The Port-in-Use Covert Channel Attack
We propose a port-is-in-use attack, which is intended for leaking sensitive information in multilevel secure operating systems. Our approach is based on TCP socket mechanism widely used in Linux for interprocess communication. Despite the strong limitations inherent in operating systems with mandatory access control, sockets may not be restricted by the security policy, which makes it possible theoretically to transfer information from one process to another from a high security level to a low one. The proposed attack belongs to the operating system storage transition-based class attack. The main idea is to use the availability of TCP port, which is shared among processes at more than one security level, as the communication medium. The possibility or impossibility of binding a socket to a predefined port is used to transmit a bit of 0 or 1 respectively. We implement proof-of-concept exploit, which was used to check the idea and to evaluate covert channel capacity. Experimental results show that the proposed technique provides high rate covert channel, that means a significant threat of confidentiality in multilevel secure operating systems.
KeywordsCovert channel Information flow TCP socket Proof-of-concept exploit Multilevel security Mandatory access control Interprocess communication
This work was supported by the MEPhI Academic Excellence Project (agreement with the Ministry of Education and Science of the Russian Federation of August 27, 2013, project no. 02.a03.21.0005).
- 1.Gallagher Jr., P.R.: A guide to understanding covert channel analysis of trusted systems provides a set of good (1993)Google Scholar
- 5.Hovhannisyan, H., Qi, W., Lu, K., Yang, R., Wang, J.: Whispers in the cloud storage: A novel cross-user deduplication-based covert channel design. Peer-to-Peer Netw. Appl. 1–10 (2016)Google Scholar
- 9.Mileva, A., Panajotov, B.: Covert channels in TCP/IP protocol stack - extended version-. Cent. Eur. J. Comput. Sci. 4(2), 45–66 (2014)Google Scholar
- 10.Okhravi, H., Bak, S., King, S.T.: Design, implementation and evaluation of covert channel attacks. In: 2010 IEEE International Conference on Technologies for Homeland Security (HST), pp. 481–487, November 2010Google Scholar
- 11.Pulls, T.: (More) side channels in cloud storage, pp. 102–115. Springer, Heidelberg (2012)Google Scholar
- 12.Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (1997)Google Scholar
- 14.Salih, A., Ma, X., Peytchev, E.: Implementation of hybrid artificial intelligence technique to detect covert channels attack in new generation internet protocol IPv6, pp. 173–190. Springer, Cham (2017)Google Scholar
- 15.Shieh, S.-P.: Estimating and measuring covert channel bandwidth in multilevel secure operating systems. J. Inf. Sci. Eng. 15(1), 91–106 (1999)Google Scholar
- 17.Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 473–482, December 2006Google Scholar
- 18.Wang, Z., Lee, R.B.: New constructive approach to covert channel modeling and channel capacity estimation. In: Proceedings of the 8th International Conference on Information Security, ISC 2005, pp. 498–505. Springer, Heidelberg (2005)Google Scholar
- 19.Wang, Z., Yang, R., Fu, X., Du, X., Luo, B.: A shared memory based cross-VM side channel attacks in IaaS cloud. In: 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 181–186, April 2016Google Scholar
- 20.Wilson, G., Weidner, K., Salem, L.: Extending Linux for Multi-Level Security. DEStech Publications Inc., Lancaster (2007)Google Scholar