This Article 
 Bibliographic References 
 Add to: 
Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels
November 1991 (vol. 17 no. 11)
pp. 1166-1185

The authors introduce a technique for detecting covert storage channels using a tree structure called a covert flow tree (CFT). CFTs are used to perform systematic searches for operation sequences that allow information to be relayed through attributes and eventually detected by a listening process. When traversed, the paths of a CFT yield a comprehensive list of operation sequences which support communication via a particular resource attribute. These operation sequences are then analyzed and either discharged as benign or determined to be covert communication channels. Algorithms for automating the construction of CFTs and potential covert channel operation sequences are presented. To illustrate this technique, two example systems are analyzed and their results compared to two currently accepted analysis techniques performed on identical systems. This comparison shows that the CFT approach not only identified all covert storage channels found by the other analysis techniques, but discovered a channel not detected by the other techniques.

[1] D. E. Bell and L. J. LaPadula, "Secure computer system: unified exposition and multics interpretation," Mitre Corp., Bedford, MA, Tech. Rep. ESD-TR-75-306, 1975.
[2] D. E. Denning, "A lattice model of secure information flow,"Commun. ACM, vol. 19, no. 5, pp. 236-242, 1976.
[3] J. Goguen and J. Meseguer, "Security policies and security models," inProc. 1982 Symp. on Security and Privacy(Oakland, CA). New York: IEEE, 1982, pp. 11-20.
[4] T. J. Haigh, R. A. Kemmerer, J. McHugh, and W. D. Young, "An experience using two covert channel analysis techniques on a real system design,"IEEE Trans. Software Eng., vol. SE-13, Feb. 1987.
[5] W.-M. Hu, "Reducing timing channels with fuzzy time," inProc. 1991 IEEE Comput. Soc. Symp. on Res. in Security and Privacy(Oakland, CA), 20-22 May 1991, pp. 8-20.
[6] P. A. Karger and J. C. Wray, "Storage channels in disk arm optimization," inProc. 1991 IEEE Comput. Soc. Symp. on Res. in Security and Privacy(Oakland, CA), 20-22 May 1991, pp. 52-61.
[7] R. A. Kemmerer, "Shared resource matrix methodology: An approach to identifying storage and timing channels,"ACM Trans. Comput. Syst., vol. 1, no. 3, pp. 256-277, Aug. 1983.
[8] B. W. Lampson, "A note on the confinement problem,"Commun. ACM, vol. 16, pp. 613-615, Oct. 1973.
[9] S. B. Lipner, "A comment on the confinement problem,"Operating Syst. Rev., vol. 9, pp. 192-196, Nov. 1975 (presented at the 5th Symp. Operating Syst. Principles, Univ. Texas, Austin, 19-21 Nov. 1975).
[10] J. K. Millen, "Security kernel validation in practice,"Commun. ACM, vol. 19, no. 5, May 1976.
[11] "Minutes of the 1st workshop on covert channel analysis,"IEEE Cipher, Los Angeles, CA, July 1990.
[12] P. A. Porras and R. A. Kemmerer, "Covert flow tree analysis approach to covert storage channel identification," Comput. Sci. Dept., Univ. California, Santa Barbara, Tech. Rep. No. TRCS 90-26, Dec. 1990.
[13] M. Schaefer, B. Gold, R. Linde, and J. Scheid, "Program confinement in KVM/370," inProc. 1977 ACM Ann. Conf.(Seattle, WA), Oct. 1977.

Index Terms:
covert storage channels; tree structure; covert flow tree; attributes; listening process; resource attribute; covert channel operation sequences; security of data; trees (mathematics)
R.A. Kemmerer, P.A. Porras, "Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels," IEEE Transactions on Software Engineering, vol. 17, no. 11, pp. 1166-1185, Nov. 1991, doi:10.1109/32.106972
Usage of this product signifies your acceptance of the Terms of Use.