Date: 23 Feb 2006 12:35:52 -0000
From: matthijs@...t.biz
To: bugtraq@...urityfocus.com
Subject: Research paper on covert channels


As part of our MSc study on System and Network Engineering at the University of Amsterdam, NL, Marc Smeets and I have done research on covert channels. 

Abstract:

"Covert channels have been topic of discussion within both academic and non-academic communities for more than two decades. Traditionally, research on this topic focussed on storage and timing channels within singular systems. As more systems became interconnected in the last decade, the scope expanded to network-based covert channels. Numerous designs and implementations of such covert channels have been suggested, altogether leaving the world with valuable pieces of knowledge scattered around the Internet. By aggregating the essentials and representing them in a structured format, we attempt to provide clarity on the current state of research. In addition, a (non-exhaustive) overview of contemporary trends in network-based covert channels is given, explaining common channels within IP, TCP, ICMP, HTTP and DNS. Lastly, several implementations were evaluated to gain insight in their efficiency and performance, and the influences to which they're prone. We conclude that they p
 ose a security issue that needs proper attention when defining and enforcing security policies, and expect more sophisticated covert channels to appear in the future."

The paper is available at the following URL:

http://www.os3.nl/~mrkoot/courses/RP1/researchreport_2006-02-15_final2.pdf

Feedback is more than welcome!

(I posted to bugtraq since the secpapers list appears rather dormant)

Powered by blists - more mailing lists