A practical approach to identifying storage and timing channels: twenty years later

@article{Kemmerer2002APA,
  title={A practical approach to identifying storage and timing channels: twenty years later},
  author={Richard A. Kemmerer},
  journal={18th Annual Computer Security Applications Conference, 2002. Proceedings.},
  year={2002},
  pages={109-118},
  url={https://api.semanticscholar.org/CorpusID:34557623}
}
  • R. Kemmerer
  • Published in 18th Annual Computer Security… 9 December 2002
  • Computer Science
  • 18th Annual Computer Security Applications Conference, 2002. Proceedings.
A methodology for discovering storage and timing channels that can be used through all phases of the software life cycle to increase confidence that all channels have been identified is presented.
View on IEEE
acsac.org
74 Citations
Highly Influential Citations
3
Background Citations
33
Methods Citations
18

Tables from this paper

74 Citations

Covert Channels: Analysis and Recommendations

    R. Poore
    Computer Science
    Encyclopedia of Information Assurance
  • 2011
A covert channel exists when two (or more) processes operating at different levels of sensitivity share a resource, whereby the less-sensitive process cannot read the information written to it by the more highly sensitive process, but can measure the effect on its own performance of the resource’s use by the much more sensitive process.

Analysis and Detection of Cache-Based Exploits

This thesis develops a classification of existing attacks by exploring their feasibility depending on the execution environment context, and constructs an information leakage model which includes the CPU scheduling effect on the core-private cache exploitability.

Information Flow Security for Asynchronous, Distributed, and Mobile Applications. (Sécurité par contrôle de flux d'applications asynchrones, distribuées et mobiles)

A security solution to regulate information flows, specifically through an access and flow control mechanism, targeted to distributed applications using active objects with asynchronous communications, that includes a security policy and the mechanism that will enforce the rules present in such policies.

A Practical Covert Channel Identification Approach in Source Code Based on Directed Information Flow Graph

A modularized analysis scheme is proved and reduces the workloads of identifying, a directed information flow graph algorithm is presented and used to model the covert channels, and more than 30 covert channels have been identified in Linux kernel source code using this scheme.

Leakage in Trustworthy Systems

This dissertation presents a survey of the theoretical and practical techniques necessary to provably eliminate side-channel leakage through known mechanisms in component-based secure systems, and proves that a correspondence exists between standard vulnerability bounds, in a channel-centric view, and the refinement lattice on programs in pGCL.

A Survey of Timing Channels and Countermeasures

This survey considers all three canonical applications of timing channels, namely, covert communication, timing side channel, and network flow watermarking and surveys the theoretical foundations, the implementation, and the various detection and prevention techniques that have been reported in literature.

0 A Survey of Timing Channels and Countermeasures

This survey builds upon the last comprehensive survey by Zander et al. 2007 and considers all the three canonical applications of timing channels namely, covert communication, timing side-channel, and network flow watermarking.

Automatic identification of covert channels inside Linux kernel based on source codes

A prototype is designed and implemented to identify covert channels inside Linux kernel based on source codes by the way of integrating above methods together and it is verified about the validity of the prototype and the related method.

Keyboards and Covert Channels

The experiments suggest that simple Keyboard JitterBugs can be a practical technique for capturing and exfiltrating typed secrets under conventional OSes and interactive network applications, even when the receiver is many hops away on the Internet.

Silence Speaks Volumes: A New Paradigm for Covert Communication via History Timing Patterns

A novel method for establishing and maintaining covert communication links using relative pointers to network timing patterns, which minimizes the reliance of the HCC on centralized timekeeping and reduces the likelihood of being detected by standard network monitoring tools.
...

18 References

Shared resource matrix methodology

A methodology for discovering storage and timing channels that can be used through all phases of the software life cycle to increase confidence that all channels have been identified is presented.

Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels

The authors introduce a technique for detecting covert storage channels using a tree structure called a covert flow tree (CFT). CFTs are used to perform systematic searches for operation sequences

A modular covert channel analysis methodology for trusted DG/UX/sup TM/

In order to make the covert channel analysis task for the Trusted DG/UX kernel more manageable and, in particular, to deal with the Ratings Maintenance Program (RAMP), a modular approach that takes advantage of the subsystem architecture is used.

Program confinement in KVM/370

The techniques used in KVM/370 to confine programs (to prevent data leakage) so that the security of the system is preserved are discussed.

An Experience Using Two Covert Channel Analysis Techniques on a Real System Design

This paper examines the application of two covert channel analysis techniques to a high level design for a real system, the Honeywell Secure Ada® Target (SAT) and the nature of the covert channels discovered.

Handbook for the Computer Security Certification of Trusted Systems

This guideline is a definitive statement of what constitutes good penetration testing, where it fits in the DoD Standard Software Engineering and TCSEC life cycles, and how it is done according to the best available practice, the Flaw Hypothesis Methodology (PHM).

A Technique for Proving Specifications are Multilevel Secure

A technique for verifying that a design for an operating system or subsystem expressed in terms of a formal specification is consistent with a particular model of multilevel security, which gives assurance that the given design is multileVEL secure by this particular model.

DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA

This publication is effective immediately and is mandatory for use by all DoD Components in carrying out ADP system technical security evaluation activities applicable to the processing and storage of classified and other sensitive DoD information and applications as set forth herein.

A Practical Executive for Secure Communications

The Secure HUB Executive, e verified secure operating system oriented toward supporting communications and other real-time applications, has been developed and is portable to a wide range of mini- and microcomputers.

Security Kernel validation in practice

The technique used to carry out the first step of the proof of the correctness of a security kernel on a PDP-11/45 is described: validating a formal specification of the program with respect to axioms for a secure system.