Method and device for detecting hidden channel communication

A covert channel and covert communication technology, applied in the database field, can solve the problems of lowering system efficiency, high misjudgment rate and missed detection of covert channel detection technology

Active Publication Date: 2016-04-27
TIANJIN NANKAI UNIV GENERAL DATA TECH
View PDF3 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, not all potential covert channels can be actually used by intruders. If all potential covert channels are measured and processed, unnecessary performance consumption will be generated and system efficiency will be reduced.
In addition, since the current judgment rules based on covert channels do not distinguish whether the user of the covert channel is a natural person or a program, the detection of covert channel technology has a high false positive rate and missed detection.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting hidden channel communication
  • Method and device for detecting hidden channel communication

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0021] figure 1 It is a flow chart of the detection method for covert channel communication provided by Embodiment 1 of the present invention. This embodiment can be applied to monitor and record the related operations of potential covert channels, and detect the actual operation of the intruder on the channel by analyzing the records. In the case of , the method may be performed by a detection device for covert channel communication, and specifically includes the following steps:

[0022] Step 110, determine the database objects that may be used by the user for covert communication.

[0023] Among them, the database objects include shared database resources that may be utilized by users for covert communication.

[0024] The terminal obtains the user's operation on the database object, and determines the shared resource that the user can operate according to the database object; builds a shared resource matrix based on the shared resource, and determines the database object ...

Embodiment 2

[0036] figure 2 It is a schematic structural diagram of a detection device for covert channel communication in Embodiment 2 of the present invention. The detection device for covert channel communication includes:

[0037] A database object determination unit 210, configured to determine database objects that may be used by users for covert communication;

[0038] An operation monitoring unit 220, configured to monitor whether the user's operation on the database object satisfies the set expansion rule;

[0039] A tentative testing unit 230, configured to perform a tentative test on an operation that satisfies the set extension rule in a set manner;

[0040] The abnormal operation determining unit 240 is configured to determine an operation that fails the tentative test as an abnormal operation of covert channel communication.

[0041] In the technical solution of this embodiment, the database object determination unit 210 is used to determine the database object that may ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for detecting hidden channel communication. The method comprises the following steps of determining a database object which may be used by a user to perform hidden communication; monitoring whether the operation of the database object by the user meets a setting extended rule or not; for the operation meeting the setting extended rule, performing trial testing according to a setting method; determining the operation not passing the trial testing as the abnormal operation of the hidden channel communication. The method has the advantages that the problems of unnecessary property consumption and system efficiency reduction caused by measurement and treatment of all potential hidden channels are solved, the use bodies of the hidden channels are classified into natural persons and programs, and the effects of decreasing the property consumption and improving the system efficiency during the measurement and treatment of the hidden channels are realized.

Description

technical field [0001] The embodiment of the present invention relates to database technology, and in particular to a detection method and device for covert channel communication. Background technique [0002] A covert channel is a communication channel that allows a process to transmit information in a way that compromises the security policy of the system. [0003] The concept of covert channel was first proposed by Lampson in 1973. The covert channel is defined as a communication channel that is not designed or intended to transmit information. In this seminal paper, Lampson focused on the problem of program restriction, that is, how to restrict the execution of the program so that it cannot transmit information to other unauthorized programs. He listed 6 methods of malicious or misbehaving programs to bypass restriction measures, leak data and corresponding processing measures, and summarized these methods into 3 types: storage channel, legal channel and "covert channel...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/62
CPCG06F21/6218
Inventor 崔维力赵伟李淼
Owner TIANJIN NANKAI UNIV GENERAL DATA TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap