Comparing countermeasures against interrupt-related covert channels in an information-theoretic framework

Proceedings - IEEE Computer Security Foundations Symposium

Volumn , Issue , 2007, Pages 326-340

  Mantel, Heiko ^a   Sudbrock, Henning ^a  

^a RWTH AACHEN UNIVERSITY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

COVERT CHANNEL ANALYSIS; INTERRUPT-RELATED CHANNELS;

BANDWIDTH; COMMUNICATION CHANNELS (INFORMATION THEORY); COMPUTER OPERATING SYSTEMS;

INTRUSION DETECTION;

EID: 35048834771     PISSN: 19401434     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2007.14     Document Type: Conference Paper

References (49)

1. S. Arimoto. An Algorithm for Computing the Capacity of Arbitrary Discrete Memoryless Channels. IEEE Transactions on Information Theory, 18(1):14-20, 1972.
2. D. P. Bovet and M. Cesati. Understanding the Linux Kernel. O'Reilly, 2006.
3. R. Blahut. Computation of Channel Capacity and Rate-Distortion Functions. IEEE Transactions on Information Theory, 18(4):460-473, 1972.
4. M. G. Bulmer. Principles of Statistics. Dover Publications, 1979.
5. Common Criteria for Information Technology Security Evaluation Version 2.3, 2005.
6. Intel Corporation. Interrupt Moderation Using Intel Gigabit Ethernet Controllers, Application Note (AP-450), Revision 1.1,2003.
7. T. M. Cover and J. A. Thomas. Elements of Information Theory. Wiley Series in Telecommunications, 1991.
8. D. E. Denning and P. J. Denning. Certification of Programs for Secure Information Flow. Communications of the ACM, 20(7):504-513, 1977.
9. D. E. Denning. A Lattice Model of Secure Information Flow. Communications of the ACM, 19(5):236-243, 1976.
10. R. Feiertag. A Technique for Proving Specifications are Multilevel Secure. Technical Report CSL-109, Computer Science Laboratory, SRI International, 1980.
11. V Gligor. A Guide to Understanding Covert Channel Analysis of Trusted Systems. CSC-TG-030, Rainbow Series (Light Pink Book), 1993.
12. J. A. Goguen and J. Meseguer. Security Policies and Security Models. In Proceedings of the IEEE Symposium on Security and Privacy, pages 11-20, 1982.
13. J. W. Gray III. On Analyzing the Bus-Contention Channel Under Fuzzy Time. In Proceedings of the Computer Security Foundations Workshop, pages 3-9, 1993.
14. J. W. Gray III. On Introducing Noise into the Bus-Contention Channel. In Proceedings of the IEEE Symposium on Security and Privacy, pages 90-98, 1993.
15. J. T. Haigh, R. A. Kemmerer, J. McHugh, and W. D. Young. An Experience Using Two Covert Channel Analysis Techniques on a Real System Design. IEEE Transactions on Software Engineering, 13(2):157-168, 1987.
16. W.-M. Hu. Reducing Timing Channels with Fuzzy Time. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 8-20, 1991.
17. J. C. Huskamp. Covert Communication Channels in Timesharing Systems. Technical Report UCB-CS-78-02, University of California, Berkeley, 1978.
18. E. T. Jaynes. Information Theory and Statistical Mechanics. Physical Review, (106):620-630, 1957.
19. S. M. Kay. Fundamentals of Statistical Signal Processing, Volume I: Estimation Theory. Prentice Hall, 1993.
20. R. A. Kemmerer. Shared Resource Matrix Methodology: An Approach to Identifying Storage and Timing Channels. ACM Transactions on Computer Systems, 1(3):256-277, 1983.
21. R. A. Kemmerer. A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later. In 18th Annual Computer Security Applications Conference, pages 109-118, 2002.
22. M. H. Kang and I. S. Moskowitz. A Pump for Rapid, Reliable, Secure Communication. In ACM Conference on Computer and Communications Security, pages 119-129, 1993.
23. M. H. Kang, I. S. Moskowitz, and S. Chincheck. The Pump: A Decade of Covert Fun. In Proceedings of the 21st Annual Computer Security Applications Conference, pages 352-360, 2005.
24. P. A. Karger and J. C. Wray. Storage Channels in Disk Arm Optimization. In IEEE Symposium on Security and Privacy, pages 52-63, 1991.
25. P. A. Karger, M. E. Zurko, D. W. Bonin, A. H. Mason, and C. E. Kahn. A VMM Security Kernel for the VAX Architecture. In IEEE Symposium on Security and Privacy, pages 2-19, 1990.
26. B. W. Lampson. A Note on the Confinement Problem. Communications of the ACM, 16(10):613-615, 1973.
27. Seagate Technology LLC. Product Manual Barracuda 7200.7 Serial ATA, 2005.
28. D. McCullough. Covert Channels and Degrees of Insecurity. In Proceedings of the Computer Security Foundations Workshop, pages 1-33, 1988.
29. J. McHugh. Covert Channel Analysis: A Chapter of the Handbook for the Computer Security Certification of Trusted Systems. NRL Technical Memorandum 5540:080A, 1995.
30. I. S. Moskowitz, S. J. Greenwald, and M. H. Kang. An Analysis of the Timed Z-channel. In IEEE Symposium on Security and Privacy, pages 2-11, 1996.
31. J. K. Millen. Security Kernel Validation in Practice. Communications of the ACM, 19(5):243-250, 1976.
32. J. K. Milien. Covert Channel Capacity. In IEEE Symposium on Security and Privacy, pages 60-66, 1987.
33. J. K. Millen. Finite-State Noiseless Covert Channels. In Proceedings of the Computer Security Foundations Workshop, pages 81-86, 1989.
34. I. S. Moskowitz and A. R. Miller. The Channel Capacity of a Certain Noisy Timing Channel. IEEE Transactions on Information Theory, 38(4): 1339-1344, 1992.
35. I. S. Moskowitz and A. R. Miller. Simple Timing Channels. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 56-64, 1994.
36. I. S. Moskowitz. Quotient States and Probabilistic Channels. In Proceedings of the Computer Security Foundations Workshop, pages 74-83, 1990.
37. I. S. Moskowitz. Variable Noise Effects Upon a Simple Timing Channel. In IEEE Symposium on Security and Privacy, pages 362-372, 1991.
38. J. C. Mogul and K. K. Ramakrishnan. Eliminating Receive Livelock in an Interrupt-driven Kernel. In USENIX Annual Technical Conference, pages 99-112, 1996.
39. J. Regehr and U. Duongsaa. Preventing Interrupt Overload. In Proceedings of the ACM Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES), pages 50-58, 2005.
40. M. Schaefer, B. Gold, R. Linde, and J. Scheid. Program Confinement in KVM/370. In Proceedings of the ACM Annual Conference, pages 404-410, 1977.
41. C. Shannon. A Mathematical Theory of Communication. Bell System Technical Journal, 27:379-423 and 623-656, 1948.
42. A. Sabelfeld and A. C. Myers. Language-based Information-Flow Security. IEEE Journal on Selected Areas in Communication, 21(1):5-19, 2003.
43. J. H. Salim and R. Olsson. Beyond Softnet. In Proceedings of the 5th Annual Linux Showcase and Conference, pages 165-172. USENIX, 2001.
44. Department of Defense Trusted Computer System Evaluation Criteria (TCSEC), DOD 5200.28-STD, 1985.
45. C.-R. Tsai and V D. Gligor. A Bandwidth Computation Model for Covert Storage Channels and its Applications. In Proceedings of the IEEE Symposium on Security and Privacy, pages 108-121, 1988.
46. The MathWorks. xPC Target Realtime Kernel http://www.mathworks.com/ access/helpdesk/help/toolbox/xpc/ug/ f5-15620.html, April 12th 2007.
47. J. Trostle. Timing Attacks Against Trusted Path. In Proceedings of the IEEE Symposium on Security and Privacy, pages 125-135, 1998.
48. D. Volpano, G. Smith, and C. Irvine. A Sound Type System for Secure Flow Analysis. Journal of Computer Security, 4(3): 1-21, 1996.
49. J. C. Wray. An Analysis of Covert Timing Channels. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 2-7, 1991.