (ENTCS)
Noisy timing channels with binary inputs and outputs
IH'06 Proceedings of the 8th international conference on Information hiding
Strong authentication over lock-keeper
SOFSEM'08 Proceedings of the 34th conference on Current trends in theory and practice of computer science
Protecting confidential data on personal computers with storage capsules
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Predictive black-box mitigation of timing channels
Proceedings of the 17th ACM conference on Computer and communications security
An analysis of the timed Z-channel
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Low-attention forwarding for mobile network covert channels
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Predictive mitigation of timing channels in interactive systems
Proceedings of the 18th ACM conference on Computer and communications security
Covert channels for collusion in online computer games
IH'04 Proceedings of the 6th international conference on Information Hiding
Secure information flow for distributed systems
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Leaving timing-channel fingerprints in hidden service log files
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A secure web services providing framework based on lock-keeper
APNOMS'07 Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and services
| Hi-index | 0.00 |
Communication from a low- to a high-level system without acknowledgements will be unreliable; with acknowledgements, it can be insecure. We propose to provide quantifiable security, acceptable reliability, and minimal performance penalties by interposing a device (called the Pump) to push messages to the high system and provide a controlled stream of acknowledgements to the low system.This paper describes how the Pump supports the transmission of messages upward and limits the capacity of the covert timing channel in the acknowledgement stream without affecting the average acknowledgement delay seen by the low system or the message delivery delay seen by the high system in the absence of actual Trojan horses. By adding random delays to the acknowledgment stream, we show how to further reduce the covert channel capacity even in the presence of cooperating Trojan horses in both the high and low systems. We also discuss engineering trade-offs relevant to practical use of the Pump.