Mitigation of Storage Covert Channels in IPSec for QoS Aware Applications
作者: Arnab Kundu
DOI: 10.1016/J.PROCS.2015.06.012
关键词:
摘要: Gateways implementing IPSec protocol suite are used to provide secure communication between different client machines over public infrastructure. However the exploitation of covert storage channel in may defeat very purpose protecting leakage information from machine. This threat gets more aggravated as some channels might be exploited machine even without compromising security gateways. The possibility by only machine, either form a colluding insider or due presence malware at poses serious any organization dealing with sensitive and resourceful adversary. existing approaches mitigate threats against severely restrict usability many QoS aware applications reducing allowance relevant header fields minimum. work overcomes same creating separate partitions based on application specific requirements. Subsequent processing involves extension scope services per predefined is achieved appropriate related using comprehensive treatment timing channels. When compared approaches, proposed approach provides better demanding contexts while maintaining equivalent strength protection providing performance. paper also outlines an implementation strategy Linux kernel stack.
core.ac.uk
elsevier.com
sci-hub.se 参考文章(12)
C Allison, A Miller, D Llamas, Covert Channels in Internet Protocols: A Survey ,(2005)
James P. Anderson, Computer Security Technology Planning Study ,(1972)
Zouheir Trabelsi, Hesham El-Sayed, Lilia Frikha, Tamer Rabie, None, Traceroute based IP channel for sending hidden short messages international workshop on security. pp. 421- 436 ,(2006) , 10.1007/11908739_30
M. A. Padlipsky, D. W. Snow, P. A. Karger, Limitations of End-to-End Encryption in Secure Computer Networks Defense Technical Information Center. ,(1978) , 10.21236/ADA059221
Theodore G. Handel, Maxwell T. Sandford, Hiding Data in the OSI Network Model information hiding. pp. 23- 38 ,(1996) , 10.1007/3-540-61996-8_29
D. Harkins, D. Carrel, The Internet Key Exchange (IKE) RFC. ,vol. 2409, pp. 1- 41 ,(1998)
Sebastian Zander, Grenville Armitage, Philip Branch, A survey of covert channels and countermeasures in computer network protocols IEEE Communications Surveys and Tutorials. ,vol. 9, pp. 44- 57 ,(2007) , 10.1109/COMST.2007.4317620
Butler W. Lampson, A note on the confinement problem Communications of the ACM. ,vol. 16, pp. 613- 615 ,(1973) , 10.1145/362375.362389
C.G. Girling, Covert Channels in LAN's IEEE Transactions on Software Engineering. ,vol. 13, pp. 292- 296 ,(1987) , 10.1109/TSE.1987.233153
G. Armitage, A. Malis, B. Gleeson, J. Heinanen, A. Lin, A Framework for IP Based Virtual Private Networks A Framework for IP Based Virtual Private Networks. ,vol. 2764, pp. 1- 62 ,(2000)