The Pump: A Decade of Covert Fun

Authors:
Myong H. Kang;Ira S. Moskowitz;Stanley Chincheck
Affiliations:
Naval Research Laboratory Washington, DC;Naval Research Laboratory Washington, DC;Naval Research Laboratory Washington, DC
Venue:
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Year:
2005

Citing 0
Cited 9

Secure data export and auditing using data diodes

EVT'06 Proceedings of the USENIX/Accurate Electronic Voting Technology Workshop 2006 on Electronic Voting Technology Workshop
Detecting covert timing channels: an entropy-based approach

Proceedings of the 14th ACM conference on Computer and communications security
Anti-jamming timing channels for wireless networks

WiSec '08 Proceedings of the first ACM conference on Wireless network security
Model-Based Covert Timing Channels: Automated Modeling and Evasion

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Information-Theoretic Modeling and Analysis of Interrupt-Related Covert Channels

Formal Aspects in Security and Trust
High level specification of non-interference security policies in partitioned MLS systems

CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Data diodes in support of trustworthy cyber infrastructure

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Predictive black-box mitigation of timing channels

Proceedings of the 17th ACM conference on Computer and communications security
Secure information flow for distributed systems

FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper traces the ten plus year history of the Naval Research Laboratory's Pump idea. The Pump was theorized, designed, and built at the Naval Research Laboratory's Center for High Assurance Computer Systems. The reason for the Pump is the need to send messages from a "Low" enclave to a "High" enclave, in a secure and reliable manner. In particular, the Pump was designed to minimize the covert channel threat from the necessary message acknowledgements, without penalizing system performance and reliability. We review the need for the Pump, the design of the Pump, the variants of the Pump, and the current status of the Pump, along with manufacturing and certification difficulties.