Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design of the multi-level security network switch system which restricts covert channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE.

Published bySamson Joshua Watson Modified over 9 years ago

Similar presentations

Presentation on theme: "Design of the multi-level security network switch system which restricts covert channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE."— Presentation transcript:

1 Design of the multi-level security network switch system which restricts covert channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on Authors: Xiong Liu, Haiwei Xue, Xiaoping Feng, Yiqi Dai, Department of Computer Science and Technology, Tsinghua University, Beijing 10084, China 1

2 Covert channel In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. 2

3 Multi-level Security Local Area Network system (MSL) The low level host can send data packet to high level host, but high level host cannot send data packet to low level host. TCP/IP SYN/ACK packet cannot be sent back in the above mechanism. So it must allow the sending of SYN/ACK. The SYN/ACK may become a loophole for the covert channel. 3 Low level High level host

4 System architecture Monitor in each hosts Controller Filter 4

5 System architecture- Monitor The system can monitor the hosts’ actions to specify the hosts’ security level by the monitors. The user must install the monitor in their computer. Monitor communicate to the controller. 5

6 System architecture- controller Functions: –Host registering: Make sure that all the hosts and switches connected to the network are authorized. –Flow computing: Compute the packet’s flow path based on the network’s topological structure. It can make sure all of the data flow paths are compatible with the system’s security policy 6 Level: 2Level: 3

7 System architecture- controller (cont.d) –Flow updating: When the flow path has been computed, the Controller updates the flow tables of switches which locate on the path to set up it. 7

8 System architecture- filter Content check module –Level 1: Check the data field and flags field. –Level 2: Check the unused fields and optional field. –Level 3: Check the sequence number and acknowledgement number. –Level 4: Check the covert channel which uses packet retransmission or packet loss to send information. 8

9 Experiment 9

10 Conclusion This paper proposed a design of multi- level security network switch system which can restrict covert channel. The design can guarantee the availability and security of the information exchange among hosts in multi-level security network system. The experiment showed that the design is available. 10

11 Reference http://en.wikipedia.org/wiki/Covert_channel [L-BLP security model in local area network],http://www.ejournal.org.cn/CN/ab stract/abstract44.shtmlhttp://www.ejournal.org.cn/CN/ab stract/abstract44.shtml 11

Download ppt "Design of the multi-level security network switch system which restricts covert channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE."

Similar presentations

Introduction 1 Lecture 13 Transport Layer (Transmission Control Protocol) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer.

Introduction 1 Lecture 13 Transport Layer (Transmission Control Protocol) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer.
1 Agenda TMA2 Feedback TMA3 T821 Bock 2. 2 Packet Switching.

1 Agenda TMA2 Feedback TMA3 T821 Bock 2. 2 Packet Switching.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Author: Seungwon Shin, Vinod Yegneswaran, Phillip Porras, Guofei Gu

Author: Seungwon Shin, Vinod Yegneswaran, Phillip Porras, Guofei Gu
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Protocols and the TCP/IP Suite

Protocols and the TCP/IP Suite
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.

Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.
VLANs Semester 3, Chapter 3 Allan Johnson Website:

VLANs Semester 3, Chapter 3 Allan Johnson Website:
CS335 Networking & Network Administration Tuesday, April 20, 2010.

CS335 Networking & Network Administration Tuesday, April 20, 2010.
Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.

Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.

1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.

Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.
Process-to-Process Delivery:

Process-to-Process Delivery:
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.
The 1st European NetFPGA Developers Workshop Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5 Kai Zhang, Xiaoming.

The 1st European NetFPGA Developers Workshop Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5 Kai Zhang, Xiaoming.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

Similar presentations

Ads by Google