Vulnerability Development mailing list archives
Re: Covert Channels
From: "Timothy J. Miller" <cerebus () sackheads org>
Date: Wed, 23 Oct 2002 16:08:25 -0500
On Wednesday, October 23, 2002, at 02:57 PM, Richard Masoner wrote:
I've only been following this thread peripherally, but isn't covert channel discussion limited to analyzing the assurance of Trusted Systems?
In a formal sense, yes you are correct. Covert channels are only of note in systems with nondiscretionary access control models. The light pink book (NCSC-TG-030, A Guide to Understanding Covert Channel Analysis of Trusted Systems) defines covert channels as:
"Given a nondiscretionary (e.g., mandatory) security policy model M and its interpretation I(M) in an operating system, any potential communication between two subjects I(Sh) and I(Si) of I(M) is covert if and only if any communication between the corresponding subjects Sh and Si of the model M is illegal in M."
I wasn't able to find a formal definition of covert channels in the Common Criteria documents; but it's pretty clear that the above definition is still in use (i.e., the covert channel analysis section states that the analysis is looking for communication between subjects in violation of the TSP). Of course, CCA isn't required until EAL5.
However, in the real world "covert channel" has come to mean, effectively, "communication between subjects using any method not originally intended for this purpose." This is obviously a much looser definition. For example, using the unused 32bit word of an ICMP type 3 (destination unreachable) datagram to communicate would commonly be considered a covert channel. (I'm aware of one IDS that allegedly uses ICMP similarly to communicate between the remote sensor and the analysis server.) Steganography would fall under this looser definition.
-- Cerebus
Current thread:
- Re: Covert Channels, (continued)
- Re: Covert Channels Mark Grimes (Oct 17)
- RE: Covert Channels Michael Wojcik (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 17)
- Re: Covert Channels FX (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 18)
- RE: Covert Channels Chris Anley (Oct 22)
- RE: Covert Channels Frank Knobbe (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Richard Masoner (Oct 23)
- RE: Covert Channels Omar Herrera (Oct 23)
- Re: Covert Channels Timothy J. Miller (Oct 23)
- Re: Covert Channels David Wagner (Oct 24)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Brooke, O'neil (EXP) (Oct 23)
- RE: Covert Channels Anton Aylward (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Jose Nazario (Oct 24)
- Re: Covert Channels David Wagner (Oct 24)