Modern Operating Systems by Herbert Bos ...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Showing 647 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 647
Encapsulated server
Figure 9-12.
(a) The client, server, and collaborator processes.
(b) The encapsu-
lated server can still leak to the collaborator via covert channels.
a 1 bit, it computes as hard as it can for a fixed interval of time.
To send a 0 bit, it
goes to sleep for the same length of time.
The collaborator can try to detect the bit stream by carefully monitoring its re-
sponse time.
In general, it will get better response when the server is sending a 0
than when the server is sending a 1.
This communication channel is known as a
covert channel
, and is illustrated in Fig. 9-12(b).
Of course, the covert channel is a noisy channel, containing a lot of extraneous
information, but information can be reliably sent over a noisy channel by using an
error-correcting code (e.g., a Hamming code, or even something more sophisti-
cated). The use of an error-correcting code reduces the already low bandwidth of
the covert channel even more, but it still may be enough to leak substantial infor-
mation. It is fairly obvious that no protection model based on a matrix of objects
and domains is going to prevent this kind of leakage.
Modulating the CPU usage is not the only covert channel. The paging rate can
also be modulated (many page faults for a 1, no page faults for a 0).
In fact, almost
any way of degrading system performance in a clocked way is a candidate.
If the
system provides a way of locking files, then the server can lock some file to indi-
cate a 1, and unlock it to indicate a 0.
On some systems, it may be possible for a
process to detect the status of a lock even on a file that it cannot access. This covert
channel is illustrated in Fig. 9-13, with the file locked or unlocked for some fixed
time interval known to both the server and collaborator.
In this example, the secret
bit stream 11010100 is being transmitted.
Locking and unlocking a prearranged file,
, is not an especially noisy channel,
but it does require fairly accurate timing unless the bit rate is very low. The
reliability and performance can be increased even more using an acknowledgement
protocol. This protocol uses two more files,
, locked by the server and
collaborator, respectively, to keep the two processes synchronized. After the server
locks or unlocks
, it flips the lock status of
to indicate that a bit has been sent.
As soon as the collaborator has read out the bit, it flips
’s lock status to tell the
server it is ready for another bit and waits until
is flipped again to indicate that

Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades

Students also viewed documents