A Guide to Understanding Covert Channel Analysis of Trusted Systems
DIANE Publishing, 1994 - 122 pages
Provides a set of good practices related to covert channel analysis of systems employed for processing classified and other sensitive information. Written to help vendors and evaluators understand covert channel analysis requirements. Contains suggestions and recommendations. Glossary. References. Illustrations
What people are saying - Write a review
We haven't found any reviews in the usual places.
access control aggregation allocation alter application bandwidth estimation bit/second channel variable channels of Example class B2 Covert Channel Analysis covert channel bandwidth covert channel handling covert channel identification covert storage channels covert timing channels creat delays depending eliminate environment false illegal flows Figure flow tool getpid Gligor90 global variable Huskamp78 I/O Scheduling identification method identification of covert illustrated implementation information flow information-flow analysis inode input Kemmerer83 mandatory mandatory access control maximum bandwidth memory MLS tool msgget Multilevel Secure NCSC TCSEC Noninterference analysis objects open(s operating system parameters potential covert channels process identifier processors real covert channel receiver process resource-exhaustion channel scenarios Secure Xenix security level security model segment senders and receivers sending process Shared Resource Matrix source code SRM method syntactic system reference manuals TCB interface TCB primitives TCB specification TCSEC requirements top-level specifications transmitted Trojan Horse trusted computing trusted computing base UNIX user process
Page 3 - Systems that are used to process or handle classified or other sensitive information must be designed to guarantee correct and accurate interpretation of the security policy and must not distort the intent of that policy.
Page 96 - The totality of protection mechanisms within a computer system - including hardware, firmware, and software - the combination of which is responsible for enforcing a security policy.
Page 14 - Covert Timing Channel - A covert channel in which one process signals information to another by modulating its own use of system resources (eg, CPU time) in such a way that this manipulation affects the real response time observed by the second process.
Page 93 - A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (eg, sectors on a disk) that is shared by two subjects at different security levels.
Page 95 - Security Policy - The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.
Page 85 - ... informally shown to be consistent with the formal top-level specification (FTLS). The elements of the FTLS shall be shown, using informal techniques, to correspond to the elements of the TCB. Documentation shall describe how the TCB is structured to facilitate testing and to enforce least privilege. This documentation shall also present the results of the covert channel analysis and the tradeoffs involved in restricting the channels. All auditable events that may be used in the exploitation of...
Page 94 - A Top-Level Specification that is written in a formal mathematical language to allow theorems showing the correspondence of the system specification to its formal requirements to be hypothesized and formally proven. Formal Verification...
Page 1 - The criteria are divided into four divisions: D, C, B, and A ordered in a hierarchical manner with the highest division (A) being reserved for systems providing the most comprehensive security. Each division represents a major improvement in the overall confidence one can place in the system for the protection of sensitive information.
Page 94 - A passive entity that contains or receives information. Access to an object potentially implies access to the information it contains. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, etc.