Design of the multi-level security network switch system which restricts covert channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE.

Design of the multi-level security network switch system which restricts covert

channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference onAuthors: Xiong Liu, Haiwei Xue, Xiaoping Feng, Yiqi Dai, Department of Computer Science and Technology, Tsinghua University, Beijing 10084, China

1

Covert channel

• In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy.

2

Multi-level Security Local Area

Network system (MSL)• The low level host can send data packet to

high level host, but high level host cannot send data packet to low level host.

• TCP/IP SYN/ACK packet cannot be sent back in the above mechanism. So it must allow the sending of SYN/ACK.

• The SYN/ACK may become a loophole for the covert channel.

3Low level High level host

System architecture

• Monitor in each hosts• Controller• Filter

4

System architecture- Monitor

• The system can monitor the hosts’ actions to specify the hosts’ security level by the monitors.

• The user must install the monitor in their computer.

• Monitor communicate to the controller.

5

System architecture- controller

• Functions:– Host registering: Make sure that all the hosts

and switches connected to the network are authorized.

– Flow computing: Compute the packet’s flow path based on the network’s topological structure. It can make sure all of the data flow paths are compatible with the system’s security policy

6

Level: 2 Level: 3

System architecture- controller (cont.d)

– Flow updating: When the flow path has been computed, the Controller updates the flow tables of switches which locate on the path to set up it.

7

System architecture- filter

• Content check module– Level 1: Check the data field and flags

field.– Level 2: Check the unused fields and

optional field.– Level 3: Check the sequence number

and acknowledgement number.– Level 4: Check the covert channel which

uses packet retransmission or packet loss to send information.

8

Experiment

9

Conclusion

• This paper proposed a design of multi-level security network switch system which can restrict covert channel.

• The design can guarantee the availability and security of the information exchange among hosts in multi-level security network system. The experiment showed that the design is available.

10

Reference

• http://en.wikipedia.org/wiki/Covert_channel

• [L-BLP security model in local area network],http://www.ejournal.org.cn/CN/abstract/abstract44.shtml

11