Robust and efficient covert channel communications in operating systems: Design, implementation and evaluation
文献类型:会议论文
| 作者 | Lin, Yuqi (1) ; Ding, Liping (1) ; Wu, Jingzheng (1) ; Xie, Yalong (1) ; Wang, Yongji (1) |
| 出版日期 | 2013 |
| 会议名称 | 7th International Conference on Software Security and Reliability, SERE-C 2013 |
| 会议日期 | June 18, 2013 - June 20, 2013 |
| 会议地点 | Gaithersburg, MD, United states |
| 页码 | 45-52 |
| 中文摘要 | Covert channel has been studied for years due to its ability to divulge sensitive information in computer systems. Constructing covert communication scenarios is the first step to learn the threat of a channel. There are several challenges in the existing design of covert channel communications: lacking general communicating model description, low transmission accuracy and weak anti-interference ability. In this paper, we explore how to construct robust and efficient covert channel communications in operating systems. Firstly, we design three general covert communicating protocol models: the Basic Protocol (BP), the Two-Channel Transmission Protocol (TCTP) and the Self-Adaptive Protocol (SAP). Then we implement them in Linux operating systems. To simulate real attack scenarios, a toy Trojan program extracting passwords to cooperate with the covert protocols is presented. To identify potential covert channels in Linux kernel, we use Directed Information Flow Graph (DIFG) to analyze the source code and choose last-pid and temporary files channels in our implementation. Finally we evaluate the transmitting rate and accuracy of the three protocols. The results demonstrate that without special protective measures, the TCTP can achieve rather high accuracy and rate (100% and 31bps in our lab). When equipped with some restricting or interfering mechanisms, the SAP can achieve 97% accuracy and 18bps rate. This result reveals that attackers can bypass countermeasures to steal sensitive data from victims by well-designed covert protocols. © 2013 IEEE. |
| 英文摘要 | Covert channel has been studied for years due to its ability to divulge sensitive information in computer systems. Constructing covert communication scenarios is the first step to learn the threat of a channel. There are several challenges in the existing design of covert channel communications: lacking general communicating model description, low transmission accuracy and weak anti-interference ability. In this paper, we explore how to construct robust and efficient covert channel communications in operating systems. Firstly, we design three general covert communicating protocol models: the Basic Protocol (BP), the Two-Channel Transmission Protocol (TCTP) and the Self-Adaptive Protocol (SAP). Then we implement them in Linux operating systems. To simulate real attack scenarios, a toy Trojan program extracting passwords to cooperate with the covert protocols is presented. To identify potential covert channels in Linux kernel, we use Directed Information Flow Graph (DIFG) to analyze the source code and choose last-pid and temporary files channels in our implementation. Finally we evaluate the transmitting rate and accuracy of the three protocols. The results demonstrate that without special protective measures, the TCTP can achieve rather high accuracy and rate (100% and 31bps in our lab). When equipped with some restricting or interfering mechanisms, the SAP can achieve 97% accuracy and 18bps rate. This result reveals that attackers can bypass countermeasures to steal sensitive data from victims by well-designed covert protocols. © 2013 IEEE. |
| 收录类别 | EI |
| 会议录出版地 | IEEE Computer Society, 2001 L Street N.W., Suite 700, Washington, DC 20036-4928, United States |
| 语种 | 英语 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/16646]  |
| 专题 | 软件研究所_软件所图书馆_会议论文 |
| 推荐引用方式 GB/T 7714 | Lin, Yuqi ,Ding, Liping ,Wu, Jingzheng ,et al. Robust and efficient covert channel communications in operating systems: Design, implementation and evaluation[C]. 见:7th International Conference on Software Security and Reliability, SERE-C 2013. Gaithersburg, MD, United states. June 18, 2013 - June 20, 2013. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。