| ¡¡ | Chinese Journal of Computers Full Text |
| Title | A Measurement of Covert Channels Threat |
| Authors | WANG Chang-Da JU Shi-Guang ZHOU Cong-Hua SONG Xiang-Mei |
| Address | (School of Computer Science and Telecommunication Engineering, Jiangsu University, Zhenjiang£¬ Jiangsu 212013) |
| Year | 2009 |
| Issue | No.4(751¡ª762) |
| Abstract & Background | Abstract Covert channel analysis is one of an important target of high level trusted system evaluation in TCSEC, CC and GB17859¡ª1999. Covert channel audit is a critical part of covert channel analysis. Currently the pure bandwidth criterion of TCSEC are adopted, unfortunately that can¡¯t reflect the threat of covert channels thoroughly. Via researched on its quantified characteristics and topology change, an algebra system of covert channels is presented based on formally define covert channels. Threat degree and threat rate are introduced to make a new audit measurement method that can evaluate covert channel from many different aspects to get a comprehensive measurement, which also compatible with the pure bandwidth method. Moreover, calculating methods are discussed for the measurement issues under the support of an algebra system of covert channels to form a rounded threat measurement system infrastructure. Keywords covert channel; threat audit; measurement; algebra system; trust evaluation Background The work belongs to the project ¡°Research on Covert Channels Detection Based on Information Flow Analysis¡±, which is supported by the National Natural Science Foundation of China under grant No.60773049, the Nature Science Foundation of Jiangsu Province under grant No.BK2007086, the Fundamental Research Project of Nature Science in Colleges of Jiangsu Province under grant No.07KJB520016, and Person with Ability Project of Jiangsu University under grant No.07JDG053. Covert channels present a serious risk to data security in computer systems and networks. Almost all of trust evaluation criteria, e.g. TCSEC, CC and GB17859-1999, list covert channel as an important item for higher levels trust evaluation. In the past three decades, most researchers have paid more attention to detection and mitigation methods for covert channels. A few known works about auditing were limited in scope to how one calculates the bandwidth/capacity of covert channels. The criterias motioned above use bandwidth as the only parameter to measure the threat of covert channels, which neglect many factors, such as the security level difference, sensitive parameter, the duration and instantaneous time of covert channels, etc. So they cannot give a comprehensive evaluation of the threat of covert channels. The method presented in this paper integrates all of the factors mentioned above to measure the threat of covert channels. The topology change of covert channels is also considered under the support of an algebra system. Moreover, it is compatible with the traditional bandwidth measurement method. |