期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

短消息指标新定义及在事务信道限制中的应用 被引量:5

New Definition of Small Message Criterion and Its Application in Transaction Covert Channel Mitigating
下载PDF
导出
摘要 短消息指标可以度量隐蔽信道的短消息传输能力,是信道容量的必要补充.但指标现有定义中还存在着以下问题:消息长度参数在普通信息系统中不能定量分析;信道限制机制难以同时满足传输时间和保真度两个约束;没有包含消息的敏感度信息.针对这些问题,首先通过引入短消息传输价值的概念,给出了短消息指标的新定义.在该定义中,利用价值阈值统一表示系统对信道短消息传输能力的容忍程度,并且在所采用的价值函数中引入了消息的敏感度因素.其后,基于安全实时数据库应用场景给出了结合短消息指标和信道容量的事务隐蔽信道度量和限制机制.理论分析和模拟结果表明,基于短消息指标的新定义,系统可以对隐蔽信道威胁实施全面的度量和可调节的限制. Small Message Criterion (SMC) can measure the capability of the covert channel on transmitting small messages and is a necessary complement to the capacity criterion. However, SMC's present definition has deficiencies. The acquirement of message length proved to be hard in the common information system. Mitigating mechanism can not simultaneously satisfy the two restrictions of message transfer time and fidelity. The criterion does not cover information of message's sensitivity. At first, the value function of message is introduced to represent the danger of small message transmission. Based on the value function, a new definition of SMC is presented where the threat tolerance standard of system is represented by a threshold of message value. The value function also takes message's sensitivity into account. A mechanism for secure real-time database scenario, which combines SMC with the channel capacity, is presented to measure and mitigate the threat of transaction covert channel. Theoretical analysis and experimental results show that with the proposed new SMC, the secure system can perform comprehensive measurement and adjustable mitigation to the threat of covert channel.
作者 曾海涛 王永吉 祖伟 蔡嘉勇 阮利
机构地区 中国科学院软件研究所互联网软件技术实验室 中国科学院研究生院 中国科学院软件研究所基础软件国家工程中心 中国科学院软件研究所计算机科学国家重点实验室 哈尔滨工程大学自动化学院
出处 《软件学报》 EI CSCD 北大核心 2009年第4期985-996,共12页 Journal of Software
基金 国家自然科学基金No.60673022 中国科学院"百人计划" 国家科技攻关计划No.2005BA113A02~~
关键词 短消息指标 信道容量 事务隐蔽信道 安全实时数据库 small message criterion channel capacity transaction covert channel secure real-time database
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献2

二级参考文献25

  • 1[1]Lampson BW. A note on the confinement problem. CACM, 1973,16(10):.613~615. 被引量:1
  • 2[2]Tsai CR, Gligor VD, Chandersekaran CS. A formal method for the identification of covert storage channels in source code. IEEE Trans. on Software Engineering, 1990,16(6):569~580. 被引量:1
  • 3[3]U.S. Department of Defense. Trusted Computer System Evaluation Criteria. DoD 5200.28-STD, 1985. 被引量:1
  • 4[4]General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China. Classfied criteria for security protection of computer information system. GB 18859-1999, 1999 (in Chinese). 被引量:1
  • 5[5]Qing SH, Ji QG. Formal model design for secure operating systems. In: ITI 1st Int'l Conf. on Information and Communications Technology. 2003. 被引量:1
  • 6[6]Kemmerer RA. Shared resource matrix methodology: An approach to identifying storage and timing channels. ACM Trans. on Computer Systems, 1983,1(3):256~277. 被引量:1
  • 7[7]Porras PA, Kemmerer RA. Covert flow trees: A technique for identifying and analyzing covert storage channels. In: Proc. of the 1991 IEEE Computer Society Symp. on Research in Security and Privacy. 1991.36~51. 被引量:1
  • 8[8]McHugh J. Covert channel analysis: A chapter of the handbook for the computer security certification of trusted system. NRL Technical Memorandum 5540:062A, 1995. 被引量:1
  • 9[9]Kemmerer RA, Taylor T. A modular covert channel analysis methodology for trusted DG/UX. In: Proc. of the 12th Annual Computer Security Applications Conf. Washington: IEEE Computer Society, 1996. 224~235. 被引量:1
  • 10[10]Millen JK. Finite-State noiseless covert channels. In: Proc. of the Computer Security Foundations Workshop. Franconia: IEEE Computer Society, 1989. 81~85. 被引量:1

共引文献28

同被引文献64

  • 1王保华,李丹宁,李丹,马新强,章衡.高安全级别安全数据库的隐蔽通道分析[J].计算机研究与发展,2006,43(z2):168-172. 被引量:1
  • 2卿斯汉.高安全等级安全操作系统的隐蔽通道分析[J].软件学报,2004,15(12):1837-1849. 被引量:31
  • 3卿斯汉,沈昌祥.高等级安全操作系统的设计[J].中国科学(E辑),2007,37(2):238-253. 被引量:16
  • 4GB/T20009—2005,信息安全技术,数据库管理系统安全评估准则[S].2005. 被引量:2
  • 5Zander S, Armitage G, Branch P. A survey of covert channels and countermeasures in computer network protocols [J]. Communications Surveys &Tutorials, 2007, 9(3):44- 57. 被引量:1
  • 6Ristenpart T, Tromer E, Shacham H, et al. Hey, you, get off of my cloud: Exploring information leakage in third party compute clouds [C] //Proc of CCS'09. New York: ACM, 2009, 199-212. 被引量:1
  • 7Wu Jingzheng, Wang Wongji, Ding Liping, et al. Identification and evaluation of sharing memory covert timing channel in Xen virtual machines [C] //Proe of CLOUD 2011. I.os Alamitos, CA: IEEE Computer Society, 2011:283-291. 被引量:1
  • 8Aviram A, Hu S, Ford B, et al. Determinating timing channels in compute clouds [C] //Proc of CCSW'10. New York: ACM, 2010:103-108. 被引量:1
  • 9NCSC. Trusted Computer System Evaluation Criteria [S]. Fort Meade: National Security Agency (NSA), 1985. 被引量:1
  • 10ISO/IEC. Common Criteria for Information Technology Security Evaluation [S]. Switzerland: ISO, 2005. 被引量:1

引证文献5

二级引证文献35

软件学报
2009年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部