ATTENTION: The works hosted here are being migrated to a new repository that will consolidate resources, improve discoverability, and better show UTA's research impact on the global community. We will update authors as the migration progresses. Please see MavMatrix for more information.
Show simple item record
dc.contributor.author | Walls, Robert J. | en_US |
dc.date.accessioned | 2009-09-16T18:19:32Z | |
dc.date.available | 2009-09-16T18:19:32Z | |
dc.date.issued | 2009-09-16T18:19:32Z | |
dc.date.submitted | January 2009 | en_US |
dc.identifier.other | DISS-10337 | en_US |
dc.identifier.uri | http://hdl.handle.net/10106/1758 | |
dc.description.abstract | Covert timing channels provide a way to surreptitiously leak information from an entity in a higher-security level to an entity in a lower level. The difficulty of detecting or eliminating such channels makes them a desirable choice for adversaries that value stealth over throughput. When one considers the possibility of such channels transmitting information across network boundaries, the threat becomes even more acute. A promising technique for detecting covert timing channels focuses on using entropy-based tests. This method is able to reliably detect known covert timing channels by using a combination of entropy and conditional entropy to detect anomalies in shape and regularity, respectively. This dual approach is intended to make entropy-based detection robust against both current and future channels. In this work, we show that entropy-based detection can be defeated by a channel that intelligently manipulates the metrics used for detection. Specifically, we propose a new covert channel that uses a portion of the inter-packet delays in a compromised stream to smooth out the distortions detected by the entropy test. Our experimental results suggest that this channel can successfully evade entropy-based detection and other known tests while maintaining reasonable throughput. Furthermore, we investigate the effects of parameter selection on the channel. We introduce a model for analyzing the effect of our techniques on the entropy of the channel and empirically investigate the accuracy of the model. | en_US |
dc.description.sponsorship | Wright, Matthew | en_US |
dc.language.iso | EN | en_US |
dc.publisher | Computer Science & Engineering | en_US |
dc.title | Liquid: A Detection Resistant Covert Timing Channel Based On Ipd Shaping | en_US |
dc.type | M.S. | en_US |
dc.contributor.committeeChair | Wright, Matthew | en_US |
dc.degree.department | Computer Science & Engineering | en_US |
dc.degree.discipline | Computer Science & Engineering | en_US |
dc.degree.grantor | University of Texas at Arlington | en_US |
dc.degree.level | masters | en_US |
dc.degree.name | M.S. | en_US |
dc.identifier.externalLink | http://www.uta.edu/ra/real/editprofile.php?onlyview=1&pid=215 | |
dc.identifier.externalLinkDescription | Link to Research Profiles | |
Files in this item
- Name:
- Walls_uta_2502M_10337.pdf
- Size:
- 209.7Kb
- Format:
- PDF
This item appears in the following Collection(s)
Show simple item record