[Previous [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

Journal of Inforamtion Science and Engineering, Vol.15 No.1, pp.91-106 (January 1999)
Estimating and Measuring Covert Channel Bandwidth in
Multilevel Secure Operating Systems

Shiuh-Pyng Shieh
Department of Computer Science and Information Engineering
National Chiao Tung University
Hsinchu, Taiwan 300, R.O.C.

Covert channels are illicit means of leaking sensitive or private information through system global variables that usually are not part of the interpretation of data objects in the security model. We discovered that some covert channels can be modeled as finite-state graphs while others cannot. By using various techniques given in the paper, multiple bits of information can be simultaneously transferred through single or multiple covert channels. We present methods to determine and estimate the maximum bandwidths of both finite-state and infinite-state channels, and give the problems and basic rules for their measurement.

Keywords: covert channel bandwith, multilevel secure systems, system calls

Full Text () Retrieve PDF document (199901_07.pdf : 93,572 bytes)

Received October 19, 1996; accepted September 6, 1997.
Communicated by Arbee L. P. Chen.
1 XENIX(TM) is a registered trademark of Microsoft Inc. UNIX(TM) is a trademark of AT&T Laboratories. Secure XENIX(TM) was developed by IBM Federal Sector Division for B2-level evaluation and is now marketed as Trusted XENIX(TM) by Trusted Information Systems Inc. The work of this paper was done on Secure XENIX, an early version of Trusted XENIX.
2 This work was supported in part by the National Science Council, Taiwan, under the contract NSC-85-2622-E-009-006R.