Sciweavers

CCS
2004
ACM

IP covert timing channels: design and detection

14 years 5 months ago
IP covert timing channels: design and detection
A network covert channel is a mechanism that can be used to leak information across a network in violation of a security policy and in a manner that can be difficult to detect. In this paper, we describe our implementation of a covert network timing channel, discuss the subtle issues that arose in its design, and present performance data for the channel. We then use our implementation as the basis for our experiments in its detection. We show that the regularity of a timing channel can be used to differentiate it from other traffic and present two methods of doing so and measures of their efficiency. We also investigate mechanisms that attackers might use to disrupt the regularity of the timing channel, and demonstrate methods of detection that are effective against them. Categories and Subject Descriptors C.2.0 [Computer-Communication Networks]: General—Security and Protection; D.4.6 [Security and Protection]: [Information flow controls]; K.6.5 [Security and Protection ]: [Unauth...
Serdar Cabuk, Carla E. Brodley, Clay Shields
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where CCS
Authors Serdar Cabuk, Carla E. Brodley, Clay Shields
Comments (0)