Previous Next Methods Allocation  
Annex 1  
5.1 Category of Methods "Analysis of Covert Channels" (ACC)  

  • 5.1.1 Overview
  • Appraisal Criteria
  • Individual Methods
  • Comparison of the individual Methods
  • 5.1.2 Individual Descriptions
  • Information Flow Analysis
  • Shared Resource Methodology (SRM)
  • 5.1.1 Overview

    A covert channel means a communication channel that allows an information flow contrary to the security requirements. There is a distinction between time and storage channels.

    A time channel is a communication path utilizing the time behavior of the system for the transmission of information. A storage channel utilizes the (finite) resources of a computer.

    Example for a storage channel: there shall be two systems with different security levels (system "high" and system "low"), but it is not possible to have more files with the same name. In this case the following covert channel exists: System "high" creates a file if the information to be transmitted shall be "true". If it is possible for system "low" to create a file with the same name it gains exactly this information by the means of this storage channel.

    Up to now there are known (almost) only methods for the systematic analysis of storage channels (partially it is possible to use the Shared Resource Methodology (SRM) for the analysis of time channels).

    An Analysis is formal if it is done with formal (i. e. mathematical) means. Up to now there are no formal methods for the analysis of time channels. With formal means a formal specification or program is investigated in order to find possible communication paths that contradict the security requirements without braking the access authorizations.

    ACC is a method primarily dealing with storage channels and only of significance with regard to IT security. Appraisal Criteria

    The following contains a list of criteria helping to select individual methods: Individual Methods

    The most known and applied methods for the Analysis of Covert Channels are presented in the following individual descriptions. In order to make it easier to distinguish between the individual methods, these methods are first compared with each other. Comparison of the individual Methods

    The objective of the methods Information Flow Analysis and Shared Resource Methodology is very similar. Only the application area is different. While SRM can be applied even in early specification phases, the Information Flow Analysis can only be applied if a formal specification with variables or a program is available.

    With the Information Flow Analysis, the analysis of time channels is not possible. But the results gained with the Information Flow Analysis are more complete because of the formal derivation of all objects and subjects. With this method, on the other hand, also such covert channels are detected that are practically not relevant or that are not really covert channels (e. g. in y := x - x or y := x

  • 0 the security level of y has to be dominant, although in these cases there is no information flow from x to y).

    Information Flow Analysis Shared Resource Methodology
    Applicable only for formal specifications or programs Applicable also for informal specifications
    Analysis only possible for later design decisions or on program level Analysis possible with the first specification
    Analysis of storage channels possible Analysis of storage channels and partial of time channels possible
    Too many storage channels may be detected (some are none or are not usable) because of the information flow rules being too restrictive It may be that not all storage channels are detected because only a limited set of subjects/objects is chosen
    Formal derivation of the investigated objects and subjects, therefore the result is independent of the team performing the analysis Informal derivation of the investigated objects and subjects, therefore the results depends on the team performing the analysis

    Table 5.1: ACC: Differences between Individual Methods

    5.1.2 Individual Descriptions Information Flow Analysis Shared Resource Methodology (SRM)

    Previous Next GDPA Online Last Updated 01.Jan.2002 Updated by Webmaster Last Revised 01.Jan.2002 Revised by Webmaster