INFORMATION HIDING -- AN ANNOTATED BIBLIOGRAPHY (7/10)

032810 `Simple Timing Channels'

  • IS Moskowitz, AR Miller, Oakland 94 pp 56 -- 64
  • Shannon's definition of channel capacity as:
    [formula gif] (where the [formula gif] are sequences)
    should actually be:
    [formula gif], as the ordinary limit does not exist in many cases of practical interest, especially in the analysis of timing channels in multilevel secure systems. A new proof of the capacity bound is given based on the use of z-transforms; this reduces capacity bounds to radii of convergence, and can be used to determine the capacity of a number of complex timing channels. These typically turn out to be the roots of a real trinomial of the form:
    [formula gif],
    which can be found in closed form using special functions.

    031218 `A Pump for Rapid, Reliable, Secure Communications'

  • MH Kang, IS Moskowitz, Fairfax 93 pp 118 -- 129
  • Existing techniques for dealing with covert channels in multilevel systems include blind write-ups and periodic read-downs. The authors propose instead a data pump with both low and high buyers, and discuss its capacity; this can be improved by judicious use of randomisation, and in practice there should be no performance penalty in benign situations.

    021229 `The Channel Capacity of a Certain Noisy Timing Channel'

  • IS Moskovitz, AR Miller, IEEE Trans. on Information Theory v IT-38 no 4 (1992) pp 1339 -- 43
  • A covert timing channel may suer noise generated by time sharing delays as other users compete for resources. Two strategies for communicating in the presence of this noise are analysed and the resulting channel capacity is determined.

    021420 `A Classical Automata Approach to Noninterference Type Problems'

  • IS Moskowitz, OL Costich, Proc Franconia 92 pp pp 2 -- 8
  • The authors are concerned with covert channels in a computer system that supports concurrent processes of differing security levels or clearances. They assert that a 'Secure Nondeterministic Automaton' is useful for identifying unauthorised probabilistic channels.

    023217 'Modelling a Fuzzy Time System'

  • JT Trostle, Proc Oakland 93 pp 82 -- 89
  • The fuzzy time technique used by DEC in the VAX security kernel randomises the period between clock ticks in order to minimise the capacity of the bus-contention covert channel. However, a scheduling channel is constructed which bypasses this countermeasure; a model is developed which can be extended to multiple hosts; and finally more secure scheduling algorithms are discussed.

    042183 'Performance Analysis of a Method for High Level Prevention of Traffic Analysis Using Measurements from a Campus Network'

  • BR Venkataraman, RE Newman-Wolfe, Computer Security Applications 94 pp 288 -- 297
  • The authors investigated the cost of rerouting and padding the University of Florida's network traffic to provide resistance to traffic analysis. They considered the leakage through a covert channel where a '1' was signified by the presence of traffic on the link from node i to node j. Making the traffic spatially neutral thus corresponds to blocking traffic analysis; thus traffic was rerouted and padded to put the same amount of traffic on each link. Doing this perfectly is a hard linear programming problem, so a number of heuristic solutions were tried and measured.

    'Capacity Estimation and Auditability of Network Covert Channels'

  • BR Venkatraman, RE Newman-Wolfe, Oakland 95 pp 186 -- 198
  • The authors continue their research into how the type amount and timeliness of data traffic on a network can be used to send covert information. They discuss their work in light of Browne's ideas of mode security. An audit threshold is analyzed with respect to the maximal damage due to the above types of covert channels. Further details can be found in the first author's dissertation.