Re: Covert Channels

From: David Wagner (dawat_private)
Date: Thu Oct 24 2002 - 10:46:40 PDT

Next message: Roland Postle: "Re: Covert Channels"

Previous message: Sean Zadig: "Re: shellcode -> asm?"
In reply to: Richard Masoner: "RE: Covert Channels"
Next in thread: Brooke, O'neil (EXP): "RE: Covert Channels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Richard Masoner  wrote:
>Part of covert channel detection, for example, might
>be flagging a user who copies text from an X window
>and pastes that text into an X window that's at a
>lower privilege level.

I wouldn't call that a covert channel; I'd call that an overt channel.
It's just a violation of an information flow style mandatory access
control policy, and not all such violations are covert channels.

(Now if you described a Trojan horse X app leaking text to another program
on the same machine by banging hard on the X server with lots of requests
for a second to send a 1 bit or going idle for a second to send a 0 bit,
that would indeed be a covert channel.  Trying to stop the latter example
is probably futile.)

Next message: Roland Postle: "Re: Covert Channels"
Previous message: Sean Zadig: "Re: shellcode -> asm?"
In reply to: Richard Masoner: "RE: Covert Channels"
Next in thread: Brooke, O'neil (EXP): "RE: Covert Channels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 24 2002 - 13:18:20 PDT