期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

抗隐蔽通道的网络隔离通信方案 被引量:5

Network isolation communication scheme to resist against covert channel
下载PDF
导出
摘要 随着网络技术的发展,广泛互联互通的异构网络间的信息交互越来越频繁。为有效保障信息跨网安全实时交换,提出了一种抗隐蔽通道的网络隔离通信方案(NICS,network isolation communication scheme)。建立了NICS理论模型,基于信息论理论证明了该方案的正确性,并给出了具体的实施方案。安全特性分析表明,NICS可有效解决不同网络的通信协议均存在潜在的数据分组大小隐蔽通道与状态信息隐蔽通道的问题;在交互相同信息量的前提下,可实现与物理隔离等价的抗隐蔽通道的安全效果。 With the rapid development of network technologies, real-time information exchanging between heterogeneous networks becomes more frequently. To effectively guarantee the secure and real-time information exchanging crossing different networks, a network isolation communication scheme (NICS) is proposed to resist against covert channel. A newly theoretical model of NICS is designed and proved based on the information theory, and followed with a specific solution. Security analysis indicates that the NICS is able to effectively solve problems of the potential packet lengths' covert channel (PLCC) and the status covert channel (SCC) in most of the existing work; and, given similar amount of information for exchanging, the NICS can achieve equivalent security degree with the physical isolation in terms of re- sisting against the covert channel.
作者 李凤华 谈苗苗 樊凯 耿魁 赵甫
机构地区 中国科学院信息工程研究所信息安全国家重点实验室 西安电子科技大学通信工程学院 北京航天数控系统有限公司
出处 《通信学报》 EI CSCD 北大核心 2014年第11期96-106,共11页 Journal on Communications
基金 国家自然科学基金资助项目(61170251) 国家高技术研究发展计划("863"计划)基金资助项目(2012AA013102 2012AA01A401) 数字版权保护技术研发工程基金资助项目(1681300000119)~~
关键词 网络隔离 隐蔽通道 数据分组长度 状态信息 network isolation covert channel length of the data packet status information
分类号 TN929 [电子电信—通信与信息系统]
  • 相关文献

参考文献24

  • 1LIU J Y, FANG Y J,ZHANG D H. PROFIBUS-DP and HART proto- col conversion and the gateway developmont[A]. Proceeding of 2nd IEEE Conference on Industrial Eleca'onics and Applica- tions(KlEA)[C]. Harbin, China. 2007, 15-20.
  • 2DONG G S, LIU ZH J, ZHAO D. A security domain isolation and data exchange system based on VMM[A]. Proceeding of 3rd International Conference on Signal Processing and Communication Systems(ICSPCS)[C].Omaha, NE,USA. 2009.1-5.
  • 3DU J, LIU P E Design and implementation of efficient one-way isola- tion system based on PF_RING[A].Proceeding of 2012 Fourth Inter- national Conference on Multimedia Information Networking and Se- curity(MINES)[C]. Nanjing, China, 2012.105-108.
  • 4LAMPSON B W. A note on the confmement problem[J]. Communica- tions of the ACM. 1973, 16(10):613-615.
  • 5National Computer Security Center, DoD, Trusted Computer System Evaluation Criteria[R]. National Computer Security Center, Washing- ton, DC, USA, 1985.
  • 6ZHAI G S, ZHANG Y F, LIU C Y, et al. Automatic identification of covert channels inside linux kernel based on source codes[A]. Pro- ceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human (ICIS'09)[C]. Seoul, Korea, 2009.440-445.
  • 7MOSKOWITZ S I, NEWMAN R E, CREPEAU P D, et al. Covert channels and anonym zing networks[A]. Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society[C]. New York, NY, USA. 2013.79-88.
  • 8WANG Y, FERRAIUOLO A, SUH G E. Timing channel protection for a shared memory controller[A]. Proceeding of 2014 IEEE 20th Inter- national Symposium on High Performance Computer Architecture (HPCA)[C].Orlando, FL,USA,2014.225-236.
  • 9JI L P, J'IANG W H, DAI B Y. A novel covert channel based on length of messages[A]. Proceedings of International Symposium on Informa- tion Engineering and Electronic Commerce (IEEC '09)[C]. Temopil, Ukraine, 2009.551-554.
  • 10LI S, EPHREMIDES A. A covert channel in mac protocols based on splitting algorithms[A]. Proceeding of Wireless Communications and Networking Conference[C]. New Orleans, LA, USA, 2005.1168-1173.

二级参考文献27

  • 1Lampson B W. A note on the confinement problem [J]. Communications of the ACM (S0001-0782), 1973, 16(10): 613-115.
  • 2A Snoeren, C Partridge, L Sanchez, et al. Single Packet IP Trace back [J]. ACM/IEEE Transaction on networking (S1063-6692), 2002, 10(6): 721-734.
  • 3S Zander, G Armitage, P Branch. A Survey of Covert Channels and Countermeasures in Computer Network Protocols [J]. IEEE Communications Surveys and Tutorials (S1553-877X), 2007, 9(3): 44-57.
  • 4K Ahsan, D Kundur. Practical Data Hiding in TCP/IP [C]// ACM WKSP Multimedia, Juan-les-Pins, France. USA: ACM, 2002: 7-14.
  • 5Cauich E, Gardenas R G, Watanabe R. Data Hiding in Identification and Offset IP Fields [C]// Proceeding of 5th International Symposium. Guadalajara, Mexico: [s. n.], 2005.
  • 6C G Girling. Covert Channels in LAN's [J]. IEEE Transaction on Soft-ware Engineering (S0098-5589), 1987, 13(2): 292-296.
  • 7S Cabuk, C E Brodley, C Shields. IP covert timing channels: Design and detection [C]// ACM Conference on Computer and Communications Security, Washington, USA. USA: ACM, 2004: 178-187.
  • 8Shah G, Molina A, Blaze M. Keyboards and covert channels [C]// USENIX Conference on Security Symposium, Vancouver, Canada. USA: USENIX, 2006: 59-75.
  • 9Berk V, Giani A, Cybenko G. Covert Channel Detection Using Process Query Systems [C]// Proceedings of Workshop on Flow Analysis, Pennsylvania, USA. USA: CERT, 2005: 5-9.
  • 10I S Moskowitz, M H Kang. Covert Channels Here to Stay? [C]// Proceedings of the Ninth Annual Conference on Computer Assurance, Gaithersburg, USA: IEEE, 1994: 235-243.

共引文献25

同被引文献24

引证文献5

二级引证文献14

通信学报
2014年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部