Covert channel detection using Information Theory

Lo\"ic H\'elou\"et (INRIA Rennes); Aline Roumy (INRIA Rennes)

arXiv:1102.5586·cs.CR·March 1, 2011·SecCo

Covert channel detection using Information Theory

Lo\"ic H\'elou\"et (INRIA Rennes), Aline Roumy (INRIA Rennes)

PDF

TL;DR

This paper introduces an information theory framework to detect covert channels, revealing limitations of existing interference measures and characterizing the capacity of control-flow-based covert channels.

Contribution

It develops a novel information-theoretic detection method and analyzes the capacity of covert channels using control flows, addressing gaps in existing interference models.

Findings

01

Interference measures do not fully characterize covert information flow.

02

Enhanced interference notions cannot detect channels with less than one bit capacity.

03

The capacity of control-flow covert channels can be explicitly computed.

Abstract

This paper presents an information theory based detection framework for covert channels. We first show that the usual notion of interference does not characterize the notion of deliberate information flow of covert channels. We then show that even an enhanced notion of "iterated multivalued interference" can not capture flows with capacity lower than one bit of information per channel use. We then characterize and compute the capacity of covert channels that use control flows for a class of systems.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.