Re: How unchecked conversion works?

[Jeffrey Carter <spam@spam.com>]

Larry Kilgallen wrote:

> I remember that the Honeywell SCOMP was evaluated at the A1 level.

I attended a presentation at a conference in the late 1980's by a 
researcher whose project was to create an A1 OS. Basically he was 
reimplementing UNIX into an A1 level OS. This allowed him to reuse some 
of the UNIX source code. This was funded by the US govt.

He had achieved everything except there was one small covert channel 
available. A trusted user could set up a program that created a lot of 
processes when it wanted to transmit a one, and no processes to transmit 
a zero. The untrusted recipient would create a process from time to time 
and see how many processes had been created, since process IDs were 
sequential.

This created a noisy channel with a bandwidth of about 1 bps.

The researcher tried to plug this hole by using a PRNG to generate IDs 
without replacement, but since the algorithm used by the PRNG would be 
known or easily determined, that just made the recipient's program a 
little more complicated, and the channel a little more noisy.

Since the researcher couldn't include a true RNG in his SW, the project 
was a failure.

It seems to me that this system was a success. Nothing stops the trusted 
person from memorizing a block of data, going out of the secure area, 
writing it down, and giving it to the recipient. That would have less 
noise and a much higher bandwidth than this covert channel. The only 
channels worth worrying about should be those that are better than 
humans can achieve without using the computer. Trying to plug this kind 
of hole is a waste of time.

-- 
Jeff Carter
"Every sperm is sacred."
Monty Python's the Meaning of Life
55