Research on key problems of covert channel in cloud computing

Tongxin Xuebao/Journal on Communications

Volumn 32, Issue 9 A, 2011, Pages 184-203

  Wu, Jing Zheng ^a,b   Ding, Li Ping ^a   Wang, Yong Ji ^a  

^a INSTITUTE OF SOFTWARE   (China)

^b UNIVERSITY OF CHINESE ACADEMY OF SCIENCES   (China)

Author keywords

Cloud computing; Cloud security; Covert channel; Covert channel evaluation; Covert channel identification; Scenario construction; Virtual technology

Indexed keywords

COVERT CHANNELS; ENGINEERING PRACTICES; IDENTIFICATION AND EVALUATION; SECURITY CRITERION; THEORETICAL RESEARCH; VIRTUAL TECHNOLOGY;

INDUSTRIAL RESEARCH;

CLOUD COMPUTING;

EID: 81355163423     PISSN: 1000436X     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Review

References (102)

1. Group of Virtualization and Cloud Computing. Virtualization and Cloud Computing [M]. Beijing: Publishing House of Electronics Industry, 2009.
2. CHAN K, ZHENG W M. Cloud computing: system instances and current research [J]. Journal of Software, 2009, 20(5): 1337-1348.
3. NANCE K, BISHOP M, HAY B. Virtual machine introspection: observation or interference? [J]. IEEE Security and Privacy, 2008, 6(5): 32-37.
4. MELL P, GRANCE T. The Nist Definition of Cloud Computing [S]. National Institute of Standards and Technology, 2009,
5. BARHAM P, DRAGOVIC B, FRASER K, et al. Xen and the art of virtualization [A]. Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles [C]. Bolton Landing, NY, USA. 2003: 164-177.
6. SAILER R, JAEGER T, VALDEZ E, et al. Building a MAC-based security architecture for the Xen open-source hypervisor [A]. Proceedings of the Computer Security Applications Conference [C]. Washington, DC, USA. 2005. 276-285.
7. SAILER R, VALDEZ E, JAEGER T, et al. sHype: Secure Hypervisor Approach to Trusted Virtualized Systems [R]. IBM Research Report RC23511, 2005, 1-12.
8. PAYNE B D, SAILER R, CACERES R, et al. A layered approach to simplified access control in virtualized systems [J]. SIGOPS Oper Syst Rev, 2007, 41(4): 12-19.
9. AZAB A M, NING P, WANG Z, et al. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity [A]. Proceedings of the 17th ACM conference on Computer and communications security [C]. Chicago, Illinois, USA. 2010: 38-49.
10. WANG Y J, WU J Z, ZENG H T, et al. Covert channel research [J]. Journal of Software, 2010, 21(9): 2262-2288.
11. BUTLER W L. A note on the confinement problem [J]. Commun ACM, 1973, 16(10): 613-615.
12. WU J Z, WANG Y J, DING L P, et al. Improving performance of network covert timing channel through huffman coding [A]. The 2010 FTRA International Symposium on Advances in Cryptography, Security and Applications for Future Computing (ACSA 2010) [C]. Gwangju, Korea. Dec 9-11, 2010. 512-521.
13. WU J Z, WANG Y J, DING L P, et al. Constructing scenario of event-flag covert channel in secure operating system [A]. 2nd International Conference on Information and Multimedia Technology (ICIMT 2010) [C]. Hongkong. Dec 28-30, 2010: 371-375.
14. ZENG H T, WANG Y J, ZU W, et al. New definition of small message criterion and its application in transaction covert channel mitigating [J]. Journal of Software, 2009, 20(4): 985-996.
15. ZENG H T, WANG Y J, RUAN L, et al. Covert channel mitigation method for secure real-time database using capacity metric [J]. Journal on Communications, 2008, 29(8): 46-56.
16. ZANDER S, ARMITAGE G, BRANCH P. A survey of covert channels and countermeasures in computer network protocols [J]. Communications Surveys & Tutorials, IEEE, 2007, 9(3): 44-57.
17. RISTENPART T, TROMER E, SHACHAM H, et al. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds [A]. Proceedings of the 16th ACM conference on Computer and communications security [C]. Chicago, Illinois, USA, 2009. 199-212.
18. OKAMURA K, OYAMA Y. Load-based covert channels between Xen virtual machines [A]. Proceedings of the 2010 ACM Symposium on Applied Computing. Sierre [C]. Switzerland, 2010. 173-180.
19. WU J Z, DING L P, WANG Y J, et al. Identification and evaluation of sharing memory covert timing channel in xen virtual machines [A]. Proceedings of the Cloud Computing (CLOUD), 2011 IEEE International Conference on [C]. Washington, DC, USA, 2011. 283-291.
20. AVIRAM A, HU S, FORD B, et al. Determinating timing channels in compute clouds [A]. Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop [C]. Chicago, Illinois, USA, 2010. 103-108.
21. LI S, EPHREMIDES A. Covert channels in ad-hoc wireless networks [J]. Ad Hoc Netw, 2010, 8(2): 135-147.
22. QING S H, SHEN C X. Design of secure operating systems with high security levels [J]. Science in China Series E: Information Sciences, 2007, 37(2): 238-253.
23. QING S H. Covert channel analysis in secure operating systems with high security levels [J]. Journal of Software, 2004, 15(12): 1837-1849.
24. QING S H, SHEN C X. Design of secure operating systems with high security levels [J]. Science in China Series F: Information Sciences, 2007, 50(3): 399-418.
25. WU J Z, DING L P, WANG Y J, et al. A Practical covert channel identification approach in source code based on directed information flow graph [A]. Proceedings of the Secure Software Integration and Reliability Improvement (SSIRI), 2011 Fifth International Conference on [C]. Jeju Island, Korea. 2011. 98-107.
26. BISHOP S, OKHRAVI H, RAHIMI S, et al. Covert channel resistant information leakage protection using a multi-agent architecture [J]. Information Security, IET, 2010, 4(4): 233-247.
27. WANG Y, CHEN P, GE Y, et al. Traffic controller: a practical approach to block network covert timing channel [A]. Proceedings of the Availability, Reliability and Security, 2009 ARES'09 International Conference on [C]. 2009. 349-354.
28. SENGUPTA S, ANAND S, HONG K, et al. On adversarial games in dynamic spectrum access networking based covert timing channels? [J]. SIGMOBILE Mob Comput Commun Rev, 2009, 13(2): 96-107.
29. KELLY K. Out of Control [M]. Beijing: New Start Press, 2010.
30. BOSS G, MALLADI P, QUAN D, et al. Cloud computing [R]. IBM Whitepaper. 2007.
31. ARMBRUST M, FOX A, GRIFFITH R, et al. UCB/EECS-2009-28 [R]. EECS Department, University of California, Berkeley, 2009.
32. ARMBRUST M, FOX A, GRIFFITH R, et al. A view of cloud computing [J]. Commun ACM, 2010, 53(4): 50-58.
33. Amazon elastic compute cloud (Amazon EC2) [EB/OL]. http://aws.amazon.com/ec2/. 2009.
34. Google app engine [EB/OL]. http://code.google.com/appengine/. 2009.
35. Business CRM Solutions [EB/OL]. http://www.salesforce.com/crm/.
36. CHEN Y, PAXSON V, KATZ R H. UCB/EECS-2010-5 [R]: EECS Department, University of California, Berkeley, 2010.
37. VAQUERO L, RODERO-MERINO L, MOR N D. Locking the sky: a survey on IaaS cloud security [J]. Computing, 2011, 91(1): 93-118.
38. PAYNE B D, CARBONE M, SHARIF M, et al. Lares: an architecture for secure active monitoring using virtualization [A]. 2008 IEEE Symposium on Security and Privacy [C]. Oakland, CA, 2008. 233-247.
39. FENG D G, ZHANG M, ZHANG Y, et al. Study on cloud computing security [J]. Journal of Software, 2011, 22(1): 71-83.
40. ZHUGE J W, HAN X H, ZHOU Y L, et al. Research and development of botnets [J]. Journal of Software, 2008, 19(3): 702-715.
41. GRIER C, SHUO T, KING S T. Secure Web browsing with the OP Web browser [A]; 2008 IEEE Symposium on Security and Privacy [C]. Oakland, CA, 2008. 402-416.
42. CHEN S, WANG R, WANG X, et al.Side-channel leaks in web applications: a reality today, a challenge tomorrow [A]. 2010 IEEE Symposium on Security and Privacy [C]. 2010. 191-206.
43. WANG Z, JIANG X. HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity [A]. 2010 IEEE Symposium on Security and Privacy [C]. 2010. 380-395.
44. CENTER N C S. Trusted Computer System Evaluation Criteria [S]. 1985.
45. ISO/IEC. Common Criteria for Information Technology Security Evaluation [S]. ISO Online Catalogue, 2005.
46. GB17859-1999. Classified Oriteria for Security Protection of Computer Information System [S]. 2001.
47. GB/T20272-2006. Information Security Technology - Security Techniques Requirement for Operating System [S]. 2006.
48. KEMMERER R A. A practical approach to identifying storage and timing channels: twenty years later [A]. 18th Annual Computer Security Applications Conference [C]. LAS VEGAS, NV, 2002. 109-118.
49. KEMMERER R A, PORRAS P A. Covert flow trees: a visual approach to analyzing covert storage channels [J]. IEEE Transactions on Software Engineering. 1991, 17(11): 1166-1185.
50. KEMMERER R A. Shared resource matrix methodology: an approach to identifying storage and timing channels [J]. ACM Trans Comput Syst, 1983, 1(3): 256-277.
51. TSAI C-R, GLIGOR V D, CHANDERSEKARAN C S. A Formal Method for the Identification of Covert Storage Channels in Source Code [A]. 1987 IEEE Symposium on Security and Privacy [C]. Oakland, CA, 1987. 74-86.
52. DENNING D E. A lattice model of secure information flow [J]. Commun ACM, 1976, 19(5): 236-243.
53. QING S H, ZHU J F. Covet channel analysis on ANSHENG secure operating system [J]. Journal of Software, 2004, 15(09): 1385-1392.
54. GOGUEN J, MESEGUER J. Security policies and security models [A]. IEEE Symposium on Security and Privacy [C]. Oakland, CA, 1982. 11-20.
55. LATTNER C, ADVE V. LLVM: a compilation framework for lifelong program analysis & transformation [A]. 2004 International Symposium on Code Generation and Optimization [C]. San Jose, CA, 2004. 75-86.
56. ZENG H T. Research on Covert Channel Measurement and Handling in Secure Real-time Database [D]. BeiJing; Graduate School of the Chinese Academy of Sciences, 2008.
57. BELL D, LA PADULA L. Secure Computer Systems: Mathematical Foundations [R]. MITRE CORP, 1973.
58. SON S H, MUKKAMALA R, DAVID R. Integrating security and real-time requirements using covert channel capacity [J]. IEEE Transactions on Knowledge and Data Engineering. 2000, 12(6): 865-879.
59. KEEFE T F, TSAI W T, SRIVASTAVA J. Database concurrency control in multilevel secure database management systems [J]. IEEE Transactions on Knowledge and Data Engineering, 1993, 5(6): 1039-1055.
60. NEWMAN R C. Covert computer and network communications [A]. Proceedings of the 4th Annual Conference on Information Security Curriculum Development [A]. Kennesaw, Georgia. 2007. 1-8.
61. PETITCOLAS F A P, ANDERSON R J, KUHN M G. Information hiding-a survey [J]. Proceedings of the IEEE, Special Issue on Protection of Multimedia Content. 1999. 1062-1078.
62. HANDEL T, SANDFORD M. Hiding data in the OSI network model [M]. Information Hiding, 1996. 23-38.
63. AHSAN K, KUNDUR D. Practical data hiding in TCP/IP [A]. Proceedings of ACM Workshop on Multimedia Security [C]. College Station, Texas, 2002. 1-8.
64. CABUK S, BRODLEY C E, SHIELDS C. IP covert channel detection [J]. ACM Trans Inf Syst Secur, 2009, 12(4): 1-29.
65. CABUK S, BRODLEY C E, SHIELDS C. IP covert timing channels: design and detection [A]. Proceedings of the 11th ACM conference on Computer and communications security [C]. Washington DC, USA. 2004. 178-87.
66. AMIRUZZAMAN M, PEYRAVI H, ABDULLAH-AL-WADUD M, et al. Concurrent covert communication channels [A]. AST/UCMA/ISA/ACN'10 Proceedings of the 2010 International Conference on Advances in Computer Science and Information Technology [C]. 2010. 203-213.
67. BERK V, GIANI A, CYBENKO G, et al. Detection of Covert Channel Encoding in Network Packet Delays [R]. Department of Computer Science, Dartmouth College, Technical Report TR2005536, 2005
68. GIANVECCHIO S, WANG H. Detecting covert timing channels: an entropy-based approach [A]. Proceedings of the 14th ACM Conference on Computer and Communications Security [C]. Alexandria, Virginia, USA. 2007: 307-316.
69. YAO L, ZI X, PAN L, et al. A study of on/off timing channel based on packet delay distribution [J]. Computers & Security, 2009, 28(8): 785-794.
70. LUO X P, CHAN E W W, CHANG R K C. TCP covert timing channels: design and detection [A]. International Conference on Dependable Systems & Networks [C]. Alaska, USA, 2008. 420-429.
71. GIRLING C G. Covert Channels in LAN's [J]. IEEE Transactions on Software Engineering. 1987, SE-13(2): 292-296.
72. ROWLAND C. Covert channels in the TCP/IP protocol suite, First Monday [EB/OL]. http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/ fm/article/viewArticle/528/449, 1997-5-5.
73. ZI X, YAO L, PAN L, et al. Implementing a passive network covert timing channel [J]. Computers & Security, 2010, 29(6): 686-696.
74. SELLKE S H, CHIH-CHUN W, BAGCHI S, et al. TCP/IP timing channels: theory to implementation [A]. 2009 INFOCOM [C]. Brizal, 2009. 2204-2212.
75. LIU Y, GHOSAL D, ARMKNECHT F, et al. Hide and seek in time-robust covert timing channels [A]. ESORICS 2009 [C]. LNCS 5789. 2009. 120-135.
76. MARTIN K, MOSKOWITZ I. Noisy timing channels with binary inputs and outputs [J]. IH 2006, LNCS 4437 [C]. 2007. 124-144.
77. HUFFMAN D. A method for the construction of minimum-redundancy codes [J]. Resonance, 2006, 11(2): 91-99.
78. CHISNALL D. The Definitive Guide to the Xen Hypervisor [M]. Prentice Hall Press, 2007.
79. SHI L, ZOU D Q, JIN H. Xen Virtualization Technology [M]. Wuhan: Huazhong University of Science & Technology Press, 2009.
80. MATTHEWS J N, DOW E M, DESHANE T, et al. Running Xen: A Hands-On Guide to the Art of Virtualization [M]. Prentice Hall PTR, 2008.
81. SON J, ALVES-FOSS J. A formal framework for real-time information flow analysis [J]. Computers & Security, 2009, 28(6): 421-432.
82. LANOTTE R, MAGGIOLO-SCHETTINI A, TROINA A. Time and probability-based information flow analysis [J]. IEEE Transactions on Software Engineering. 2010, 36(5): 719-734.
83. GILES J, HAJEK B. An information-theoretic and game-theoretic study of timing channels [J]. IEEE Transactions on information Theory, 2002, 48(9): 2455-2477.
84. NAGATOU N, WATANABE T. Run-time detection of covert channels [A]. The First International Conference on Availability, Reliability and Security [C]. Austria, 2006. 577-584.
85. HAMADOU S, SASSONE V, PALAMIDESSI C. Reconciling belief and vulnerability in information flow [A]. 2010 IEEE Symposium on Security and Privacy [C]. Oakland, CA, 2010. 79-92.
86. MILLEN J K. Finite-state noiseless covert channels [A]. Proceedings of the Computer Security Foundations Workshop II [C]. Franconia, USA, 1989. 81-86.
87. TSAI C-R, GLIGOR V D. A bandwidth computation model for covert storage channels and its applications [A]. IEEE Symposium on Security and Privacy [C]. Oakland, CA, 1988. 108-121.
88. AHMED Q N, VRBSKY S V. Maintaining security and timeliness in real-time database system [J]. Journal of Systems and Software, 2002, 61(1): 15-29.
89. MOSKOWITZ I S, KANG M H. Covert channels - here to stay? [A]. COMPASS'94 [C]. 1994. 235-243.
90. MANIFESTO O C. Open cloud manifesto [EB/OL]. www.opencloudmanifesto.org. 2009.
91. LIU Q, WENG C, LI M, et al. An In-VM Measuring Framework for Increasing Virtual Machine Security in Clouds [J]. IEEE Security and Privacy, 2010, 8(6): 56-62.
92. GARFINKEL T, PFAFF B, CHOW J, et al. Terra: a virtual machine-based platform for trusted computing [J]. SIGOPS Oper Syst Rev, 2003, 37(5): 193-206.
93. AZAB A M, NING P, SEZER E C, et al. HIMA: a hypervisor-based integrity measurement agent [A]. Proceedings of the 2009 Annual Computer Security Applications Conference [C]. Hawaii, USA, 2009. 461-470.
94. SESHADRI A, LUK M, QU N, et al. SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes [J]. SIGOPS Oper Syst Rev, 2007, 41(6): 335-350.
95. KIL C, SEZER E C, AZAB A M, et al. Remote attestation to dynamic system properties: Towards providing complete system integrity evidence [A]. DSN 2009 [C]. Lisbon, Portugal, 2009. 115-124.
96. LITTY L, ANDRES H, LIE D. Hypervisor support for identifying covertly executing binaries [A]. USENIX Security Symposium [C]. San Jose, CA, 2008. 243-258.
97. REZAEI M, MOOSAVI N S, NEMATI H, et al. TCvisor: a hypervisor level secure storage [A]. Proceedings of the Internet Technology and Secured Transactions (ICITST), 2010 International Conference for [C]. London, 2010. 1-9.
98. KLEIN G, ANDRONICK J, ELPHINSTONE K, et al. seL4: formal verification of an operating-system kernel [J]. Commun ACM, 2010, 53(6): 107-15.
99. MCDERMOTT J, FREITAS L. Using formal methods for security in the Xenon project [A]. Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research [C]. Oak Ridge, Tennessee, 2010. 1-4.
100. MCDERMOTT J, FREITAS L. A formal security policy for xenon [A]. Proceedings of the 6th ACM workshop on Formal methods in security engineering. Alexandria, Virginia [C]. USA, 2008. 43-52.
101. JOHN M, JAMES K, MYONG K, et al. ADA471608 [R], 2007.
102. GARFINKEL T, ROSENBLUM M. A virtual machine introspection based architecture for intrusion detection [A]. Proceedings of Network and Distributed Systems Security Symposium [C]. San Diego, CA, 2003. 253-285.