I've only been following this thread peripherally, but isn't covert channel discussion limited to analyzing the assurance of Trusted Systems? Perhaps my view is limited since Trusted System development is something I've done, but it seems to me that this thread has been on steganography instead of covert channels of communication. On a trusted system, for example, a user isn't going to modify the IP header to steganographically send secret information, because he can't. In the Trusted Systems world, covert channel analysis and detection is something that is done, and in that community it's considered science, not snake oil. Part of covert channel detection, for example, might be flagging a user who copies text from an X window and pastes that text into an X window that's at a lower privilege level. Richard Masoner __________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 13:35:01 PDT