By : Nimish Agarwal

furiouserectAI and Robotics

Nov 21, 2013 (3 years and 8 months ago)

77 views

By

:


Nimish

Agarwal




are

those

which

are

neither

designed

nor

intended

to

transfer

information

at

all
.




are

based

on

"transmission

by

storage

into

variables

that

describe

resource

states”
.




are

those

channels

that

are

a

result

of

resource

allocation

policies

and

resource

management

implementation
.




are

those

that

"use

entities

not

normally

viewed

as

data

objects

to

transfer

information

from

one

subject

to

another
.
"

.


Storage

and

Timing

Channels
.


Storage

Channel

:
-

Include

all

mediums

that

allow

the

direct

or

indirect

writing

of

a

storage

location

by

one

process

and

the

direct

or

indirect

reading

of

it

by

another
.



Timing

channels

:
-

Include

all

mediums

that

would

allow

one

process

to

signal

information

to

another

process

by

modulating

its

own

use

of

system

resources

in

such

a

way

that

the

change

in

response

time

observed

by

the

second

process

would

provide

information
.


Noisy

and

Noiseless

Channels
.


Noiseless covert channel

uses shared resource available
to sender, receiver only


Noisy

covert channel

uses shared resource available to
sender, receive, and others


Need to minimize interference enough so that message
can be read in spite of others’ use of channel



Shared Resource Matrix (SRM)


Identify all resources that may be read or modified
by processes of various classes and put them in form
of
matirx
.


Take transitive closure.


Look for information flow in violation of policy.


Verify flow for real.


Information Flow Method


Determine data and control flow within the
program.


Determine which outputs are affected by which
inputs.


Note : Difficult in the face of pointers, and recursion.



S
teganography means
Steganos

(Covered or
Protected)

+

graphein

(to write).


Steganography includes the concealment of
information within computer files










Cryptography

Steganography

Protecting contents

of the message

Concealing the
existence of message

Encryption

can be easily identified

Embedding may

not be so easy to
identify

Confidentiality

Integrity

Un removability

Encryption

Yes

No

Yes

Digital Signature

No

Yes

No

Steganography

Yes / No

Yes / No

Yes


Network


Wireless :
-

Corrupted Headers


Modifying Existing Traffic


Images, Audio and Video
Steganograms


Encryption


Canary trap and Digital Water Marking


Canary Trap :
-

Method of exposing Information
Leak, which involves giving different version of
sensitive documents to several suspects and seeing
which version gets leaked.


National Computer Security Center. A guide to understanding Covert Channel Analysis of
Trusted System.
http://www.fas.org/irp/nsa/rainbow/tg030.htm



Steganography And Digital Watermarking
http://www.cs.bham.ac.uk/~mdr/teaching/
modules03/security/students/SS5/Steganography.pdf


Steganography.
http://en.wikipedia.org/wiki/Steganography


Canary Trap :
-

http://en.wikipedia.org/wiki/Canary_trap


A Discussion of Covert Channels and Steganography :
-

http://gray
-
world.net/cn/papers/adiscussionofcc.pdf