Communication from a low-to a high-level system without acknowledgements will be unreliable; with acknowledgements, it can be insecure. We propose to provide quantifiable security, acceptable reliability, and minimal performance penalties by interposing a device (called the Pump) to push messages to the high system and provide a controlled stream of acknowledgements to the low system. This paper describes how the Pump supports the transmission of messages upward and limits the capacity of the covert timing channel in the acknowledgement stream without affecting the average acknowledgement delay seen by the low system or the message delivery delay seen by the high system in the absence of actual Trojan horses. By adding random delays to the acknowledgment stream, we show how to further reduce the covert channel capacity even in the presence of cooperating Trojan horses in both the high and low systems. We also discuss engineering tradeotis relevant to practical use of the Pump.
A designer of reliable multi-level secure (MLS) networks must consider covert channels and denial of service attacks in addition to traditional network Performance measures such as throughput, fairness, and reliability. In this paper we show how to extend the NRL data Pump to a certain MLS network architecture in order to balance the requirements of congestion control, fairness, good performance, and reliability against those of minimal threats from covert channels and denial of service attacks. We back up our claims with simulation results.
Although both anonymity and covert channels are part of the larger topic of information hiding, there also exists an intrinsic linkage between anonymity and covert channels. This linkage was illustrated in [1]; however, [1] just scratched the surface of the interplay between covert channels and anonymity, without a formal analysis of the related issues. This paper begins the process of formalizing the linkage between anonymity and covert channels via the study of quasi-anonymous channels. We also discuss and contrast some of the existing formal mathematical models of anonymity.
There have long been threads of investigation into covert channels, and threads of investigation into anonymity, but these two closely related areas of information hiding have not been directly associated. This paper represents an initial inquiry into the relationship between covert channel capacity and anonymity, and poses more questions than it answers. Even this preliminary work has proven difficult, but in this investigation lies the hope of a deeper understanding of the nature of both areas. MIXes have been used for anonymity, where the concern is shielding the identity of the sender or the receiver of a message, or both. In contrast to traffic analysis prevention methods which conceal larger traffic patterns, we are concerned with how much information a sender to a MIX can leak to an eavesdropping outsider, despite the concealment efforts of MIXes acting as firewalls.
a b s t r a c tWe study the algebraic structure of the monoid of binary channels and show that it is dually isomorphic to the interval domain over the unit interval with the operation from Martin (2006) [4]. We show that the capacity of a binary channel is Scott continuous as a map on the interval domain and that its restriction to any maximally commutative submonoid of binary channels is an order isomorphism onto the unit interval. These results allows us to solve an important open problem in the analysis of covert channels: a provably correct method for injecting noise into a covert channel which will reduce its capacity to any level desired in such a way that the practitioner is free to insert the noise at any point in the system.Published by Elsevier B.V.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.