Paper Info
Title
On the Identification of Covert Storage Channels in Secure Systems
Abstract
A practical method for the identification of covert storage channels is presented and its application to the source code of the Secure Xenix kernel is illustrated. The method is based on the identification of all visible/alterable kernel variables by using information-flow analysis of language code. The method also requires that, after the sharing relationships among the kernel primitives and the visible/alterable variables are determined, the nondiscretionary access rules implemented by each primitive be applied to identify the potential storage channels. The method can be generalized to other implementation languages, and has the following advantages: it helps discover all potential storage channels is kernel code, thereby helping determine whether the nondiscretionary access rules are implemented correctly; it helps avoid discovery of false flow violations and their unnecessary analysis; and it helps identify the kernel locations where audit code and time-delay variables need to be placed for covert-channel handling.
Year
DOI
Venue
1990
10.1109/32.55086
IEEE Trans. Software Eng.
Keywords
Field
DocType
operating systems (computers),security of data,software engineering,Secure Xenix kernel,audit code,covert storage channels,covert-channel handling,false flow violations,identification,implementation languages,information-flow analysis,kernel locations,language code,nondiscretionary access rules,secure systems,sharing relationships,source code,time-delay variables,visible/alterable kernel variables
Kernel (linear algebra),Information flow (information theory),Language code,Source code,Computer science,Covert,Communication channel,Theoretical computer science
Journal
Volume
Issue
ISSN
16
6
0098-5589
Citations 
PageRank 
References 
32
2.54
18
Authors
3
Name
Order
Citations
PageRank
Chii-Ren Tsai1748.77
Virgil D. Gligor24133513.94
C. S. Shandersekaran3322.54