Covert Channels: A close look at one of the necessary conditions for their existence
- McMaster University
Oct. 17, 2014, 2:30 p.m. - None
Software systems contain paths for information transmission that were not intended by their designers. These paths utilize the
systems' resources, environment, or established legitimate communication channels. They are called covert channels and can be used as paths to leak out confidential information to unauthorized recipients. To the unwary user, these channels may transport information as if by magic, despite the vigilance of monitors. Because of this, covert channels pose a significant threat to information security.
In a system of communicating agents, if there exists a covert channel, then two conditions are satisfied: Constraint on Communication and Potential for Communication. In this talk, we discuss the potential for communication condition. We present a mathematical framework for communication and concurrency called Communicating Concurrent Kleene Algebra (C2KA). C2KA extends the work of Tony Hoare et al. on Concurrent Kleene algebra with the notion of stimuli. Then, we use C2KA to propose a formulation of the potential for communication condition. We discuss the preservation of the potential for communication after the modification of an agent on a communication path.
Biography: Ridha Khedri is a Professor of software engineering and a member of the Formal Requirements and Information Security Enhancement (FRAISE) Research Group. He obtained his Engineer Diploma in 1987 from the University of Tunis. He received a M.Sc. and a Ph.D. from Laval University, Quebec, Canada, in 1993 and 1998 respectively. In March 1998, he joined the Communications Research Laboratories of McMaster University as a post-doctoral researcher under the supervision of Prof. David L. Parnas. From December 1998 to June 2005 he was an Assistant Professor at McMaster University. From July 2005 to June 2014 he was an Associate Professor at McMaster University. His research interests include algebraic methods in software engineering, analysis of information security policies and of cryptographic-key distribution scheme, data cleaning, software product families, and formal software requirements analysis. He organized or served on the program committee of more than 30 conferences and workshops. He is a licensed professional engineer in the province of Ontario. He is a member of the Association for Computing Machinery and the IEEE Computer Society.