Speaker: Jason Jaskolka Topic: Modeling, Analysis, and Detection of Information Leakage via Protocol-Based Covert Channels Date: October 13 2010 Time: 1:00 pm Place: ITB 222 Abstract: With the emergence of computers in every day activities and with the ever-growing complexity of networks and network protocols, covert channels are becoming an eminent threat to confidentiality of information. With increasing sensitivity of data in many computer application domains, the leakage of confidential information can have severe repercussions on the institution from which the information was leaked. In light of this eminent threat, we propose a technique to detect confidential information leakage via covert channels. We limit our focus to instances where the users of covert channels modulate the information that is being sent; either by encryption, or some other form of encoding. In the literature, the difference between classes of covert channels under the current classification is unclear. This lack of clarity results in the development of incomplete techniques for modeling, detecting and preventing covert channels. In this thesis, we propose a new classification for covert channels which organizes covert channels into two types: protocol-based covert channels and environment-based covert channels. We also develop a novel, comprehensive model for protocol-based covert channel communication. Using the developed model, we explore the relationship between covert channel communication, steganography and watermarking. The intent is to provide a better understanding of covert channel communication in an attempt to develop investigative support for confidentiality. Finally, we propose a technique for detecting confidential information leakages via covert channels. The technique is based on relation algebra and offers tests for verifying the existence of an abstraction relation which relates the confidential information to the information that is observed to be sent on the communication channel. It focuses on protocol-based covert channels. With a better understanding of covert channel communication, we are able to develop more effective and efficient mechanisms for detecting and preventing the use of covert channels to leak confidential information in computer systems.