期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于信息流图的隐通道分析技术研究 被引量:2

Using an information flow graph to identify and analyze covert channels
下载PDF
导出
摘要 为了减轻隐通道分析人员的负担,提出了一种基于信息流图的隐通道识别和分析方法.信息流图简单、直观地表现了信息从发送者经过特定的属性集合传播到接收者的过程.介绍了信息流图的构造方法和潜在隐通道的搜索方法.为实现隐通道的自动分析,提出了操作序列分析的6条基本规则并引入了等价操作序列的概念.开发了一个隐通道自动分析工具.实验结果表明该工具大大减轻了隐通道分析人员的工作量,同时能够产生所有真实的隐通道应用场景. A technique is introduced for detecting covert channels using a graph structure called an information flow graph. The information flow graph can graphically illustrate the process through which information is relayed from the sender to the receiver via particular resource attributes. Algorithms for automating the construction of information flow graphs and potential covert channel operation sequences are presented. Six rules that a user can use to perform the analysis of the operation sequences were identified. Moreover, the notion of equivalent operation sequences was proposed to reduce the number of operation sequences. Based on these rules, a tool was developed to analyze the operation sequences automatically. Experiment results show this method can decrease the workloads for covert channel analysts remarkably, and can produce all true covert communication scenarios.
作者 崔宾阁 刘大昕
机构地区 哈尔滨工程大学计算机科学与技术学院
出处 《哈尔滨工程大学学报》 EI CAS CSCD 北大核心 2006年第5期742-747,共6页 Journal of Harbin Engineering University
关键词 安全操作系统 隐通道分析 信息流 信息流图法 secure operating system covert channel analysis information flow graph
分类号 TP311.13 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献8

  • 1NCSC. A guide to understanding covert channel analysis of trusted systems [R]. [s. 1.]National Computer Security Center, NCSC TG 030, 1993.
  • 2卿斯汉.高安全等级安全操作系统的隐蔽通道分析[J].软件学报,2004,15(12):1837-1849. 被引量:31
  • 3DENNING D E. A lattice model of secure information flow [J]. Communications of the ACM, 1976:236-243.
  • 4TSAI C R, GLIGOR V, CHANDERSEKARAN C S. A formal method for the identification of covert storage channels in source code[J]. IEEE Transactions on Software Engineering, 1990, 16(6): 569-580.
  • 5卿斯汉,朱继锋.安胜安全操作系统的隐蔽通道分析[J].软件学报,2004,15(9):1385-1392. 被引量:19
  • 6KEMMERER R A. Shared resource matrix methodology: an approach to identifying storage and timing channels [J]. ACM Transactions on Computer Systems, 1983, 1(3): 256-277.
  • 7HAIGH J T, KEMMERER R A, MCHUGH J, et al. An experience using two covert channel analysis techniques on a real system design [J]. IEEE Transactions on Software Engineering, 1987, 13(2): 157-168.
  • 8PORRAS P A, Kemmerer R A. Covert flow trees: a technique for identifying and analyzing covert storage channels [A]. In: Proc. of the 1991 IEEE Computer Society Symp on Research in Security and Privacy [C]. Oakland, California. 1991.

二级参考文献40

  • 1[1]Lampson BW. A note on the confinement problem. CACM, 1973,16(10):.613~615.
  • 2[2]Tsai CR, Gligor VD, Chandersekaran CS. A formal method for the identification of covert storage channels in source code. IEEE Trans. on Software Engineering, 1990,16(6):569~580.
  • 3[3]U.S. Department of Defense. Trusted Computer System Evaluation Criteria. DoD 5200.28-STD, 1985.
  • 4[4]General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China. Classfied criteria for security protection of computer information system. GB 18859-1999, 1999 (in Chinese).
  • 5[5]Qing SH, Ji QG. Formal model design for secure operating systems. In: ITI 1st Int'l Conf. on Information and Communications Technology. 2003.
  • 6[6]Kemmerer RA. Shared resource matrix methodology: An approach to identifying storage and timing channels. ACM Trans. on Computer Systems, 1983,1(3):256~277.
  • 7[7]Porras PA, Kemmerer RA. Covert flow trees: A technique for identifying and analyzing covert storage channels. In: Proc. of the 1991 IEEE Computer Society Symp. on Research in Security and Privacy. 1991.36~51.
  • 8[8]McHugh J. Covert channel analysis: A chapter of the handbook for the computer security certification of trusted system. NRL Technical Memorandum 5540:062A, 1995.
  • 9[9]Kemmerer RA, Taylor T. A modular covert channel analysis methodology for trusted DG/UX. In: Proc. of the 12th Annual Computer Security Applications Conf. Washington: IEEE Computer Society, 1996. 224~235.
  • 10[10]Millen JK. Finite-State noiseless covert channels. In: Proc. of the Computer Security Foundations Workshop. Franconia: IEEE Computer Society, 1989. 81~85.

共引文献40

同被引文献19

  • 1卿斯汉,朱继锋.安胜安全操作系统的隐蔽通道分析[J].软件学报,2004,15(9):1385-1392. 被引量:19
  • 2鞠时光,宋香梅.用于信息流分析的信息流树结构[J].江苏大学学报(自然科学版),2005,26(5):433-436. 被引量:4
  • 3权义宁,胡予濮.改进的操作系统安全访问控制模型[J].西安电子科技大学学报,2006,33(4):539-542. 被引量:5
  • 4Denning D E.A Lattice Model of Secure Information Flow[J].Communications of the ACM,1976,19(5):236-243.
  • 5Tsai C R,Gligor V D,Chandersekaran C S.A Formal Method for the Identification of Covert Storage Channels in Source Code[J].IEEE Trans on Software Engineering,1990,16(6):569-580.
  • 6Kemmerer R A.Shared Resource Matrix Methodology:an Approach to Identifying Storage and Timing Channels[J].ACM Trans on Computer Systems.1983,1(3):256-277.
  • 7Porras P A,Kemmerer R A.Covert Flow Trees:a Technique for Identifying and Analyzing Covert Storage Channels[C]//Proceedings of the 1991 IEEE Symposium on Security and Privacy.Oakland:IEEE Computer Society,1991:36-51.
  • 8Lampson B W.A Note on the Confinement Problem[J].Communications of the ACM,1973,16(10):613-615.
  • 9Kemmerer R A.A Practical Approach to Identifying Storage and Timing Channels:Twenty Years Later[C]//Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC'02).Washington:IEEE Computer Society,2002:109-118.
  • 10Shaffer A B,Auguston M,Irvine C E,et al.A Security Domain Model to Assess Software for Exploitable Covert Channels[C]//Proceedings of the Third ACM SIGPLAN Workshop on Programming Languages and Analysis for Security.Tucson:ACM,2008:45-56.

引证文献2

哈尔滨工程大学学报
2006年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部