Vulnerability Development mailing list archives

Re: Covert Channels

From: daw () mozart cs berkeley edu (David Wagner)
Date: 24 Oct 2002 17:46:40 GMT

Richard Masoner  wrote:

Part of covert channel detection, for example, might
be flagging a user who copies text from an X window
and pastes that text into an X window that's at a
lower privilege level.


I wouldn't call that a covert channel; I'd call that an overt channel.
It's just a violation of an information flow style mandatory access
control policy, and not all such violations are covert channels.

(Now if you described a Trojan horse X app leaking text to another program
on the same machine by banging hard on the X server with lots of requests
for a second to send a 1 bit or going idle for a second to send a 0 bit,
that would indeed be a covert channel.  Trying to stop the latter example
is probably futile.)

Current thread:

RE: Covert Channels, (continued)
- RE: Covert Channels Michael Wojcik (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 17)
- Re: Covert Channels FX (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 18)
- RE: Covert Channels Chris Anley (Oct 22)
- RE: Covert Channels Frank Knobbe (Oct 23)
  - RE: Covert Channels Michal Zalewski (Oct 23)
    - RE: Covert Channels Richard Masoner (Oct 23)
    - RE: Covert Channels Omar Herrera (Oct 23)
    - Re: Covert Channels Timothy J. Miller (Oct 23)
    - Re: Covert Channels David Wagner (Oct 24)
- RE: Covert Channels Brooke, O'neil (EXP) (Oct 23)
- RE: Covert Channels Anton Aylward (Oct 23)
  - RE: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Jose Nazario (Oct 24)
  - Re: Covert Channels David Wagner (Oct 24)