Question

This problem deals with covert channels. Describe a covert channel involving the print queue and estimate the realistic capacity of your covert channel. Describe a subtle covert channel involving the TCP network protocol.

Answer 1

A covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. It is called as covert as it is hidden from the access control mechanisms of ultra-high-assurance secure operating systems.

a. A decent example of a storage channel could be a printing queue.A trusted line printer service correctly tags each submitted job with the MAC label of the requesting process and maintains that label with the queued jobs for use in eventual printing. Jobs with relatively long names are allowed. The method with higher security privileges either fills up the printer queue to signal a one or leaves it because it is to signal a zero.A status program allows the user to see all of the jobs that are queued for the user, including the user-assigned job name, regardless of the label of the job. This is one of the covert channel as thesender process can create jobs whose name contains data to be covertly passed to receivers that operate on behalf of the same user. This channel is closed by allowing the user to only view jobs that are dominated by the user's current MAC label. The status program that is running could give the user an "other jobs exist" message if non-dominated jobs existed. This represents a much smaller channel with a good operational reason for existence.

b. In the case of TCP/IP, there are a number of methods available whereby covert channels can be established and data can be
secretly passed between hosts. These are the methods that uses covert channels in various areas
1.Bypassing packet filters, network sniffers, and "dirty word" search engines.
2.Encapsulating encrypted or non-encrypted information within otherwise normal packets of information for secret transmission through networks that prohibit such activity ("TCP/IP Steganography").
With the dramatic growth of the Internet, there is now a growing concern about the use of covert channels in the TCP/IP protocol suite, which has a number of potential weaknesses that allow an attacker to surreptitiously pass data in otherwise benign packets.