隐通道传递信息机理的研究

On the Principle of Information Transfer in Covert Channel

下载PDF

导出

摘要可信计算机系统中一些隐蔽数据流避开了安全机制的监控,造成信息的泄漏。本文通过对这种隐蔽流泄漏信息的机理进行分析和抽象,提出了一个通道元模型。将每一类通道元看成一个有限状态机,以Plotkin的结构化操作语义等为基础,计算出状态机的状态变化序列。通过对不满足隐通道定义的状态变迁序列的归纳,得到了抽象机中安全状态转移的约束条件,找出两个通道元通过共享客体泄露信息的工作机理,从而开发出一种基于操作语义的隐通道标识方法。对电梯调度算法模型进行实验,可有效地标识出存在的隐通道。 Some covert information flow evades the inspection of security mechanism in trusted computer system, which results in information leakage. The atomic channel model was established by analyzing and abstracting the principle of covert information flow. A finite state machine was used to describe an atomic channel model. Based on the structured operational semantics proposed by Plotkin we can compute sequences of states. By reasoning on state sequences against the definition of covert channel, restriction conditions of secure state translation were gained, and the principle of information leakage in two atomic channel models sharing an object was found. Consequently a covert channel identification method based on operational semantics was proposed. The experiment on elevator dispatch algorithm showed that our method could search for covert channels efficiently.

作者刘志锋鞠时光王昌达周从华

机构地区江苏大学计算机科学与通信工程学院

出处《计算机科学》 CSCD 北大核心 2007年第10期92-95,142,共5页 Computer Science

基金本课题受到国家自然科学基金(编号:60573046)的资助。

关键词隐通道信息安全安全模型 Covert channel, Information security, Security model

分类号 TP311.13 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献21

1McHugh J. Covert Channel Analysis: A Chapter of the Handbook for the Computer Security Certification of Trusted Systems [R]. Portland State University, December 1995
2Denning D E, Denning P J. Certification of Programs for Secure Information Flow. Communications of the ACM[J], 1977, 20 (7): 504-513
3Bell D E, LaPadula L J. Secure computer system: Unified exposition and MULTICS interpretation: [TechRep MTR-2997]. The MITRE Corporation, 1976
4McHngh J. An information flow tool for Gypsy. In: Computer Security Applications Conference[C]. ACSAC 2001. Proceedings 17th Annual Dec .2001.191-201
5Goguen j A, Meseguer J. Security Policies and Security Models. In: Proceedings of the IEEE Symposium on Security and Privacy [C], Oacldand, California, 1982. 11-20
6Kemmerer RA. Shared resource matrix methodology: An approach to identifying storage and timing channels. ACM Trans on Computer Systems[J].1983. 256-277
7Kemmerer R A. Covert Flow Trees: A Visual Approach to Analyzing Covert torage Channels. IEEE Transactions on Software Engineering[J].1991: 17(11): 1166-1185
8Venkatraman B R, Newman-Wolfe R E. Capacity Estimation and Auditability of Network Covert Channels. In: Security and Privaey, IEEE Symposium[C].May 1995. 186-198
9Wang C D, Ju Shiguang- Research on the methods of search and elimination in covert channel. In:Grid and Cooperative Computing [C], LNCS, PT 1 3032:1 2004. 988-99
10Goldschlag D M. Several Secure Store and Forward Devices. In: Proc. of the Third ACM Conference on Computer and Communications Secunrity[C], New Delhi, India, March 1996. 129-137

二级参考文献29

1冯玉琳，计算机学报，1992年，15卷，12期
2冯玉琳，Theories of concurrency，1990年
3Kemmerer RA, Taylor TA. Modular covert channel analysis methodology for trusted DG/UXTM. IEEE Trans. on Software Engineering, Vol. 22, 1996.
4Denning DE. A lattice model of secure information flow. Communications of the ACM, 1976. 236-243.
5He J, Gligor VD. Information flow analysis for covert-channel identification in multilevel secure operating systems. In: Proc. of the 3rd IEEE Workshop on Computer Security Foundations. 1990. 139-148.
6Feiertag R. A technique for proving specifications are multilevel secure. Technical Report CSL-109, 1980.
7Feiertag R, Levitt KN, Robinson L. Proving multilevel security of a system design. In: Proc. of the 6th ACM Symp. on Operating Systems Principles. 1977.57-65.
8Goguen JA, Meseguer J. Security policies and security models. In: Proc. of the IEEE Symp. on Security and Privacy. 1982. 11-20.
9Millen JK. Foundations of covert-channel detection. Technical Report MTR-10538, The M1TRE Corporation, 1989.
10Goguen JA, Meseguer J. Unwinding and inference vontrol. In: Proc. of the IEEE Symp. on Security and Privacy. 1984. 75-86.

共引文献41

1王保华,李丹宁,李丹,马新强,章衡.高安全级别安全数据库的隐蔽通道分析[J].计算机研究与发展,2006,43(z2):168-172. 被引量：1
2赵克,叶尚辉.一个基于面向对象的设计知识表示的资源模型[J].机械科学与技术,1995,14(4):110-115. 被引量：3
3李京,黄涛,冯玉琳.对象行为约束的描述和推理[J].中国科学技术大学学报,1995,25(3):287-292.
4冯玉琳,黄涛,李京.面向对象的软件构造[J].软件学报,1996,7(3):129-136. 被引量：21
5张世明,何守才.数据库系统隐蔽通道分析的设计[J].计算机工程,2006,32(18):133-134. 被引量：1
6崔宾阁,刘大昕.基于信息流图的隐通道分析技术研究[J].哈尔滨工程大学学报,2006,27(5):742-747. 被引量：2
7王保华,李丹宁,马新强,章衡.基于Logic SQL安全数据库的隐蔽通道分析[J].贵州科学,2006,24(4):60-63.
8XUE Haifeng,QING Sihan,ZHANG Huanguo.XEN Virtual Machine Technology and Its Security Analysis[J].Wuhan University Journal of Natural Sciences,2007,12(1):159-162. 被引量：4
9王保华,马新强,李丹宁,李丹,章衡,赵振勇.安全数据库隐蔽通道的标识技术与实例分析[J].计算机技术与发展,2007,17(2):233-235. 被引量：2
10刘文清,韩乃平,陈喆.一个安全操作系统SLinux隐蔽通道标识与处理[J].电子学报,2007,35(1):153-156. 被引量：9

1赵战生.信息安全——金融电子化面对的世纪重任[J].中国金融电脑,1999(2):11-15. 被引量：1
2姚伦淳.微型计算机系统的安全性[J].微型电脑应用,1989(4):12-19.
3张洪欣,吕英华.电磁信息泄漏技术及其发展[J].安全与电磁兼容,2004(6):39-43. 被引量：16
4刘云仙,王维维.一种VHDL的结构化操作语义[J].浙江大学学报（理学版）,2004,31(4):409-411.
5赵硕,杨欣宇,丁海波.电梯群控系统调度算法的研究[J].齐齐哈尔大学学报（自然科学版）,2005,21(3):62-64. 被引量：2
6杨荐,廖伟志,孙环龙,李双.基于Petri网和基因表达式编程的作业车间调度研究[J].广西师范学院学报（自然科学版）,2014,31(2):56-61.
7王洪波,张维.找对U盘防护方法[J].网络运维与管理,2013(3):126-126.
8徐韶.浅析大数据安全与隐私保护[J].网络空间安全,2016,7(7):77-79. 被引量：4
9刘景云.别让U盘随便开口[J].网络运维与管理,2013(12):97-100.
10傅教智.互联网的管理应用具有开放性[J].现代家电,2016,0(20):57-57.

计算机科学

2007年第10期

浏览历史

内容加载中请稍等...

隐通道传递信息机理的研究

参考文献21

二级参考文献29

共引文献41

相关作者

相关机构

相关主题

浏览历史