Abstract
We propose a port-is-in-use attack, which is intended for leaking sensitive information in multilevel secure operating systems. Our approach is based on TCP socket mechanism widely used in Linux for interprocess communication. Despite the strong limitations inherent in operating systems with mandatory access control, sockets may not be restricted by the security policy, which makes it possible theoretically to transfer information from one process to another from a high security level to a low one. The proposed attack belongs to the operating system storage transition-based class attack. The main idea is to use the availability of TCP port, which is shared among processes at more than one security level, as the communication medium. The possibility or impossibility of binding a socket to a predefined port is used to transmit a bit of 0 or 1 respectively. We implement proof-of-concept exploit, which was used to check the idea and to evaluate covert channel capacity. Experimental results show that the proposed technique provides high rate covert channel, that means a significant threat of confidentiality in multilevel secure operating systems.
This is a preview of subscription content, log in via an institution to check access.
References
Gallagher Jr., P.R.: A guide to understanding covert channel analysis of trusted systems provides a set of good (1993)
Girling, C.G.: Covert channels in LAN’s. IEEE Trans. Softw. Eng. SE–13(2), 292–296 (1987)
Handel, T.G., Sandford, M.T.: Hiding data in the OSI network model, pp. 23–38. Springer, Heidelberg (1996)
Harnik, D., Pinkas, B., Shulman-Peleg, A.: Side channels in cloud services: Deduplication in cloud storage. IEEE Secur. Priv. 8(6), 40–47 (2010)
Hovhannisyan, H., Qi, W., Lu, K., Yang, R., Wang, J.: Whispers in the cloud storage: A novel cross-user deduplication-based covert channel design. Peer-to-Peer Netw. Appl. 1–10 (2016)
Kemmerer, R.A.: Shared resource matrix methodology: An approach to identifying storage and timing channels. ACM Trans. Comput. Syst. 1(3), 256–277 (1983)
Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)
Lipner, S.B.: A comment on the confinement problem. SIGOPS Oper. Syst. Rev. 9(5), 192–196 (1975)
Mileva, A., Panajotov, B.: Covert channels in TCP/IP protocol stack - extended version-. Cent. Eur. J. Comput. Sci. 4(2), 45–66 (2014)
Okhravi, H., Bak, S., King, S.T.: Design, implementation and evaluation of covert channel attacks. In: 2010 IEEE International Conference on Technologies for Homeland Security (HST), pp. 481–487, November 2010
Pulls, T.: (More) side channels in cloud storage, pp. 102–115. Springer, Heidelberg (2012)
Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (1997)
Salaün, M.: Practical overview of a xen covert channel. J. Comput. Virol. 6(4), 317–328 (2010)
Salih, A., Ma, X., Peytchev, E.: Implementation of hybrid artificial intelligence technique to detect covert channels attack in new generation internet protocol IPv6, pp. 173–190. Springer, Cham (2017)
Shieh, S.-P.: Estimating and measuring covert channel bandwidth in multilevel secure operating systems. J. Inf. Sci. Eng. 15(1), 91–106 (1999)
Wang, S., Qiang, W., Jin, H., Yuan, J.: Covertinspector: Identification of shared memory covert timing channel in multi-tenanted cloud. Int. J. Parallel Prog. 45(1), 142–156 (2017)
Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 473–482, December 2006
Wang, Z., Lee, R.B.: New constructive approach to covert channel modeling and channel capacity estimation. In: Proceedings of the 8th International Conference on Information Security, ISC 2005, pp. 498–505. Springer, Heidelberg (2005)
Wang, Z., Yang, R., Fu, X., Du, X., Luo, B.: A shared memory based cross-VM side channel attacks in IaaS cloud. In: 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 181–186, April 2016
Wilson, G., Weidner, K., Salem, L.: Extending Linux for Multi-Level Security. DEStech Publications Inc., Lancaster (2007)
Acknowledgements
This work was supported by the MEPhI Academic Excellence Project (agreement with the Ministry of Education and Science of the Russian Federation of August 27, 2013, project no. 02.a03.21.0005).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Efanov, D., Roschin, P. (2018). The Port-in-Use Covert Channel Attack. In: Samsonovich, A., Klimov, V. (eds) Biologically Inspired Cognitive Architectures (BICA) for Young Scientists. BICA 2017. Advances in Intelligent Systems and Computing, vol 636. Springer, Cham. https://doi.org/10.1007/978-3-319-63940-6_34
Download citation
DOI: https://doi.org/10.1007/978-3-319-63940-6_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-63939-0
Online ISBN: 978-3-319-63940-6
eBook Packages: EngineeringEngineering (R0)