高安全等级网络中信息隐蔽分析和实用抵抗模型
|
摘要
随着信息化进程的发展,国家根据重要程度把信息系统分成不同等级,高等级的信息系统需要更高的安全防护能力。当不同的信息域之间需要交换数据时,若网络中存在恶意的程序或用户,就可能利用某些隐蔽通信技术泄露敏感数据。
合法通讯使得承载其上的隐蔽通讯必然存在,因此在安全程度较高的网络需要对隐蔽通道进行分析,并采取手段进行定位、消除、限制和检测。
本文从隐通道抵抗角度出发,以构造一个实用的高等级安全网络中的隐蔽信息抵抗模型为目标,进行了理论分析并阐述了实际应用中需注意的问题。
首先,本文综合了以往的相关网络隐蔽通道研究,针对信源信息熵的不同,提出了基于信息熵的三种分类,把隐蔽通道分为变熵、定熵和零熵,其中零熵是一个新的分类,并根据隐蔽方如何利用显式信源提出了下一级子分类。
其次,本文详细描述了定熵隐蔽通道的检测,提出了两种检测方法,属性偏移检测和卡方检测,两种方法从不同的方面提高了检测的效果。对新提出的零熵分类,由于没有相关的检测方法做比较,给出了看守参数设置和隐蔽通道容量的关系,使看守可以根据对隐蔽通道的容忍程度配置不同的参数。
然后,本文把看守和可信终端节点相结合,通过在可信终端上建立可信根,并经过可信链传递到网络上,使看守和终端节点互相认证,看守上预先配置文件的证明信息对数据进行校验,能够较好的解决由于受限于权限和计算能力的看守带来的隐蔽通道。
最后,文章根据前文的分析,提出了实用的网络看守模型,模型采用三机体系结构来提高自身的安全,信息落地来消除底层隐蔽通道,配置通道来对数据传输分别控制,讨论了几个具体实现碰到的问题。给出并分析了一个实际应用中的典型案例,指出其能够回避的网络隐蔽通道和尚存的隐蔽通道容量。根据例子说明,本文提出的看守模型能够较好的解决高等级安全网络的隐蔽信息泄露问题。
With the development of information network, Information systems are classified into different grades in our country, highly security level network needs higher defence. When data exchange is reqired between domains, if there exist some malisious users or processes, some covert communication methods can be used to leak information.
Covert communications are inevitable over legal communication if the legal exists. So in highly security level network, covert channel must be analysed, and some counter measurements must be taken.
This thsis does some research based on covert channel counter measurements.In order to make up a practical warden model for data exchange between different domains, and analysed covert channels, and presented practical problem met in reality.
First, we describe related covert channel research works. Then we propose three kinds of covert channels based on different entropy aspect, we classify them into varity entropy, constant entropy and zero entropy covert channel. Among them, zero entropy is a new species, and we further devide them by how to utilize the overt source.
Second, we propose two methods of detection for constant entropy covert channel. The attribe shift method and the pearson chi-square method, the two methods improved the effect with different aspect. For the new proposed zero entropy channel, we gave the relation between warden parameter selection and channel capacity.
Then, limited by calculation and authorization, some covert channels should not be countered on network solely. So we integrate the warden and trusted endpoint. Through setting up root of trust on endpoints, and expanding it to network, the warden can verify files based on the configuration information in advance.
Finally, we propose a practical warden model which adopting 3-hosts and information landing, discuss some practical problem in reality, and give an example.
合法通讯使得承载其上的隐蔽通讯必然存在,因此在安全程度较高的网络需要对隐蔽通道进行分析,并采取手段进行定位、消除、限制和检测。
本文从隐通道抵抗角度出发,以构造一个实用的高等级安全网络中的隐蔽信息抵抗模型为目标,进行了理论分析并阐述了实际应用中需注意的问题。
首先,本文综合了以往的相关网络隐蔽通道研究,针对信源信息熵的不同,提出了基于信息熵的三种分类,把隐蔽通道分为变熵、定熵和零熵,其中零熵是一个新的分类,并根据隐蔽方如何利用显式信源提出了下一级子分类。
其次,本文详细描述了定熵隐蔽通道的检测,提出了两种检测方法,属性偏移检测和卡方检测,两种方法从不同的方面提高了检测的效果。对新提出的零熵分类,由于没有相关的检测方法做比较,给出了看守参数设置和隐蔽通道容量的关系,使看守可以根据对隐蔽通道的容忍程度配置不同的参数。
然后,本文把看守和可信终端节点相结合,通过在可信终端上建立可信根,并经过可信链传递到网络上,使看守和终端节点互相认证,看守上预先配置文件的证明信息对数据进行校验,能够较好的解决由于受限于权限和计算能力的看守带来的隐蔽通道。
最后,文章根据前文的分析,提出了实用的网络看守模型,模型采用三机体系结构来提高自身的安全,信息落地来消除底层隐蔽通道,配置通道来对数据传输分别控制,讨论了几个具体实现碰到的问题。给出并分析了一个实际应用中的典型案例,指出其能够回避的网络隐蔽通道和尚存的隐蔽通道容量。根据例子说明,本文提出的看守模型能够较好的解决高等级安全网络的隐蔽信息泄露问题。
With the development of information network, Information systems are classified into different grades in our country, highly security level network needs higher defence. When data exchange is reqired between domains, if there exist some malisious users or processes, some covert communication methods can be used to leak information.
Covert communications are inevitable over legal communication if the legal exists. So in highly security level network, covert channel must be analysed, and some counter measurements must be taken.
This thsis does some research based on covert channel counter measurements.In order to make up a practical warden model for data exchange between different domains, and analysed covert channels, and presented practical problem met in reality.
First, we describe related covert channel research works. Then we propose three kinds of covert channels based on different entropy aspect, we classify them into varity entropy, constant entropy and zero entropy covert channel. Among them, zero entropy is a new species, and we further devide them by how to utilize the overt source.
Second, we propose two methods of detection for constant entropy covert channel. The attribe shift method and the pearson chi-square method, the two methods improved the effect with different aspect. For the new proposed zero entropy channel, we gave the relation between warden parameter selection and channel capacity.
Then, limited by calculation and authorization, some covert channels should not be countered on network solely. So we integrate the warden and trusted endpoint. Through setting up root of trust on endpoints, and expanding it to network, the warden can verify files based on the configuration information in advance.
Finally, we propose a practical warden model which adopting 3-hosts and information landing, discuss some practical problem in reality, and give an example.
引文
[1]J Millen.20 Years of Covert Channel Modeling and Analysis. Proc. IEEE Symp. Sec. and Privacy, May 1999:113-114.
[2]Department of Defense. Trusted Computer System Evaluation Criteria, DOD5200.28-STD, U.S. Oct 1985.
[3]GB 17859-1999计算机信息系统安全保护等级划分准则
[4]GB-T 20279-2006信息安全技术网络和终端设备隔高部件安全技术要求
[5]S.Zander, GArmitage, P.Branch. A Survey of Covert Channels and Counter-measures in Computer Network Protocols. IEEE Communications Surveys and Tutorials,2007,3(9):44-57
[6]B Lampson. A Note on the Confinement Problem. Commun. ACM, Oct.1973, vol. 10(16):613-615.
[7]Schaefer M, Gold B, Linde R, Scheid J. Program confinement in KVM/370. Proc. of the 1977 Annual ACM Conf,1977,404-410.
[8]Huskamp JC. Covert communication channels in timesharing systems. Technical Report UCB-CS-78-02,1978.
[9]Kemmerer RA. Shared resource matrix methodology:An approach to identifying storage and timing channels. ACM Trans. On Computer Systems,1983.256-277.
[10]V Gligor. A Guide to Understanding Covert Channel Analysis of Trusted Systems. Tech. Rep. NCSC-TG-030, Nat'l. Comp. Sec. Ctr., Nov.1993.
[11]Serdar Cabuk. Network Covert Channels Design, Analysis, Detection, and Elimination. Doctor thsis, West Lafayette. USA, Purdue University,2006.14-15
[12]M. Van Horenbeeck. Deception on the Network:Thinking Differently About Covert Channels. Proc.7th Australian Info. Warfare and Security Conf., Dec.2006.
[13]C. G. Girling. Covert Channels in LANs. IEEE Trans. Software Engineering, Feb. 1987,2(13):292-296.
[14]A. B. Jeng, M. D. Abrams. On Network Covert Channel Analysis. Proc.3rd Aerospace Computer Security Conf., Dec.1987.
[15]I. S. Moskowitz, A. R. Miller. Simple Timing Channels. Proc. IEEE Symp. Research in Security and Privacy,1994,56-64.
[16]F. A. P. Petitcolas, R. J. Anderson, M. G. Kuhn. Information Hiding-A Survey. Proc. IEEE, Special Issue on Protection of Multimedia Content, July 1999,87(1):. 1062-1078
[17]C. H. Rowland. Covert Channels in the TCP/IP Protocol Suite. First Monday, Peer Reviewed Journal on the Internet, July 1997.
[18]D. Kundur, K. Ahsan. Practical Internet Steganography:Data Hiding in IP. Proc. Texas Wksp. Security of Information Systems, Apr.2003.
[19]E. Cauich, R. Gomez Cardenas, R. Watanabe. Data Hiding in Identification and Offset IP Fields. Proc.5th Int'1. School and Symp. Advanced Distributed Systems (ISSADS), Jan.2005,118-125.
[20]G. Danezis. Covert Communications Despite Traffic Data Retention. tech. rep., ESAT, University of Leuven, Jan.2005, http://research.microsoft.com/en-us/um/peo-ple/gdane/papers/cover.pdf
[21]Xu Bo, Wang Jia-zhen, Peng, De-yun.Practical Protocol Steganography:Hiding Data in IP Header, Modelling & Simulation. AMS'07. First Asia International Conference on 27-30 March 2007 584-588
[22]E Jones, O. Le Moigne, J.-M. Robert. IP Traceback Solutions Based on Time to Live Covert Channel. Proc.12th IEEE Int'l. Conf. Networks (ICON), Nov.2004, 451-457.
[23]H Qu, P Su, D Feng. A Typical Noisy Covert Channel in the IP Protocol. Proc. 38th Annual Int'l. Carnahan Conf. Security Technology, Oct.2004,189-192.
[24]S. Zander, G. Armitage, P. Branch. Covert Channels in the IP Time To Live Field. Proc. Australian Telecommunication Networks and Applications Conf. (ATNAC), Dec. 2006.
[25]Zander Sebastian, Armitage Grenville, Branch Philip Source. An empirical evaluation of IP time to live covert channels. Proceedings of the 2007 15th IEEE International Conference on Networks,2007,42-47
[26]J. Rutkowska. The Implementation of Passive Covert Channels in the Linux Kernel. Proc. Chaos Communication Congress, Dec.2004.
[27]E. Tumoian, M. Anikeev. Network Based Detection of Passive Covert Channels in TCP/IP. Proc.1 st IEEE LCN Wksp. Network Security, Nov.2005,802-809.
[28]S. J. Murdoch, S. Lewis. Embedding Covert Channels into TCP/IP," Proc.7th Info. Hiding Wksp., June 2005.
[29]daemon9. LOKI2:The Implementation. Phrack Magazine, Sept.1997.51(7)
[30]D Stodle. Ptunnel- Ping Tunnel.2005, http://www.cs.uit.no/daniels/PingTunnel
[31]I Zelenchuk. Skeeve-ICMP Bounce Tunnel.2004, http://www.gray-world.net/ poc_skeeve.shtml
[32]Trabelsi Z, El-Hajj W, Hamdy S. Implementation of an ICMP-based covert channel for file and message transfer, Electronics, Circuits and Systems.15th IEEE International Conference on Aug.31-Sep.3 2008,894-897
[33]Ray B, Mishra S. A Protocol for Building Secure and Reliable Covert Channel. Privacy, Security and Trust,2008. Sixth Annual Conference on 1-3 Oct.2008,246-253
[34]Huajun Huang, Shaohong Zhong, Xingming Sun. An Algorithm of Webpage Information Hiding Based on Attributes Permutation,Intelligent Information Hiding and Multimedia Signal Processing,2008. IIHMSP'08 International Conference on 15-17 Aug.2008,257-260
[35]Serdar Cabuk, Carla E.Brodley, Clay Shields. IP covert timing channels:design and detection, Proceedings of the 11th ACM conference on Computer and communications security, Oct.2004,187-197
[36]Ira S Moskowitz, Richard E Newman. Timing channels, anonymity, mixes, and spikes, Proceedings of the 2nd IASTED international conference on Advances in computer science and technology, Jan.2006
[37]G. Shah, A. Molina, and M. Blaze. Keyboards and Covert Channels. Proc. USENIX Security Symp., Aug.2006.
[38]Xiapu Luo, Chan E, Chang R. TCP covert timing channels:Design and detection, Dependable Systems and Networks With FTCS and DCC,2008. DSN 2008. IEEE International Conference on 24-27 June 2008,420-429
[39]Smith Ronald.W, Scott Knight G. Predictable Design of Network-Based Covert Communication Systems. Security and Privacy,2008. SP 2008. IEEE Symposium on 18-22 May 2008,311-321
[40]G Fisk. Eliminating Steganography in Internet Traffic with Active Wardens. Proc. 5th Int'l. Wksp. Information Hiding, Oct.2002.
[41]H. Wei-Ming. Reducing Timing Channels with Fuzzy Time. Proc. IEEE Computer Society Symp. Research in Security and Privacy, May 1991,8-20.
[42]N. Schear. Glavlit:Preventing Exfiltration at Wire Speed. Proc.5th Wksp. Hot Topics in Networks (HotNets), Nov.2006.
[43]Williamson M.M. Throttling viruses:restricting propagation to defeat malicious mobile code, Computer Security Applications Conference,2002. Proceedings.18th Annual 9-13 Dec.2002,61-68
[44]M. H. Kang, I. S. Moskowitz. A Pump for Rapid, Reliable, Secure Communication," Proc. ACM Conf. Computer and Communications Security (CCS), 1993,119-129.
[45]Kang, M.H, Moskowitz, I.S, Lee, D.C. A Network Pump. Software Engineering, IEEE Transactions on May 1996,5(22):329-338
[46]Ogurtsov, N, Oman H, Schroeppel R. O'Malley S, Spatscheck O. Experimental results of covert channel limitation in one-way communication systems. Network and Distributed System Security,1997. Proceedings.Symposium on 10-11 Feb.1997,2-15
[47]Huajun Huang, Xingming Sun, Zishuai Li, Guang Sun. Detection of Hidden Information in Webpage. Fuzzy Systems and Knowledge Discovery,2007. FSKD 2007. Fourth International Conference on 24-27 Aug.2007,4(1):317-321
[48]Steven Gianvecchio, Haining Wang. Detecting covert timing channels:an entropy-based approach. Proceedings of the 14th ACM conference on Computer and communications security,2007,307-316
[49]D. Pack. Detecting HTTP Tunneling Activities. Proc.3rd Annual Information Assurance Wksp., June 2002.
[50]Christopher Kruegel,Giovanni Vigna. Anomaly detection of web-based attacks. Proceedings of the 10th ACM conference, Oct.2003,251-261
[51]Cachin C. An Information-theoretic Model for Steganography, Proc. of the 2nd International Workshop on Information Hiding. Springer,1998:306-318.
[52]Christian Cachin. An information-theoretic model for steganography, Academic Press, Inc.1 East First Street Duluth, MN USA,2004,41-56
[53]Drinea E, Mitzenmacher M. Improved Lower Bounds for the Capacity of i.i.d. Deletion and Duplication Channels. Information Theory, IEEE Transactions, Aug. 2007,8(53):2693-2714
[54]Diggavi Suhas, Mitzenmacher Michael, Pfister Henry D. Capacity Upper Bounds for the Deletion Channel, Information Theory,2007. ISIT 2007. IEEE International Symposium, Date:24-29 June 2007,1716-1720
[55]Eleni Drinea, Michael D. Mitzenmacher. Lower bounds for the capacity of channels with i.i.d. deletions and insertions. Doctoral Thesis, Harvard University, Cambridge, MA USA, Jan.2005.
[56]Kang, M.H., Moskowitz, I.S., Montrose, B.E., Parsonese, J.J. A case study of two NRL Pump prototypes. Computer Security Applications Conference,1996.,12th Annual 9-13 Dec.1996,32-43
[57]Kang, M.H., Moore, A.P., Moskowitz, I.S. Design and assurance strategy for the NRL Pump, Computer, April 1998,4(31):56-64
[58]M. H. Kang, I. S. Moskowitz, and S. Chincheck. The Pump:A Decade of Covert Fun.21st Annual Comp. Sec. Apps. Conf., Dec.2005,352-360.
[59]K. Borders, A. Prakash. Web Tap:Detecting Covert Web Traffic. Proc.11th ACM Conf. Computer and Communications Security (CCS), Oct.2004,110-120.
[60]G J. Simmons. The History of Subliminal Channels. IEEE JSAC, May 1998, 4(16):452-462.
[61]周荫清.信息论基础.北京航天航空大学出版社,2006
[62]I. Csiszar, J. Korner. Information Theory:Coding Theorems for Discrete Memoryless Systems. New York:Academic Press,1981.
[63]Jon Postel. Transmission Control Protocol. RFC 793.1981.9
[64]Dent AW. A survey of certificateless encryption schemes and security models. International Journal of Information Security,20085(7)
[65]Burt Kaliski. A Survey of Encryption Standards, IEEE Computer Society Press Los Alamitos, CA, USA, November 1993,6(13):74-81
[66]I. Csiszar. The method of types. IEEE Transactions on Information Theory, Oct. 1998,(44):2505-2523
[67]夏煜,郎荣玲,曹卫兵,戴冠中.基于图像的信息隐藏检测算法和实现技术研究综述.计算机研究与发展,2004年4月,4(41)
[68]夏煜,郎荣玲,戴冠中,黄殿中,钱思进.基于图像的信息隐藏分析技术综述.计算机工程,2003年,07(29)
[69]Cai Zhiyong, Qu Youli, Li Fei,Shen Changxiang. Enumerative covert channel audit model in MLS networks. ICSP 2008.9th International Conference on Date: 26-29 Oct.2008,3(1):2964-2967
[70]S. Craver. On Public-Key Steganography in the Presence of an Active Warden. Proc.2nd Int'1. Wksp. Info. Hiding, Apr.1998,355-368.
[71]J. Giles, B. Hajek. "The Jamming Game for Packet Timing Channels," Proc. IEEE Int'l. Symp. Information Theory (ISIT).
[72]D. Bell, L. Lapadula. secure computer system:Unified Exposition and Multics Interpretation. Technical Report MTR-2997 Rev.l MITRE Corporation, Bedford, MA, March 1976
[73]R. Lanotte. Automatic Covert Channel Analysis of a Multilevel Secure Component. Proc.6th Int'l. Conf. Information and Commun. Security (ICICS), Oct. 2004,249-261.
[74]B. R. Venkatraman, R. E. Newman-Wolfe. Capacity Estimation and Auditability of Network Covert Channels. Proc. IEEE Symp. Security and Privacy, May 1995, 186-198.
[75]V. Berk, A. Giani, G. Cybenko. Detection of Covert Channel Encoding in Network Packet Delays. Tech. Rep. TR2005-536, Department of Computer Science, Dartmouth College, Nov.2005, http://www.ists.dartmouth.edu/library/149.pdf
[76]N. Lucena. Syntax and Semantics-Preserving Application-Layer Protocol Steganography. Proc.6th Info. Hiding Wksp., May 2004.
[77]Todd Jackson, Scott Knight. Anomaly-based HTTP Covert Tunnel Detection Using Hidden Markov Models. doctor thsis, Canada, Royal Military College,2007
[78]范大茵,陈永华.概率论与数理统计.浙江大学出版社,2003
[79]Matt Bishop. An Overview of Computer Viruses in a Research Environment. Proceedings of the Fourth Annual Computer Virus and Security Conference. Mar 1991, 111-144.
[80]F. Cohen. Models of Practical Defenses Against Computer Viruses. IFIP-TC11, Computers and Security, December,1988,6(17)
[81]Eugene H Spafford. Computer Viruses as Artificial Life. Artificial Life. Spring 1994.3(1):249-265
[82]Timothy Fraser. LOMAC:MAC You Can Live With. In Proceedings of the FREENIX Track, USENIX Annual Technical Conference, Boston, MA, June 2001.
[83]W. E Boebert, R.Y. Kain. A Practical Alternative to Hierarchical Integrity Policies. In Proceedings of the 8th National Computer Security Conference, Gaithersburg, MD, 1985
[84]M. Adkins, G. Dolsen, J. Heaney. The Argus Security Model. Twelfth National Computer Security Conference Proceedings. Oct.1989,123-134.
[85]T. Duff. Experiences with Viruses on UNIX Systems. Computing Systems. Spring 1989.2(2):155-172.
[86]A. Berman, V. Bourassa, E. Selberg. TRON:Process-specific File Protection for the UNIX Operating System. In Proceedings of the 1995 USENIX Winter Technical Conference,1995,165-175.
[87]I. Goldberg, D. Wagner, R. Thomas. A Secure Environment for Untrusted Helper Applications. In Proceedings of the 6th USENIX Security Symposium, July 1996.1-14
[88]D. A. Wagner. Janus:An approach for confinement of untrusted applications. Technical Report CSD-99-1056, University of California, Berkeley,12,1999.
[89]沈昌祥.基于积极防御的安全保障框架,中国信息导报,2003,(10):50-51.
[90]沈昌祥.高安全级信息系统等级保护建设整改技术框架,中国人民公安大学学报,自然科学版,2009,(1):1-4
[91]Trusted Computing Group. Main Specification Version 1.1b. https://www.trusted-computing group.org. Feb 2002.
[92]Trusted Computing Group. Trusted Platform Module Main Specification, Part 1: Design Principles, Part 2:TPM Structures, Part 3:Commands, Version 1.2, Revision 62. https://www.trustedcomputinggroup.org. Oct 2003.
[93]GB/T18336-2001.中华人民共和国推荐标准.信息技术安全性评估准则.国家质量技术监督局.2001年3月8日发布,2001年12月1日实施.
[94]Harry Lewis; Christos H. Papadimitriou, Elements of the theory of computation, 2nd edition, Prentice Hall,1997
[95]岳红梅,石冬雪,徐咏梅,鲁东明.基于嵌入式LINUX的网络隔离系统研究与实现, 计算机工程与应用,2005.05:141-143
[96]J. Postel. Internet Protocol. RFC 791.1981.9
[97]P. Resnick. Internet Message Format. RFC 2822.2001.4
[98]J. Postel. File Transfer Protocol. RFC 959.1985.10
[2]Department of Defense. Trusted Computer System Evaluation Criteria, DOD5200.28-STD, U.S. Oct 1985.
[3]GB 17859-1999计算机信息系统安全保护等级划分准则
[4]GB-T 20279-2006信息安全技术网络和终端设备隔高部件安全技术要求
[5]S.Zander, GArmitage, P.Branch. A Survey of Covert Channels and Counter-measures in Computer Network Protocols. IEEE Communications Surveys and Tutorials,2007,3(9):44-57
[6]B Lampson. A Note on the Confinement Problem. Commun. ACM, Oct.1973, vol. 10(16):613-615.
[7]Schaefer M, Gold B, Linde R, Scheid J. Program confinement in KVM/370. Proc. of the 1977 Annual ACM Conf,1977,404-410.
[8]Huskamp JC. Covert communication channels in timesharing systems. Technical Report UCB-CS-78-02,1978.
[9]Kemmerer RA. Shared resource matrix methodology:An approach to identifying storage and timing channels. ACM Trans. On Computer Systems,1983.256-277.
[10]V Gligor. A Guide to Understanding Covert Channel Analysis of Trusted Systems. Tech. Rep. NCSC-TG-030, Nat'l. Comp. Sec. Ctr., Nov.1993.
[11]Serdar Cabuk. Network Covert Channels Design, Analysis, Detection, and Elimination. Doctor thsis, West Lafayette. USA, Purdue University,2006.14-15
[12]M. Van Horenbeeck. Deception on the Network:Thinking Differently About Covert Channels. Proc.7th Australian Info. Warfare and Security Conf., Dec.2006.
[13]C. G. Girling. Covert Channels in LANs. IEEE Trans. Software Engineering, Feb. 1987,2(13):292-296.
[14]A. B. Jeng, M. D. Abrams. On Network Covert Channel Analysis. Proc.3rd Aerospace Computer Security Conf., Dec.1987.
[15]I. S. Moskowitz, A. R. Miller. Simple Timing Channels. Proc. IEEE Symp. Research in Security and Privacy,1994,56-64.
[16]F. A. P. Petitcolas, R. J. Anderson, M. G. Kuhn. Information Hiding-A Survey. Proc. IEEE, Special Issue on Protection of Multimedia Content, July 1999,87(1):. 1062-1078
[17]C. H. Rowland. Covert Channels in the TCP/IP Protocol Suite. First Monday, Peer Reviewed Journal on the Internet, July 1997.
[18]D. Kundur, K. Ahsan. Practical Internet Steganography:Data Hiding in IP. Proc. Texas Wksp. Security of Information Systems, Apr.2003.
[19]E. Cauich, R. Gomez Cardenas, R. Watanabe. Data Hiding in Identification and Offset IP Fields. Proc.5th Int'1. School and Symp. Advanced Distributed Systems (ISSADS), Jan.2005,118-125.
[20]G. Danezis. Covert Communications Despite Traffic Data Retention. tech. rep., ESAT, University of Leuven, Jan.2005, http://research.microsoft.com/en-us/um/peo-ple/gdane/papers/cover.pdf
[21]Xu Bo, Wang Jia-zhen, Peng, De-yun.Practical Protocol Steganography:Hiding Data in IP Header, Modelling & Simulation. AMS'07. First Asia International Conference on 27-30 March 2007 584-588
[22]E Jones, O. Le Moigne, J.-M. Robert. IP Traceback Solutions Based on Time to Live Covert Channel. Proc.12th IEEE Int'l. Conf. Networks (ICON), Nov.2004, 451-457.
[23]H Qu, P Su, D Feng. A Typical Noisy Covert Channel in the IP Protocol. Proc. 38th Annual Int'l. Carnahan Conf. Security Technology, Oct.2004,189-192.
[24]S. Zander, G. Armitage, P. Branch. Covert Channels in the IP Time To Live Field. Proc. Australian Telecommunication Networks and Applications Conf. (ATNAC), Dec. 2006.
[25]Zander Sebastian, Armitage Grenville, Branch Philip Source. An empirical evaluation of IP time to live covert channels. Proceedings of the 2007 15th IEEE International Conference on Networks,2007,42-47
[26]J. Rutkowska. The Implementation of Passive Covert Channels in the Linux Kernel. Proc. Chaos Communication Congress, Dec.2004.
[27]E. Tumoian, M. Anikeev. Network Based Detection of Passive Covert Channels in TCP/IP. Proc.1 st IEEE LCN Wksp. Network Security, Nov.2005,802-809.
[28]S. J. Murdoch, S. Lewis. Embedding Covert Channels into TCP/IP," Proc.7th Info. Hiding Wksp., June 2005.
[29]daemon9. LOKI2:The Implementation. Phrack Magazine, Sept.1997.51(7)
[30]D Stodle. Ptunnel- Ping Tunnel.2005, http://www.cs.uit.no/daniels/PingTunnel
[31]I Zelenchuk. Skeeve-ICMP Bounce Tunnel.2004, http://www.gray-world.net/ poc_skeeve.shtml
[32]Trabelsi Z, El-Hajj W, Hamdy S. Implementation of an ICMP-based covert channel for file and message transfer, Electronics, Circuits and Systems.15th IEEE International Conference on Aug.31-Sep.3 2008,894-897
[33]Ray B, Mishra S. A Protocol for Building Secure and Reliable Covert Channel. Privacy, Security and Trust,2008. Sixth Annual Conference on 1-3 Oct.2008,246-253
[34]Huajun Huang, Shaohong Zhong, Xingming Sun. An Algorithm of Webpage Information Hiding Based on Attributes Permutation,Intelligent Information Hiding and Multimedia Signal Processing,2008. IIHMSP'08 International Conference on 15-17 Aug.2008,257-260
[35]Serdar Cabuk, Carla E.Brodley, Clay Shields. IP covert timing channels:design and detection, Proceedings of the 11th ACM conference on Computer and communications security, Oct.2004,187-197
[36]Ira S Moskowitz, Richard E Newman. Timing channels, anonymity, mixes, and spikes, Proceedings of the 2nd IASTED international conference on Advances in computer science and technology, Jan.2006
[37]G. Shah, A. Molina, and M. Blaze. Keyboards and Covert Channels. Proc. USENIX Security Symp., Aug.2006.
[38]Xiapu Luo, Chan E, Chang R. TCP covert timing channels:Design and detection, Dependable Systems and Networks With FTCS and DCC,2008. DSN 2008. IEEE International Conference on 24-27 June 2008,420-429
[39]Smith Ronald.W, Scott Knight G. Predictable Design of Network-Based Covert Communication Systems. Security and Privacy,2008. SP 2008. IEEE Symposium on 18-22 May 2008,311-321
[40]G Fisk. Eliminating Steganography in Internet Traffic with Active Wardens. Proc. 5th Int'l. Wksp. Information Hiding, Oct.2002.
[41]H. Wei-Ming. Reducing Timing Channels with Fuzzy Time. Proc. IEEE Computer Society Symp. Research in Security and Privacy, May 1991,8-20.
[42]N. Schear. Glavlit:Preventing Exfiltration at Wire Speed. Proc.5th Wksp. Hot Topics in Networks (HotNets), Nov.2006.
[43]Williamson M.M. Throttling viruses:restricting propagation to defeat malicious mobile code, Computer Security Applications Conference,2002. Proceedings.18th Annual 9-13 Dec.2002,61-68
[44]M. H. Kang, I. S. Moskowitz. A Pump for Rapid, Reliable, Secure Communication," Proc. ACM Conf. Computer and Communications Security (CCS), 1993,119-129.
[45]Kang, M.H, Moskowitz, I.S, Lee, D.C. A Network Pump. Software Engineering, IEEE Transactions on May 1996,5(22):329-338
[46]Ogurtsov, N, Oman H, Schroeppel R. O'Malley S, Spatscheck O. Experimental results of covert channel limitation in one-way communication systems. Network and Distributed System Security,1997. Proceedings.Symposium on 10-11 Feb.1997,2-15
[47]Huajun Huang, Xingming Sun, Zishuai Li, Guang Sun. Detection of Hidden Information in Webpage. Fuzzy Systems and Knowledge Discovery,2007. FSKD 2007. Fourth International Conference on 24-27 Aug.2007,4(1):317-321
[48]Steven Gianvecchio, Haining Wang. Detecting covert timing channels:an entropy-based approach. Proceedings of the 14th ACM conference on Computer and communications security,2007,307-316
[49]D. Pack. Detecting HTTP Tunneling Activities. Proc.3rd Annual Information Assurance Wksp., June 2002.
[50]Christopher Kruegel,Giovanni Vigna. Anomaly detection of web-based attacks. Proceedings of the 10th ACM conference, Oct.2003,251-261
[51]Cachin C. An Information-theoretic Model for Steganography, Proc. of the 2nd International Workshop on Information Hiding. Springer,1998:306-318.
[52]Christian Cachin. An information-theoretic model for steganography, Academic Press, Inc.1 East First Street Duluth, MN USA,2004,41-56
[53]Drinea E, Mitzenmacher M. Improved Lower Bounds for the Capacity of i.i.d. Deletion and Duplication Channels. Information Theory, IEEE Transactions, Aug. 2007,8(53):2693-2714
[54]Diggavi Suhas, Mitzenmacher Michael, Pfister Henry D. Capacity Upper Bounds for the Deletion Channel, Information Theory,2007. ISIT 2007. IEEE International Symposium, Date:24-29 June 2007,1716-1720
[55]Eleni Drinea, Michael D. Mitzenmacher. Lower bounds for the capacity of channels with i.i.d. deletions and insertions. Doctoral Thesis, Harvard University, Cambridge, MA USA, Jan.2005.
[56]Kang, M.H., Moskowitz, I.S., Montrose, B.E., Parsonese, J.J. A case study of two NRL Pump prototypes. Computer Security Applications Conference,1996.,12th Annual 9-13 Dec.1996,32-43
[57]Kang, M.H., Moore, A.P., Moskowitz, I.S. Design and assurance strategy for the NRL Pump, Computer, April 1998,4(31):56-64
[58]M. H. Kang, I. S. Moskowitz, and S. Chincheck. The Pump:A Decade of Covert Fun.21st Annual Comp. Sec. Apps. Conf., Dec.2005,352-360.
[59]K. Borders, A. Prakash. Web Tap:Detecting Covert Web Traffic. Proc.11th ACM Conf. Computer and Communications Security (CCS), Oct.2004,110-120.
[60]G J. Simmons. The History of Subliminal Channels. IEEE JSAC, May 1998, 4(16):452-462.
[61]周荫清.信息论基础.北京航天航空大学出版社,2006
[62]I. Csiszar, J. Korner. Information Theory:Coding Theorems for Discrete Memoryless Systems. New York:Academic Press,1981.
[63]Jon Postel. Transmission Control Protocol. RFC 793.1981.9
[64]Dent AW. A survey of certificateless encryption schemes and security models. International Journal of Information Security,20085(7)
[65]Burt Kaliski. A Survey of Encryption Standards, IEEE Computer Society Press Los Alamitos, CA, USA, November 1993,6(13):74-81
[66]I. Csiszar. The method of types. IEEE Transactions on Information Theory, Oct. 1998,(44):2505-2523
[67]夏煜,郎荣玲,曹卫兵,戴冠中.基于图像的信息隐藏检测算法和实现技术研究综述.计算机研究与发展,2004年4月,4(41)
[68]夏煜,郎荣玲,戴冠中,黄殿中,钱思进.基于图像的信息隐藏分析技术综述.计算机工程,2003年,07(29)
[69]Cai Zhiyong, Qu Youli, Li Fei,Shen Changxiang. Enumerative covert channel audit model in MLS networks. ICSP 2008.9th International Conference on Date: 26-29 Oct.2008,3(1):2964-2967
[70]S. Craver. On Public-Key Steganography in the Presence of an Active Warden. Proc.2nd Int'1. Wksp. Info. Hiding, Apr.1998,355-368.
[71]J. Giles, B. Hajek. "The Jamming Game for Packet Timing Channels," Proc. IEEE Int'l. Symp. Information Theory (ISIT).
[72]D. Bell, L. Lapadula. secure computer system:Unified Exposition and Multics Interpretation. Technical Report MTR-2997 Rev.l MITRE Corporation, Bedford, MA, March 1976
[73]R. Lanotte. Automatic Covert Channel Analysis of a Multilevel Secure Component. Proc.6th Int'l. Conf. Information and Commun. Security (ICICS), Oct. 2004,249-261.
[74]B. R. Venkatraman, R. E. Newman-Wolfe. Capacity Estimation and Auditability of Network Covert Channels. Proc. IEEE Symp. Security and Privacy, May 1995, 186-198.
[75]V. Berk, A. Giani, G. Cybenko. Detection of Covert Channel Encoding in Network Packet Delays. Tech. Rep. TR2005-536, Department of Computer Science, Dartmouth College, Nov.2005, http://www.ists.dartmouth.edu/library/149.pdf
[76]N. Lucena. Syntax and Semantics-Preserving Application-Layer Protocol Steganography. Proc.6th Info. Hiding Wksp., May 2004.
[77]Todd Jackson, Scott Knight. Anomaly-based HTTP Covert Tunnel Detection Using Hidden Markov Models. doctor thsis, Canada, Royal Military College,2007
[78]范大茵,陈永华.概率论与数理统计.浙江大学出版社,2003
[79]Matt Bishop. An Overview of Computer Viruses in a Research Environment. Proceedings of the Fourth Annual Computer Virus and Security Conference. Mar 1991, 111-144.
[80]F. Cohen. Models of Practical Defenses Against Computer Viruses. IFIP-TC11, Computers and Security, December,1988,6(17)
[81]Eugene H Spafford. Computer Viruses as Artificial Life. Artificial Life. Spring 1994.3(1):249-265
[82]Timothy Fraser. LOMAC:MAC You Can Live With. In Proceedings of the FREENIX Track, USENIX Annual Technical Conference, Boston, MA, June 2001.
[83]W. E Boebert, R.Y. Kain. A Practical Alternative to Hierarchical Integrity Policies. In Proceedings of the 8th National Computer Security Conference, Gaithersburg, MD, 1985
[84]M. Adkins, G. Dolsen, J. Heaney. The Argus Security Model. Twelfth National Computer Security Conference Proceedings. Oct.1989,123-134.
[85]T. Duff. Experiences with Viruses on UNIX Systems. Computing Systems. Spring 1989.2(2):155-172.
[86]A. Berman, V. Bourassa, E. Selberg. TRON:Process-specific File Protection for the UNIX Operating System. In Proceedings of the 1995 USENIX Winter Technical Conference,1995,165-175.
[87]I. Goldberg, D. Wagner, R. Thomas. A Secure Environment for Untrusted Helper Applications. In Proceedings of the 6th USENIX Security Symposium, July 1996.1-14
[88]D. A. Wagner. Janus:An approach for confinement of untrusted applications. Technical Report CSD-99-1056, University of California, Berkeley,12,1999.
[89]沈昌祥.基于积极防御的安全保障框架,中国信息导报,2003,(10):50-51.
[90]沈昌祥.高安全级信息系统等级保护建设整改技术框架,中国人民公安大学学报,自然科学版,2009,(1):1-4
[91]Trusted Computing Group. Main Specification Version 1.1b. https://www.trusted-computing group.org. Feb 2002.
[92]Trusted Computing Group. Trusted Platform Module Main Specification, Part 1: Design Principles, Part 2:TPM Structures, Part 3:Commands, Version 1.2, Revision 62. https://www.trustedcomputinggroup.org. Oct 2003.
[93]GB/T18336-2001.中华人民共和国推荐标准.信息技术安全性评估准则.国家质量技术监督局.2001年3月8日发布,2001年12月1日实施.
[94]Harry Lewis; Christos H. Papadimitriou, Elements of the theory of computation, 2nd edition, Prentice Hall,1997
[95]岳红梅,石冬雪,徐咏梅,鲁东明.基于嵌入式LINUX的网络隔离系统研究与实现, 计算机工程与应用,2005.05:141-143
[96]J. Postel. Internet Protocol. RFC 791.1981.9
[97]P. Resnick. Internet Message Format. RFC 2822.2001.4
[98]J. Postel. File Transfer Protocol. RFC 959.1985.10