CSDL Home IEEE Transactions on Dependable and Secure Computing 2011 vol.8 Issue No.06 - November/December
Issue No.06 - November/December (2011 vol.8)
Steven Gianvecchio , College of William and Mary, Williamsburg
Haining Wang , College of William and Mary, Williamsburg
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2010.46
The detection of covert timing channels is of increasing interest in light of recent exploits of covert timing channels over the Internet. However, due to the high variation in legitimate network traffic, detecting covert timing channels is a challenging task. Existing detection schemes are ineffective at detecting most of the covert timing channels known to the security community. In this paper, we introduce a new entropy-based approach to detecting various covert timing channels. Our new approach is based on the observation that the creation of a covert timing channel has certain effects on the entropy of the original process, and hence, a change in the entropy of a process provides a critical clue for covert timing channel detection. Exploiting this observation, we investigate the use of entropy and conditional entropy in detecting covert timing channels. Our experimental results show that our entropy-based approach is sensitive to the current covert timing channels and is capable of detecting them in an accurate manner.
Network security, covert timing channels, entropy-based detection.
Steven Gianvecchio, Haining Wang, "An Entropy-Based Approach to Detecting Covert Timing Channels", IEEE Transactions on Dependable and Secure Computing, vol.8, no. 6, pp. 785-797, November/December 2011, doi:10.1109/TDSC.2010.46