About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Detection of covert channels
Last Updated: 2023-03-24
Detection of covert channels is largely a matter of careful analysis and design. There are few specific guidelines for the detection of covert channels.
The term module refers to the unit of TCB code that detects or limits covert channel use, whether in the kernel or in a process. Detecting covert channels is primarily a matter of determining whether an untrusted process (the sender) at a level A can use a module to perform an action that is detectable by another process (the receiver) at level B, when level B does not dominate level A.
For example, a common covert channel is data that is written to a file by a trusted process on behalf of an untrusted user when the MAC label of the file does not dominate the MAC label of the user.
Relatively few methodologies for detecting covert channels have
been proposed. The most prominent is the Shared Resource Matrix (SRM).
Refer to the following for a description of this technique:
- • Kemmerer, R.A. "Shared Resource Matrix Methodology: An Approach to Identifying Storage and Timing Channels," ACM Transactions on Computing Systems 1(3) 1983, 256-277.
- • Tsai, CR. "A Formal Method for the Identification of Covert Storage Channels in Source Code," Proceedings of the 1987 IEEE Symposium on Security and Privacy, 74-87.