Real-Time Detection of Covert Channels in Highly Virtualized Environments

Abstract : Despite extensive research, covert channels are a principal threat to information security. Covert channels employ specially-crafted content or timing characteristics to transmit internal information to external attackers. Most techniques for detecting covert channels model legitimate network traffic. However, such an approach may not be applicable in dynamic virtualized environments because traffic for modeling normal activities may not be available.This paper describes Observer, a real-time covert channel detection system. The system runs a secure virtual machine that mimics the vulnerable virtual machine so that any differences between two virtual machines can be identified in real time. Unlike other detection systems, Observer does not require historic data to construct a model. Experimental tests demonstrate that Observer can detect covert channels with a high success rate and low latency and overhead.
Type de document :
Communication dans un congrès
Jonathan Butts; Sujeet Shenoi. 5th International Conference Critical Infrastructure Protection (ICCIP), Mar 2011, Hanover, NH, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-367, pp.151-164, 2011, Critical Infrastructure Protection V. 〈10.1007/978-3-642-24864-1_11〉
Liste complète des métadonnées

Littérature citée [35 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01571783
Contributeur : Hal Ifip <>
Soumis le : jeudi 3 août 2017 - 15:04:00
Dernière modification le : lundi 2 octobre 2017 - 13:52:03

Fichier

978-3-642-24864-1_11_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Anyi Liu, Jim Chen, Li Yang. Real-Time Detection of Covert Channels in Highly Virtualized Environments. Jonathan Butts; Sujeet Shenoi. 5th International Conference Critical Infrastructure Protection (ICCIP), Mar 2011, Hanover, NH, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-367, pp.151-164, 2011, Critical Infrastructure Protection V. 〈10.1007/978-3-642-24864-1_11〉. 〈hal-01571783〉

Partager

Métriques

Consultations de la notice

194

Téléchargements de fichiers

11