|
|
|
Modern Operating Systems by Herbert Bos and Andrew S. Tanenb...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf
Showing 648-649 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 648
SEC. 9.4
FORMAL MODELS OF SECURE SYSTEMS
617
1
1
0
1
0
1
0
0
Server
Server locks
file to send 1
Time
Collaborator
Server unlocks
file to send 0
Bit stream sent
Figure 9-13.
A covert channel using file locking.
another bit is present in
S
.
Since timing is no longer involved, this protocol is fully
reliable, even in a busy system, and can proceed as fast as the two processes can
get scheduled.
To get higher bandwidth, why not use two files per bit time, or
make it a byte-wide channel with eight signaling files,
S0
through
S7
?
Acquiring and releasing dedicated resources (tape drives, plotters, etc.)
can
also be used for signaling. The server acquires the resource to send a 1 and releases
it to send a 0.
In UNIX, the server could create a file to indicate a 1 and remove it
to indicate a 0; the collaborator could use the
access
system call to see if the file
exists. This call works even though the collaborator has no permission to use the
file. Unfortunately, many other covert channels exist.
Lampson also mentioned a way of leaking information to the (human) owner
of the server process. Presumably the server process will be entitled to tell its
owner how much work it did on behalf of the client, so the client can be billed.
If
the actual computing bill is, say, $100 and the client’s income is $53,000, the ser-
ver could report the bill as $100.53 to its owner.
Just finding all the covert channels, let alone blocking them, is nearly hopeless.
In practice, there is little that can be done.
Introducing a process that causes page
faults at random or otherwise spends its time degrading system performance in
order to reduce the bandwidth of the covert channels is not an attractive idea.
Steganography
A slightly different kind of covert channel can be used to pass secret infor-
mation between processes, even though a human or automated censor gets to
inspect all messages between the processes and veto the suspicious ones. For ex-
ample, consider a company that manually checks all outgoing email sent by com-
pany employees to make sure they are not leaking secrets to accomplices or com-
petitors outside the company. Is there a way for an employee to smuggle substan-
tial volumes of confidential information right out under the censor’s nose? It turns
out there is and it is not all that hard to do.
Page 649
618
SECURITY
CHAP. 9
As a case in point, consider Fig. 9-14(a). This photograph, taken by the author
in Kenya, contains three zebras contemplating an acacia tree.
Fig. 9-14(b) appears
to be the same three zebras and acacia tree, but it has an extra added attraction.
It
contains the complete, unabridged text of five of Shakespeare’s plays embedded in
it:
Hamlet
,
King Lear
,
Macbeth
,
The Merchant of Venice
, and
Julius Caesar
. To-
gether, these plays total over 700 KB of text.
(a)
(b)
Figure 9-14.
(a) Three zebras and a tree. (b) Three zebras, a tree, and the com-
plete text of five plays by William Shakespeare.
How does this covert channel work? The original color image is 1024
×
768
pixels. Each pixel consists of three 8-bit numbers, one each for the red, green, and
blue intensity of that pixel. The pixel’s color is formed by the linear superposition
of the three colors.
The encoding method uses the low-order bit of each RGB
color value as a covert channel. Thus each pixel has room for 3 bits of secret infor-
mation, one in the red value, one in the green value, and one in the blue value.
With an image of this size, up to 1024
×
768
×
3 bits (294,912 bytes) of secret
information can be stored in it.
The full text of the five plays and a short notice adds up to 734,891 bytes. This
was first compressed to about 274 KB using a standard compression algorithm.
The compressed output was then encrypted and inserted into the low-order bits of
each color value. As can be seen (or actually, cannot be seen), the existence of the
information is completely invisible. It is equally invisible in the large, full-color
version of the photo.
The eye cannot easily distinguish 7-bit color from 8-bit color.
Once the image file has gotten past the censor, the receiver just strips off all the
low-order bits, applies the decryption and decompression algorithms, and recovers
the original 734,891 bytes. Hiding the existence of information like this is called
steganography
(from the Greek words for ‘‘covered writing’’). Steganography is
not popular in dictatorships that try to restrict communication among their citizens,
but it is popular with people who believe strongly in free speech.
Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Concordia_University
School:
Operating_Systems
Course:
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades
Know more
Students also viewed documents
lab 18.docx
lab_18.docx
Course
Course
3
Module5QuizSTA2023.d...
Module5QuizSTA2023.docx.docx
Course
Course
10
Week 7 Test Math302....
Week_7_Test_Math302.docx.docx
Course
Course
30
Chapter 1 Assigment ...
Chapter_1_Assigment_Questions.docx.docx
Course
Course
5
Week 4 tests.docx.do...
Week_4_tests.docx.docx
Course
Course
23
Week 6 tests.docx.do...
Week_6_tests.docx.docx
Course
Course
106
