| In the multilevel security systems there are many potential threats,such as covert channels. The relevant standards of the governments at present require to identify,measure and dispose covert channels in the high security systems. Covert channel identification is the precondition and basis of measurement and disposal, which directly affects the reliability of the analysis results. However, most of the -covert channel identification methods are based on the necessary but insufficient conditions of covert channels in systems with much pseudo covert channels inevitably. Analysers need to spend more time and energy on personnel further, which makes covert channel analysis huge workload.The thesis bases on the analysis of semantic information flow and the goal is to reduce the false alarm rate of covert channel identification. Through researching on covert channel identification in multilevel security systems, the thesis has completed the following three aspects of work:(1) A covert channel formal model based on semantic information flow model is proposed. Combined with the analysis of the semantics of programming languages,the extension of information flow rules according to Tsai and Gligor's are given,which defines the semantic information flow model (SeIM); By analyzing the theory of hidden information transmission in multilevel security systems, the covert channel model(SeIB-C2M) based on SeIM is defined. The model depicts the covert channel from the view of semantic analysis, providing more information and basis for covert channel identification and test results analysis.(2) A semantic analysis method for the system to be identified is proposed based on program dependence. According to the relationship between program dependence and information flows, the information flow graphs of function and primitive operation are defined, and the system information flow graph (SIG) is designed based on the program dependence graph. The SIG ignores the design and implementation details of the top level description and the source code of the system that are independent of information flow analysis, in this way providing more suitable detection object for covert channel identification.(3) A covert channel identification method with low false alarm rate is put forward based on SIG and type system. By describing the performance characteristics of covert channels, the method for depth first searching and filtering covert communication paths in SIG is designed,which is used to judge covert channels.Furtherly,a semantic type system include the covert channel specification assertion set and the type inference rules is defined,and based on the semantic type system an elimination method for pseudo covert channels is proposed. Analysis results of an example system show that this method can effectively eliminate the pseudo covert channels, reduce the false alarm rate and provide effective parameters and evidence to construct the work scene for covert channels. Thus, the workload of the work scene construction is reduced. |
PDF Full Text Request