Evaluation of Statistical Tests for Detecting Storage-Based Covert Channels - ICT Systems Security and Privacy Protection
Conference Papers Year : 2020

Evaluation of Statistical Tests for Detecting Storage-Based Covert Channels

Thomas Sattolo
  • Function : Author
  • PersonId : 1117599
Jason Jaskolka
  • Function : Author
  • PersonId : 1117600

Abstract

Individuals and organizations are more aware than ever of the importance and value of preserving the confidentiality and privacy of sensitive information. However, detecting the leakage of sensitive information in networked systems is still a challenging problem, especially when adversaries use covert channels to exfiltrate sensitive information to unauthorized parties. Presently, approaches for detecting timing-based covert channels have been studied more extensively than those for detecting storage-based covert channels. In this paper, we evaluate the effectiveness of a selection of statistical tests for detecting storage-based covert channels. We present the results of several experiments which show that complexity-based tests are effective at detecting storage-based covert channels when information is embedded into network packet header fields that are not expected to follow a particular pattern, such as the IP Identification and Time-to-Live. These results can help to guide the construction of practical detection platforms capable of effectively detecting the leakage of sensitive information via storage-based covert channels.
Fichier principal
Vignette du fichier
497034_1_En_2_Chapter.pdf (335.39 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03440831 , version 1 (22-11-2021)

Licence

Identifiers

Cite

Thomas Sattolo, Jason Jaskolka. Evaluation of Statistical Tests for Detecting Storage-Based Covert Channels. 35th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2020, Maribor, Slovenia. pp.17-31, ⟨10.1007/978-3-030-58201-2_2⟩. ⟨hal-03440831⟩
20 View
29 Download

Altmetric

Share

More