CSP-Based general detection model of network covert storage channels

Authors:
Hui Zhu;Tingting Liu;Guanghui Wei;Beishui Liu;Hui Li
Affiliations:
State Key Laboratory of Integrated Service Networks, Xidian University, Xi'an, China, Network and Data Security Key Laboratory of Sichuan Province, Xidian University, Xi'an, China;State Key Laboratory of Integrated Service Networks, Xidian University, Xi'an, China;State Key Laboratory of Integrated Service Networks, Xidian University, Xi'an, China;State Key Laboratory of Integrated Service Networks, Xidian University, Xi'an, China;State Key Laboratory of Integrated Service Networks, Xidian University, Xi'an, China
Venue:
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Year:
2013

Citing 12
Cited 0

A Theory of Communicating Sequential Processes

Journal of the ACM (JACM)
Communicating sequential processes

Communications of the ACM
The Theory and Practice of Concurrency

The Theory and Practice of Concurrency
Concurrent and Real Time Systems: The CSP Approach

Concurrent and Real Time Systems: The CSP Approach
Single-packet IP traceback

IEEE/ACM Transactions on Networking (TON)
Hiding Data in the OSI Network Model

Proceedings of the First International Workshop on Information Hiding
Eliminating Steganography in Internet Traffic with Active Wardens

IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Network Based Detection of Passive Covert Channels in TCP/IP

LCN '05 Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary
A Covert Channel Detection Algorithm Based on TCP Markov Model

MINES '10 Proceedings of the 2010 International Conference on Multimedia Information Networking and Security
An Entropy-Based Approach to Detecting Covert Timing Channels

IEEE Transactions on Dependable and Secure Computing
An asynchronous covert channel using spam

Computers & Mathematics with Applications
A Survey of Covert Channels and Countermeasures in Computer Network Protocols

IEEE Communications Surveys & Tutorials

Quantified Score

Hi-index	0.00

Visualization

Abstract

A network covert channel is a malicious conversation mechanism, which brings serious security threat to security-sensitive systems and is usually difficult to be detected. Data are hidden in the header fields of protocols in network covert storage channels. In this paper, a general detection model based on formal protocol analysis for identifying possible header fields in network protocols that may be used as covert storage channels is proposed. The protocol is modeled utilizing the Communication Sequential Processes (CSP), in which a modified property of header fields is defined and the header fields are classified into three types in accordance to the extent to which their content can be altered without impairing the communication. At last, verification of the model in Transmission Control Protocol (TCP) shows that the proposed method is effective and feasible.