A study of covert channels in a trusted UNIX system

Download
Author
DeJong, Ronald Johannes
Date
1995-03Advisor
Irvine, Cynthia E.
Shimeall, Timothy J.
Metadata
Show full item recordAbstract
Analysis and identification of potential channels for illicit information flow is not required for Class Bi trusted systems such as the Sun Microsystems Trusted Solaris 1.1 trusted computing base. When used in a multilevel context such channels would present a risk to data security. The problem addressed by this thesis is the identification of covert channels in Trusted Solaris and the determination if their exploitation can be detected using mechanisms provided to the security administrator. The approach taken to address this problem was to identify covert storage channels in the form of observable effects and exceptions of sharing internal databases by subjects at differing access classes. Software was developed to exploit the identified covert channels using a method requiring detailed specifications prior to the creation of code. Audit trails were obtained to evaluate the efficacy of audit in detecting active covert channel exploitation.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
An application of Alloy to static analysis for secure information flow and verification of software systems
Shaffer, Alan B. (Monterey, California. Naval Postgraduate School, 2008., 2008-12);Within a multilevel secure (MLS) system, flaws in design and implementation can result in overt and covert channels, both of which may be exploited by malicious software to cause unauthorized information flows. To address ... -
A Security Domain Model to Assess Software for Exploitable Covert Channels
Auguston, Mikhail; Levin, Timothy; Shaffer, Alan; Irvine, Cynthia E. (Association for Computing Machinery (ACM), 2005-06-30);Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. ... -
A security domain model for implementing trusted subject behaviors
Shaffer, Alan B.; Irvine, Cynthia E.; Levin, Timothy E.; Auguston, Mikhail (Monterey, California. Naval Postgraduate School, 2008-09-19); NPS-CS-08-015Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. ...