Detecting covert channels to prevent enterprise data. In computer security, a covert channel is a type of attack that creates a capability to transfer. The tcsec, also known as the orange book, 4 requires analysis of covert storage channels to be classified as a b2 system and analysis of covert timing channels is a requirement for class b3. System architecture system integrity covert channel analysis trusted facility management trusted recovery the life cycle assurance requirements specified in the orange book are as follows. Orange book classes unofficial view c1 c2c1, c2 simple enhancement of existing systemssimple enhancement of existing systems. At what orange book evaluation levels are design specification and verification first required. An example of a timing channel is the starttime of a process. A covert channel is any communication channel that can be ex ploited by a process to transfer information in. This is the main book in the rainbow series and defines the trusted computer system evaluation criteria tcsec. Assurance requirements the operational assurance requirements specified in the orange book are as follows.
A covert channel is a way to secretly send messages between two entities that dont have the access control permissions to do so. The tcsec, also known as the orange book, requires analysis of covert storage channels to be classified as a b2 system and analysis of covert. Introduction a covert channel is a mechanism for steganographically superimposing illegitimate data onto a legitimate network data stream. The main book upon which all other expound is the orange book. The tcsec, frequently referred to as the orange book, is the centerpiece of the dod rainbow series publications. A network covert channel is a mechanism that can be used to leak information across a network in violation of a security policy and in a manner that can be difficult to detect. The orange book wisely reserved covert channel analysis and protection mechanisms for the highest levels of security b2 systems and above, where the information gained by exploiting covert channels is more likely to be worth the quest. A covert channel bandwidth that exceeds a rate of one hundred 100 bits per second is considered high because 100 bits per second is the approximate rate at which many computer terminals are run. Pdf automatic detection of covert channels in networks. Superimposing permutational covert channels onto reliable. The tcsec, also known as the orange book, 3 requires analysis of covert storage channels to be classified as a b2 system and analysis of covert timing channels is a requirement for class b3. The term, originated in 1973 by lampson, is defined as channels not intended for information transfer at all, such as the service programs effect on system load, to. System accreditors should specify these limits for. According to the orange book which security level is the first to require a from cis 343 at strayer university, washington.
B3 systems must have protections against covert channels. Ncsctg030 light pink book a guide to understanding covert channel analysis of trusted systems 1193 other nsancsc. The orange book states that hardware and software features shall be provided that can be used to periodically validate the correct operation of the onsite hardware and firmware elements of the tcb trusted computing base. Storage and low bits is incorrect because, low bits would not be considered a covert channel. This type of information path was not developed for communication. Covert channels cyber security safeguards coursera. Orange trusted computer system evaluation criteriatrusted computer system. Covert channel analysis is first introduced at what level of the tcsec rating. Timing channels edit the use of delays between packets transmitted over computer networks was first explored by girling for covert communication. Although the orange book is now considered somewhat dated, you should know about it for the exam. Covert channel analysis configuration management formal model of security policy proven consistent with its axioms b3. B1 systems are the first level to require sensitivity labels. The best way to perform this analysis is by determining if a covert channel can occur. Nsancsc rainbow series ncsctg001 tan book a guide to understanding audit in trusted systems version 2 60188 ncsctg002 bright blue book.
System architecture system integrity covert channel analysis trusted facility management trusted recovery. Survey of microarchitectural side and covert channels, attacks, and. Learn vocabulary, terms, and more with flashcards, games, and other study tools. According to the orange book which security level is the. A covert timing channel is a type of covert channel in which sensitive information is transmitted by the timing of events. Security testing design specification and testing configuration management trusted distribution. Covert timing channel attackstiming attacks are difficult to detect and function by altering a component or by modifying resource timing. Covert channel bandwidth limits b, bas defined in sections 5. The orange book requires protection against two types of covert channels, timing and storage. Trusted computer system evaluation criteria tcsec is a united states government. Trusted computer system evaluation criteria tcsec is a united states government department of defense dod standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. Start studying cissp topic 6 security architecture and design. Architectural implications of covert channels computer science.
The orange book is one of the national security agencys rainbow series of books on evaluating trusted computer systems. In this paper, we describe our implementation of a covert network timing channel, discuss the subtle issues that arose in its design, and present performance data for. Configuration management requirements are part of orange book a1 classification. Covert channels often involve what is called timing channels and storage channels. In computer security, a covert channel is a type of attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. The orange book describes four hierarchical levels to categorize security systems. Ip covert timing channels proceedings of the 11th acm. Trusted computer system evaluation criteria wikipedia. Gasior w and yang l network covert channels on the android platform proceedings of the seventh annual workshop on cyber security and information intelligence research, 11 sun y, guan x and liu t a new method for authentication based on covert channel proceedings of the 8th ifip international conference on network and parallel computing, 160.
System architecture system integrity covert channel analysis trusted facility management trusted recovery pg. A the operational assurance requirements specified in the orange book are as follows. Describe the fundamental roles of the orange book and tcb in cyber security summarize the basics of the belllapadula and biba models for cyber security examine covert. A covert channel is just one more way data can leave the network. The key difference is that in a noisy covert channel extra information has to be filtered out. Processor microarchitectural side and covert channel attacks have emerged as. C a covert channel is a way for an entity to receive information in an unauthorized manner. Here is an example of how covert channel attacks happen in real life. The tcsec was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified.
A noisy covert channel is a covert channel that uses a resource available to subjects other than the sender and receiver as well as to the sender and receiver. Learn how to detect and block covert channels from threats expert nick lewis. In order to occur, several conditions must be met6. Covert channels often involve what is called timing channels and storage. Covert channel vulnerabilities in anonymity systems department of. A channel is only considered malicious if it is prohibited by the security policy. Which of the following levels require mandatory protection. The tcsec, also known as the orange book, requires analysis of covert storage channels to be classified as a b2 system and analysis of covert timing channels is a requirement for class b3. Orange book specifies that a channel bandwidth exceeding a rate of 100 bps. Our research paper focuses to elaborate network covert channels that arise in distributed tcpip systems even when the transmission lines between network nodes are controlled. It does not seem appropriate to call a computer system secure if information can be compromised at a rate equal to the normal output rate of some. A covert channel is a mechanism that can be used to violate a security policy by allowing information to leak to an unauthorized process. Part of the communications in computer and information science book series ccis. Which tcsec publication addresses computer systems for government and military use.
These messages are sent in interesting and subtle ways. The modulation of disc space is an example of a storage channel. Methods that describe how covert channels can be fought can, e. System architecture, system integrity, covert channel analysis, trusted facility management, and trusted. This makes conveyance through a covert channel virtually undetectable by. A processor and operating system can work in different modes depending upon the privilege of the process that made a request. A it addresses the level of security a system provides b. A comprehensive approach to assurance includes the entity responsible for evaluating the assurance, which in the case of the dods orange book. I shut all the overt channels down and then i shut all the covert channels down. A covert timing channel is a type of covert channel in which sensitive information is. The term, originated in 1973 by lampson, is defined as channels not intended for information transfer at all, such as the service. The trusted computer system evaluation criteria 19831999, better known as the orange book, was the first major computer security evaluation methodology. Describe the fundamental roles of the orange book and tcb in cyber security summarize the basics of the belllapadula and biba models for cyber security examine covert channels and the. A covert channel is a type of computer attack that allows the communication of information by transferring objects through existing information channels or networks using the structure of the existing medium to convey the data in small parts.
On the necessary conditions for covert channel existence. So, the question is, if i want to respect the policy and i want alice to not be able to communicate with bob, which is a perfectly reasonable obligation, or goal in cybersecurity. Which of the following can be used as a covert channel. Orange book requirements system testing x x x x x x trusted distribution x trusted recovery x configuration management x x trusted facility management x x covert channel analysis x x x design spec and verification x x x x system integrity x system architecture x x x x x assurance d c1 c2b1 b2 b3a1. Covert channel analysis b1 no requirement b2 covert storage channels b3 covert channels i e storagecovert channels i. Ncsctg030, covert channel analysis of trusted systems light pink book, 1993 from the united states department of defense dod rainbow series publications. Covert channel handling policies should be consistent with the intent of the tcsec guidelines.
538 71 317 1555 244 1446 931 1337 788 807 707 1073 1351 1381 1511 403 25 450 1502 923 913 381 1138 1498 757 1539 739 1499 18 1489 12 172 625 248 1494 889 751 181 464 4 801 187 904 863 359 1307 686 700 172