Detecting covert timing channels
- 28 October 2007
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 14th ACM conference on Computer and communications security - CCS '07
- p. 307-316
- https://doi.org/10.1145/1315245.1315284
Abstract
The detection of covert timing channels is of increasing interest in light of recent practice on the exploitation of covert timing channels over the Internet. However, due to the high variation in legitimate network traffic, detecting covert timing channels is a challenging task. The existing detection schemes are ineffective to detect most of the covert timing channels known to the security community. In this paper, we introduce a new entropy-based approach to detecting various covert timing channels. Our new approach is based on the observation that the creation of a covert timing channel has certain effects on the entropy of the original process, and hence, a change in the entropy of a process provides a critical clue for covert timing channel detection. Exploiting this observation, we investigate the use of entropy and conditional entropy in detecting covert timing channels. Our experimental results show that our entropy-based approach is sensitive to the current covert timing channels, and is capable of detecting them in an accurate manner.Keywords
This publication has 13 references indexed in Scilit:
- The Pump: A Decade of Covert FunPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- On the secrecy of timing-based active watermarking trace-back techniquesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Tracking anonymous peer-to-peer VoIP calls on the internetPublished by Association for Computing Machinery (ACM) ,2005
- An information-theoretic model for steganographyInformation and Computation, 2004
- Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delaysPublished by Association for Computing Machinery (ACM) ,2003
- Reducing timing channels with fuzzy timePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- An information-theoretic and game-theoretic study of timing channelsIEEE Transactions on Information Theory, 2002
- Transforming out timing leaksPublished by Association for Computing Machinery (ACM) ,2000
- A pump for rapid, reliable, secure communicationPublished by Association for Computing Machinery (ACM) ,1993
- Computation of channel capacity and rate-distortion functionsIEEE Transactions on Information Theory, 1972