Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels

R.A. Kemmerer; P.A. Porras

doi:10.1109/32.106972

Publication
1991
Issue No. 11 - November
Abstract - Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by R.A. Kemmerer Articles by P.A. Porras

Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels

November 1991 (vol. 17 no. 11)

pp. 1166-1185

	ASCII Text	x
	R.A. Kemmerer, P.A. Porras, "Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels," IEEE Transactions on Software Engineering, vol. 17, no. 11, pp. 1166-1185, November, 1991.

	BibTex	x
	@article{ 10.1109/32.106972, author = {R.A. Kemmerer and P.A. Porras}, title = {Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels}, journal ={IEEE Transactions on Software Engineering}, volume = {17}, number = {11}, issn = {0098-5589}, year = {1991}, pages = {1166-1185}, doi = {http://doi.ieeecomputersociety.org/10.1109/32.106972}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Software Engineering TI - Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels IS - 11 SN - 0098-5589 SP1166 EP1185 EPD - 1166-1185 A1 - R.A. Kemmerer, A1 - P.A. Porras, PY - 1991 KW - covert storage channels; tree structure; covert flow tree; attributes; listening process; resource attribute; covert channel operation sequences; security of data; trees (mathematics) VL - 17 JA - IEEE Transactions on Software Engineering ER -

R.A. Kemmerer

P.A. Porras

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/32.106972

The authors introduce a technique for detecting covert storage channels using a tree structure called a covert flow tree (CFT). CFTs are used to perform systematic searches for operation sequences that allow information to be relayed through attributes and eventually detected by a listening process. When traversed, the paths of a CFT yield a comprehensive list of operation sequences which support communication via a particular resource attribute. These operation sequences are then analyzed and either discharged as benign or determined to be covert communication channels. Algorithms for automating the construction of CFTs and potential covert channel operation sequences are presented. To illustrate this technique, two example systems are analyzed and their results compared to two currently accepted analysis techniques performed on identical systems. This comparison shows that the CFT approach not only identified all covert storage channels found by the other analysis techniques, but discovered a channel not detected by the other techniques.

[1] D. E. Bell and L. J. LaPadula, "Secure computer system: unified exposition and multics interpretation," Mitre Corp., Bedford, MA, Tech. Rep. ESD-TR-75-306, 1975.
[2] D. E. Denning, "A lattice model of secure information flow,"Commun. ACM, vol. 19, no. 5, pp. 236-242, 1976.
[3] J. Goguen and J. Meseguer, "Security policies and security models," inProc. 1982 Symp. on Security and Privacy(Oakland, CA). New York: IEEE, 1982, pp. 11-20.
[4] T. J. Haigh, R. A. Kemmerer, J. McHugh, and W. D. Young, "An experience using two covert channel analysis techniques on a real system design,"IEEE Trans. Software Eng., vol. SE-13, Feb. 1987.
[5] W.-M. Hu, "Reducing timing channels with fuzzy time," inProc. 1991 IEEE Comput. Soc. Symp. on Res. in Security and Privacy(Oakland, CA), 20-22 May 1991, pp. 8-20.
[6] P. A. Karger and J. C. Wray, "Storage channels in disk arm optimization," inProc. 1991 IEEE Comput. Soc. Symp. on Res. in Security and Privacy(Oakland, CA), 20-22 May 1991, pp. 52-61.
[7] R. A. Kemmerer, "Shared resource matrix methodology: An approach to identifying storage and timing channels,"ACM Trans. Comput. Syst., vol. 1, no. 3, pp. 256-277, Aug. 1983.
[8] B. W. Lampson, "A note on the confinement problem,"Commun. ACM, vol. 16, pp. 613-615, Oct. 1973.
[9] S. B. Lipner, "A comment on the confinement problem,"Operating Syst. Rev., vol. 9, pp. 192-196, Nov. 1975 (presented at the 5th Symp. Operating Syst. Principles, Univ. Texas, Austin, 19-21 Nov. 1975).
[10] J. K. Millen, "Security kernel validation in practice,"Commun. ACM, vol. 19, no. 5, May 1976.
[11] "Minutes of the 1st workshop on covert channel analysis,"IEEE Cipher, Los Angeles, CA, July 1990.
[12] P. A. Porras and R. A. Kemmerer, "Covert flow tree analysis approach to covert storage channel identification," Comput. Sci. Dept., Univ. California, Santa Barbara, Tech. Rep. No. TRCS 90-26, Dec. 1990.
[13] M. Schaefer, B. Gold, R. Linde, and J. Scheid, "Program confinement in KVM/370," inProc. 1977 ACM Ann. Conf.(Seattle, WA), Oct. 1977.

Index Terms:

covert storage channels; tree structure; covert flow tree; attributes; listening process; resource attribute; covert channel operation sequences; security of data; trees (mathematics)

Citation:

R.A. Kemmerer, P.A. Porras, "Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels," IEEE Transactions on Software Engineering, vol. 17, no. 11, pp. 1166-1185, Nov. 1991, doi:10.1109/32.106972

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.