|5.1 Category of Methods "Analysis of Covert Channels" (ACC)|
A time channel is a communication path utilizing the time behavior of the system for the transmission of information. A storage channel utilizes the (finite) resources of a computer.
Example for a storage channel: there shall be two systems with different security levels (system "high" and system "low"), but it is not possible to have more files with the same name. In this case the following covert channel exists: System "high" creates a file if the information to be transmitted shall be "true". If it is possible for system "low" to create a file with the same name it gains exactly this information by the means of this storage channel.
Up to now there are known (almost) only methods for the systematic analysis of storage channels (partially it is possible to use the Shared Resource Methodology (SRM) for the analysis of time channels).
An Analysis is formal if it is done with formal (i. e. mathematical) means. Up to now there are no formal methods for the analysis of time channels. With formal means a formal specification or program is investigated in order to find possible communication paths that contradict the security requirements without braking the access authorizations.
ACC is a method primarily dealing with storage channels and only of significance with regard to IT security.
With the Information Flow Analysis, the analysis of time channels is not possible. But the results gained with the Information Flow Analysis are more complete because of the formal derivation of all objects and subjects. With this method, on the other hand, also such covert channels are detected that are practically not relevant or that are not really covert channels (e. g. in y := x - x or y := x
|Information Flow Analysis||Shared Resource Methodology|
|Applicable only for formal specifications or programs||Applicable also for informal specifications|
|Analysis only possible for later design decisions or on program level||Analysis possible with the first specification|
|Analysis of storage channels possible||Analysis of storage channels and partial of time channels possible|
|Too many storage channels may be detected (some are none or are not usable) because of the information flow rules being too restrictive||It may be that not all storage channels are detected because only a limited set of subjects/objects is chosen|
|Formal derivation of the investigated objects and subjects, therefore the result is independent of the team performing the analysis||Informal derivation of the investigated objects and subjects, therefore the results depends on the team performing the analysis|
220.127.116.11 Information Flow Analysis
|GDPA Online Last Updated 01.Jan.2002 Updated by Webmaster Last Revised 01.Jan.2002 Revised by Webmaster|