Proceedings of the 25th International Conference on Software Engineering
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
Information-Theoretic Modeling and Analysis of Interrupt-Related Covert Channels
Formal Aspects in Security and Trust
Automatic identification of covert channels inside Linux kernel based on source codes
Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human
High level specification of non-interference security policies in partitioned MLS systems
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Syntax and semantics-preserving application-layer protocol steganography
IH'04 Proceedings of the 6th international conference on Information Hiding
Fine-Grained timing using genetic programming
EuroGP'10 Proceedings of the 13th European conference on Genetic Programming
Quantifying and Classifying Covert Communications on Android
Mobile Networks and Applications
| Hi-index | 0.00 |
Secure computer systems use both mandatory and discretionaryaccess controls to restrict the flow of informationthrough legitimate communication channels such as files,shared memory and process signals. Unfortunately, in practiceone finds that computer systems are built such that usersare not limited to communicating only through the intendedcommunication channels. As a result, a well-founded concernof security-conscious system designers is the potentialexploitation of system storage locations and timing facilitiesto provide unforeseen communication channels to users.These illegitimate channels are known as covert storage andtiming channels.Prior to the presentation of this paper twenty years agothe covert channel analysis that took place was mostly adhoc. Methods for discovering and dealing with these channelswere mostly informal, and the formal methods were restrictedto a particular specification language. This paperpresents a methodology for discovering storage and timingchannels that can be used through all phases of the softwarelife cycle to increase confidence that all channels have beenidentified. In the original paper the methodology was presentedand applied to an example system having three differentdescriptions: English, formal specification, and high-orderlanguage implementation. In this paper only the Englishrequirements are considered. However, the paper alsopresents how the methodology has evolved and the influenceit had on other work.