Automatic Analysis Of Database Covert Channel Based On Source Code

Covert channel is a mechanism by which one user of a system transmits information to another user by violating system security policies.According to TCSEC requirements,the development of a database management system with level B2 and above must be subject to covert channel analysis.The core issue of covert channel analysis is covert channel identification,which is performed at 2 levels: the top-level description and the source code level.The source code is complex and difficult to understand,but source-level search methods are more accurate than search methods based on top-level system descriptions.At present,there is still a lack of covert channel analysis tools based on database source code,and also a lack of automatic and efficient tools for covert channel analysis.A source-based automated analysis tool for hidden channels of the database is designed and implemented,which can effectively reduce the false alarm rate as compared to other work where information flow analysis is performed on all functions executed by SQL operations,and the tool only analyzes the information flow of lines of code executed in the functions.The system is divided into three modules: a pre-processing module,a shared resource matrix generation module,and a covert channel analysis module.The preprocessing module mainly includes code format specification,using ctags to identify the local and global variables in the source code and so on.The shared resource matrix generation module firstly uses the code coverage tool Gcov to get all the code lines executed by SQL operations,and then The information flow diagram is constructed by combining information flow analysis rules,traverses the information flow graph to get the reference,modification and return relationship matrix of SQL operations and shared resources,that is,the shared resource matrix.The covert channel analysis module uses the shared resource matrix as the input of the covert flow tree method to get the candidate covert channels,remove some of the wrong covert channels and verify some of the real covert channels,calculate the maximum bandwidth of the verified covert channels,and give different processing suggestions according to different bandwidth.Through the actual test of the source code of the My SQL database,the results show that the tool does not miss the covert channel of the database,and the degree of automation is relatively high.