Download Covert channel

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
Document related concepts

Zero-configuration networking wikipedia , lookup

RapidIO wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Airborne Networking wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Wireless security wikipedia , lookup

Network tap wikipedia , lookup

Hacker wikipedia , lookup

IEEE 1355 wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Design of the multi-level security network switch
system which restricts covert channel
Conference: Communication Software and
Networks (ICCSN), 2011 IEEE 3rd International
Conference on
Authors: Xiong Liu, Haiwei Xue, Xiaoping Feng,
Yiqi Dai, Department of Computer Science and
Technology, Tsinghua University, Beijing 10084,
China
1
Covert channel
• In computer security, a covert channel
is a type of computer security attack
that creates a capability to transfer
information objects between processes
that are not supposed to be allowed to
communicate by the computer security
policy.
2
Multi-level Security Local Area
Network system (MSL)
• The low level host can send data packet to
high level host, but high level host cannot
send data packet to low level host.
• TCP/IP SYN/ACK packet cannot be sent back
in the above mechanism. So it must allow
the sending of SYN/ACK.
• The SYN/ACK may become a loophole for
the covert channel.
Low level
3
High level host
System architecture
• Monitor in each hosts
• Controller
• Filter
4
System architecture- Monitor
• The system can monitor the hosts’ actions to
specify the hosts’ security level by the
monitors.
• The user must install the monitor in their
computer.
• Monitor communicate to the controller.
5
System architecture- controller
• Functions:
– Host registering: Make sure that all the hosts and
switches connected to the network are
authorized.
– Flow computing: Compute the packet’s flow
path based on the network’s topological
structure. It can make sure all of the data flow
paths are compatible with the system’s security
policy Level: 2
Level: 3
6
System architecture- controller
(cont.d)
– Flow updating: When the flow path has been
computed, the Controller updates the flow tables
of switches which locate on the path to set up it.
7
System architecture- filter
• Content check module
– Level 1: Check the data field and flags
field.
– Level 2: Check the unused fields and
optional field.
– Level 3: Check the sequence number and
acknowledgement number.
– Level 4: Check the covert channel which
uses packet retransmission or packet loss
to send information.
8
Experiment
9
Conclusion
• This paper proposed a design of multilevel security network switch system
which can restrict covert channel.
• The design can guarantee the
availability and security of the
information exchange among hosts in
multi-level security network system.
The experiment showed that the
design is available.
10
Reference
• http://en.wikipedia.org/wiki/Covert_cha
nnel
• [L-BLP security model in local area
network],http://www.ejournal.org.cn/C
N/abstract/abstract44.shtml
11
Related documents
Summer Packet EnteringGrade7
Summer Packet EnteringGrade7
Networks
Networks
Home Energy Management
Home Energy Management
Covert Channels
Covert Channels
H37-R38 - Uplift Mighty Prep
H37-R38 - Uplift Mighty Prep
Modern Geometry Review Packet
Modern Geometry Review Packet
2 - UTRGV Faculty Web
2 - UTRGV Faculty Web
L18
L18
Multi-Level Marketing
Multi-Level Marketing
ns - Pattern
ns - Pattern
COP 4930 Computer Network Projects
COP 4930 Computer Network Projects
Chapter 03
Chapter 03
covert channel - Information Security Group
covert channel - Information Security Group
Covert Communication in VANETS using Internet Protocol Header Bit
Covert Communication in VANETS using Internet Protocol Header Bit
- aes journals
- aes journals
Glavlit: Preventing Exfiltration at Wire Speed
Glavlit: Preventing Exfiltration at Wire Speed
Access Control
Access Control
Inferring Covert Events in Logical Metonymies: a
Inferring Covert Events in Logical Metonymies: a
Scenarios and Covert channels: another game... - Gray
Scenarios and Covert channels: another game... - Gray
The Impact of Covert Action on International Law
The Impact of Covert Action on International Law
ffic Management in HONE: Joint Host-Network Tra Software-Defined Networks
ffic Management in HONE: Joint Host-Network Tra Software-Defined Networks
HONE: Joint Host-Network Traffic Management in Software-Defined Networks
HONE: Joint Host-Network Traffic Management in Software-Defined Networks