1,625 research outputs found
Covert channel detection using Information Theory
This paper presents an information theory based detection framework for
covert channels. We first show that the usual notion of interference does not
characterize the notion of deliberate information flow of covert channels. We
then show that even an enhanced notion of "iterated multivalued interference"
can not capture flows with capacity lower than one bit of information per
channel use. We then characterize and compute the capacity of covert channels
that use control flows for a class of systems.Comment: In Proceedings SecCo 2010, arXiv:1102.516
Behavior-Based Covert Channel in Cyberspace
Many covert channels take advantages of weaknesses, flaws, or unused data fields in network protocols. In this paper, a behavior-based covert channel, that takes advantages of behavior of an application, is presented along with a formal definition in the framework of finite state machines. The behavior-based covert channel is application specific and lies at the application layer of the network OSI model, which makes the detection of this type of covert channel much more difficult. A detailed sample implementation demonstrates an example of this type of covert channel in the form of a simple online two-person game. The potential of this type of covert channel is also discussed
A Covert Channel Using Named Resources
A network covert channel is created that uses resource names such as
addresses to convey information, and that approximates typical user behavior in
order to blend in with its environment. The channel correlates available
resource names with a user defined code-space, and transmits its covert message
by selectively accessing resources associated with the message codes. In this
paper we focus on an implementation of the channel using the Hypertext Transfer
Protocol (HTTP) with Uniform Resource Locators (URLs) as the message names,
though the system can be used in conjunction with a variety of protocols. The
covert channel does not modify expected protocol structure as might be detected
by simple inspection, and our HTTP implementation emulates transaction level
web user behavior in order to avoid detection by statistical or behavioral
analysis.Comment: 9 page
An Extended Discussion on a High-Capacity Covert Channel for the Android Operating System
In “Exploring a High-Capacity Covert Channel for the Android Operating System” [1], a covert channel for communicating between different applications on the Android operating system was introduced and evaluated. This covert channel proved to be capable of a much higher throughput than any other comparable channels which had been explored previously. This article will expand on the work which was started in [1]. Specifically, further improvements on the initial covert channel concept will be detailed and their impact with regards to channel throughput will be evaluated. In addition, a new protocol for managing connections and communications between collaborating applications purely using this channel will be defined and explored. A number of different potential mechanisms and techniques for detecting the presence and use of this covert channel will also be described and discussed, including possible counter-measures, which could be implemented
A Formulation of the Potential for Communication Condition using C2KA
An integral part of safeguarding systems of communicating agents from covert
channel communication is having the ability to identify when a covert channel
may exist in a given system and which agents are more prone to covert channels
than others. In this paper, we propose a formulation of one of the necessary
conditions for the existence of covert channels: the potential for
communication condition. Then, we discuss when the potential for communication
is preserved after the modification of system agents in a potential
communication path. Our approach is based on the mathematical framework of
Communicating Concurrent Kleene Algebra (C2KA). While existing approaches only
consider the potential for communication via shared environments, the approach
proposed in this paper also considers the potential for communication via
external stimuli.Comment: In Proceedings GandALF 2014, arXiv:1408.556
A Behavior Based Covert Channel within Anti-Virus Updates
This paper presents a new behavior based covert channel utilizing the database update mechanism of anti-virus software. It is highly covert due to unattended, frequent, automatic signature database update operations performed by the software. The design of the covert channel is described; its properties are discussed and demonstrated by a reference implementation. This paper uses these points to strengthen the inclusion of behavior-based covert channels within standard covert channel taxonomy
- …