Stenographied File Transfer Using Posix File Locks

    Date10 Oct 2002
    3549
    Posted ByAnthony Pell
    Every computer system is insecure! Why? because by using any system resources that are available to each process information can be leaked. Say for example you can detect CPU usage remotely (possible by measuring the time taken for a ping reply . . . Every computer system is insecure! Why? because by using any system resources that are available to each process information can be leaked. Say for example you can detect CPU usage remotely (possible by measuring the time taken for a ping reply for example). If the CPU is under a heavy load say 100% utilization the packet will take longer to be processed and return a reply than if the CPU has a light load of say 10%. By being able to detecting the difference would allow a 1 and a 0 to be leaked from the system (any one wishing to implement this have a look at Ackerman's function). The likelihood of the CPU usage being monitored for stenography use is low, but it is a viable covert channel for leaking information.

    There is no way every possible convert channel can be blocked even in high level military MLS (Multilevel security) systems such as SCOMP (Secure Communications Processor), Pump (developed by the US Naval Research Laboratory), and Purple Penelope (A NT workstation MLS wrapper from the British Defense Evaluation and Research Agency). A system can be highly tightened to stop information been leaked but a covert channel will always exist.

    Other examples of covert channels are pictures (e.g. bitmaps, gif's and picts), packet headers (e.g. ACK tunneling), hard disk access times, process ID's, bus cycles, last access time on files, network protocols, temporarily denial of servicing a host (jolt2 anyone?), there are numerous others including file locks - the topic of this paper.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"8","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.