若干新型数据库隐蔽信道应用场景研究

doi:10.7523/j.issn.1002-1175.2013.03.019

中国科学院大学学报 ›› 2013, Vol. 30 ›› Issue (3): 403-409.DOI: 10.7523/j.issn.1002-1175.2013.03.019

若干新型数据库隐蔽信道应用场景研究

田雪, 徐震, 陈驰

中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093

收稿日期:2012-04-24 修回日期:2012-06-20 发布日期:2013-05-15
通讯作者: 田雪, tianxue@iie.ac.cn
基金资助:
国家自然科学基金(61003228)、新疆维吾尔自治区科技计划项目(201230121)和中国科学院先导专项课题(XDA06010701)资助 

Study on usage scenarios of several new database covert channels

TIAN Xue, XU Zhen, CHEN Chi

State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China

Received:2012-04-24 Revised:2012-06-20 Published:2013-05-15

摘要/Abstract

摘要：

针对隐蔽信道威胁高安全等级数据库系统机密性的问题,从隐蔽信道实现场景入手,总结归纳数据库系统中已知的隐蔽信道. 通过提出新型的数据库隐蔽信道分类方法,对隐蔽信道的形成机制进行研究,首次提出几类新发现的数据库隐蔽信道. 此外,在基于不同DBMS的数据库系统中实际构建典型的隐蔽信道,并对其进行对比分析,标识出实现缺陷所导致隐蔽信道存在的可能性.

关键词: 隐蔽信道, 高安全等级数据库, 存储隐蔽信道, 时间隐蔽信道

Abstract:

Covert channel poses a threat to the confidentiality of high-level security databases. We study and summarize existing database covert channels based on the scenarios of use and propose a new method to classify database covert channels and to study their formation mechanisms. We propose several new constructing methods of database covert channels. In databases based on different DBMS we construct typical covert channels in real. The results of the comparative analysis show the possibility of the presentence of covert channels which are caused by the implementation defect.

Key words: covert channel, high-level security database, covert storage channel, covert timing channel

中图分类号:

TP309.2

田雪, 徐震, 陈驰. 若干新型数据库隐蔽信道应用场景研究[J]. 中国科学院大学学报, 2013, 30(3): 403-409.

TIAN Xue, XU Zhen, CHEN Chi. Study on usage scenarios of several new database covert channels[J]. , 2013, 30(3): 403-409.

参考文献

[1] Lampson B W. A Note on the confinement problem[J]. Communications of the ACM, 1973, 16 (10): 613-615.

[2] Tsai C R, Gligor V, Chandersekaran C. A formal method for the identification of covert storage channels in source code[J]. IEEE Transactions of Software Engineering, 1990, 16(6): 569-580.

[3] CCMB-2009-07-001. Common criteria for information technology security evaluation, Part 1: introduction and general model, version 3.1[S]. 2009.

[4] GB/T 18336.1-2008. 信息技术安全技术信息技术安全性评估准则[S]. 2008.

[5] GB/T 20009-2005. 信息安全技术数据库管理系统安全评估准则[S]. 2005.

[6] Ristenpart T, Tromer E, Shacham H, et al. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS'09). ACM, New York, USA, 2009:199-212.

[7] Thomas J A, Cuppens-Boulahia N, Cuppens F. Expression and enforcement of confidentiality policy in active databases[C]//Proceedings of the International Conference on Management of Emergent Digital EcoSystems (MEDES'10). ACM, New York, USA, 2010:289-296.

[8] Schlegel R, Zhang K, Zhou X, et al. Soundcomber: A stealthy and context-aware sound trojan for smartphones[C]//18th Annual Network and Distributed System Security Conference (NDSS'11). California,USA, 2011: 17-33.

[9] Ahmadzadeh S A, Agnew G. Covert channels in multiple access protocols[C]//Proceedings of the ACM SIGCOMM 2011 Conference (SIGCOMM'11). ACM, New York, USA, 2011: 404-405.

[10] Jaskolka J, Khedri R. Exploring covert channels[C]//44th Hawaii International Conference on System Sciences (HICSS'11). 2011: 1-10.

[11] Okhravi H, Bak S, King S T. Design, implementation and evaluation of covert channel attacks[C]//10th IEEE International Conference on Technologies for Homeland Security. 2010: 481-487.

[12] 崔宾阁.安全数据库系统隐通道分析及相关技术研究[D].哈尔滨:哈尔滨工程大学, 2006.

[13] Hélouët L, Roumy A. Covert channel detection using information theory[C]//Proceedings of 8th International Workshop on Security Issues in Concurrency (SecCo'10). 2010:34-51.

[14] Gianvecchio S, Wang H. An entropy-based approach to detecting covert timing channels[J]. IEEE Transactions on Dependable and Secure Computing, 2011, 8(6): 785-797.

[15] Zheng J P, Qin X L, Guan Z J, et al. Covert channel based malicious transaction detection in surrivable MLS/DBMS[J]. Acta Electronica Sinica, 2009, 37(6):1264-1269(in Chinese). 郑吉平,秦小麟,管致锦,等.可生存性MLS/DBMS中基于隐蔽通道的恶意事务检测[J].电子学报,2009,37(6): 1264-1269.

[16] Wang Y J, Wu J Z, Ding L P, et al. Detection approach for covert channel based on concurrency conflict interval time[J]. Journal o Computer Research and Development, 2011, 48(8):1542-1553(in Chinese). 王永吉,吴敬征,丁丽萍,等.一种基于并发冲突间隔时间的隐蔽信道检测方法[J].计算机研究与发展,2011,48(8): 1542-1553.

[17] Zeng H T, Wang Y J, Zu W, et al. New definition of small message criterion and its application in transaction convert channel mizigating[J]. Journal of Software, 2009, 20(4):985-996(in Chinese). 曾海涛, 王永吉, 祖伟,等.短消息指标新定义及在事务信道限制中的应用[J].软件学报,2009,20(4):985-996.

[18] Askarov A, Zhang D, Myers A C. Predictive black-box mitigation of timing channels[C]//Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10). ACM, New York, USA, 2010:297-307.

[19] Zhang D, Askarov A, Myers A C. Predictive mitigation of timing channels in interactive systems[C]//Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS'11). ACM,New York,USA,2011:563-574.

[20] Kaur N, Saini H S,Singh R. Design and analysis of secure scheduler for MLS distributed database systems[C]//IEEE International Advance Computing Conference (IACC'09). 2009:1400-1404.

[21] Sallam A I, Elrabie S M, Faragallah O S. Comparative study of polyinstantiation models in MLS database[C]//International Computer Engineering Conference. 2010:158-165.

[22] Lipner S B. A comment on the confinement problem[C]//Proceedings of the Fifth ACM Symposium on Operating Systems Principles. New York,USA, 1975:192-196.

若干新型数据库隐蔽信道应用场景研究

Study on usage scenarios of several new database covert channels

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

本文评价

访问统计

联系我们