Existing technology is quite successful at preventing direct unauthorized communication in multilevel secure computer systems, but is almost completely ineffective at protecting such systems against covert storage and timing channels. In a covert channel, one process transmits secret information by modulating its rate of use of a shared resource, while another program detects that modulation by monitoring the responsiveness of the resource. The proposed protection technique involves screening all programs in a system by a data dependency analysis procedure that determines whether the results of those programs depend on the relative timing of operations within the system. Programs containing such timing dependencies are denied access to the system until certified by other means. The approach is reasonably inexpensive and completely rigorous and, when strictly applied, precludes all communication over covert storage and timing channels.
展开▼