Title :
Integrated Covert Channel Countermeasure Model in MLS Networks
Author :
Cai Zhiyong ; Zhang Yong
Author_Institution :
Coll. of Comput. Sci., Zhejiang Univ., Hangzhou, China
Abstract :
Our country needs specially appointed data transmission between different security level networks in government. In this paper, we put forward a model of warden, which is deployed between these networks and used to counteract the overall covert channels. We use 2-type Turing machine to handle input and unrestricted grammar to generate output, this will eliminate all covert channels in packet header. We use union of automata to filtrate and modify application content. Four kinds of filters are described for different aspects. We then propose a 3-host prototype to testify our model. The two side hosts strip packet header. The centre host uses policy configured in advance to do limited-output filtration on content. For the practical access emulation by file transfer protocol, the prototype successfully reduced the overall covert channel capacity and the anticipated result is achieved.
Keywords :
Turing machines; channel capacity; computer network security; computer networks; data communication; transport protocols; 2-type Turing machine; MLS networks; automata; covert channel capacity; data transmission; file transfer protocol; government; integrated covert channel countermeasure model; limited-output filtration; packet header; practical access emulation; security level networks; unrestricted grammar; Automata; Data communication; Data security; Filters; Government; Multilevel systems; Prototypes; Strips; Testing; Turing machines;
Conference_Titel :
Information Engineering and Computer Science, 2009. ICIECS 2009. International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-4994-1
DOI :
10.1109/ICIECS.2009.5367017
