| With the development of information network, Information systems are classified into different grades in our country, highly security level network needs higher defence. When data exchange is reqired between domains, if there exist some malisious users or processes, some covert communication methods can be used to leak information.Covert communications are inevitable over legal communication if the legal exists. So in highly security level network, covert channel must be analysed, and some counter measurements must be taken.This thsis does some research based on covert channel counter measurements.In order to make up a practical warden model for data exchange between different domains, and analysed covert channels, and presented practical problem met in reality.First, we describe related covert channel research works. Then we propose three kinds of covert channels based on different entropy aspect, we classify them into varity entropy, constant entropy and zero entropy covert channel. Among them, zero entropy is a new species, and we further devide them by how to utilize the overt source.Second, we propose two methods of detection for constant entropy covert channel. The attribe shift method and the pearson chi-square method, the two methods improved the effect with different aspect. For the new proposed zero entropy channel, we gave the relation between warden parameter selection and channel capacity.Then, limited by calculation and authorization, some covert channels should not be countered on network solely. So we integrate the warden and trusted endpoint. Through setting up root of trust on endpoints, and expanding it to network, the warden can verify files based on the configuration information in advance.Finally, we propose a practical warden model which adopting 3-hosts and information landing, discuss some practical problem in reality, and give an example.
|
PDF Full Text Request