From: Jeffrey Carter <spam@spam.com>
Subject: Re: How unchecked conversion works?
Date: Sun, 16 Jan 2005 16:41:40 GMT
Date: 2005-01-16T16:41:40+00:00 [thread overview]
Message-ID: <8PwGd.8282$pZ4.6177@newsread1.news.pas.earthlink.net> (raw)
In-Reply-To: <qUMSIakyEq1d@eisner.encompasserve.org>
Larry Kilgallen wrote:
> I remember that the Honeywell SCOMP was evaluated at the A1 level.
I attended a presentation at a conference in the late 1980's by a
researcher whose project was to create an A1 OS. Basically he was
reimplementing UNIX into an A1 level OS. This allowed him to reuse some
of the UNIX source code. This was funded by the US govt.
He had achieved everything except there was one small covert channel
available. A trusted user could set up a program that created a lot of
processes when it wanted to transmit a one, and no processes to transmit
a zero. The untrusted recipient would create a process from time to time
and see how many processes had been created, since process IDs were
sequential.
This created a noisy channel with a bandwidth of about 1 bps.
The researcher tried to plug this hole by using a PRNG to generate IDs
without replacement, but since the algorithm used by the PRNG would be
known or easily determined, that just made the recipient's program a
little more complicated, and the channel a little more noisy.
Since the researcher couldn't include a true RNG in his SW, the project
was a failure.
It seems to me that this system was a success. Nothing stops the trusted
person from memorizing a block of data, going out of the secure area,
writing it down, and giving it to the recipient. That would have less
noise and a much higher bandwidth than this covert channel. The only
channels worth worrying about should be those that are better than
humans can achieve without using the computer. Trying to plug this kind
of hole is a waste of time.
--
Jeff Carter
"Every sperm is sacred."
Monty Python's the Meaning of Life
55
next prev parent reply other threads:[~2005-01-16 16:41 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-13 18:54 How unchecked conversion works? None
2005-01-13 21:22 ` Frank J. Lhota
2005-01-13 22:28 ` Keith Thompson
2005-01-14 0:17 ` Larry Kilgallen
2005-01-14 15:23 ` None
2005-01-14 15:55 ` Marius Amado Alves
2005-01-14 22:29 ` Keith Thompson
2005-01-14 23:15 ` Marius Amado Alves
2005-01-15 1:27 ` Keith Thompson
2005-01-15 2:15 ` Larry Kilgallen
2005-01-15 10:24 ` Marius Amado Alves
2005-01-15 12:02 ` Larry Kilgallen
2005-01-15 16:54 ` Nick Roberts
2005-01-16 16:14 ` Larry Kilgallen
2005-01-16 16:41 ` Jeffrey Carter [this message]
2005-01-16 20:52 ` TCSEC security levels [was: How unchecked conversion works?] Nick Roberts
2005-01-17 15:57 ` Larry Kilgallen
2005-01-17 0:34 ` How unchecked conversion works? Larry Kilgallen
2005-01-17 1:29 ` Jeffrey Carter
2005-01-17 4:20 ` Larry Kilgallen
2005-01-15 18:24 ` Jeffrey Carter
2005-01-14 16:52 ` Mark H Johnson
2005-01-14 22:27 ` Keith Thompson
2005-01-14 22:49 ` Stephen Leake
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox