1. Mecanismo
no proyectado para comunicaciones, que es usado para transferir información violando
la seguridad (ITSEC).
2. Canal de
transmisión que permite a un proceso transmitir datos violando la política de
seguridad del sistema (TCSEC).
Puede
presentarse como canal de almacenamiento (storage channel) o como canal de
tiempo (timing channel). El primero sucede cuando un proceso puede escribir,
directa o indirectamente, en un almacenamiento que puede leer, directa o
indirectamente otro proceso distinto utilizando este procedimiento para pasarse
ilícitamente información. Típicamente requiere un recurso (por ejemplo, un
disco) compartido por dos sujetos con diferentes habilitaciones de seguridad.
En el
segundo, un proceso difunde información a otro modulando su propio uso de los
recursos del sistema (por ejemplo, tiempo de UCP) lo que afecta al tiempo de
respuesta. Ello puede ser observado e interpretado por el segundo proceso.
[Ribagorda:1997]
Transmisión
de información de manera oculta sobre un canal que transmite información. Se
aplica especialmente a algunos esquemas de firma digital. [CESID:1997]
An unauthorized
communication path that manipulates a communications medium in an unexpected,
unconventional or unforeseen way in order to transmit information without
detection by anyone other than the entities operating the covert channel. [CNSSI_4009:2010]
Determination of
the extent to which the security policy model and subsequent lower-level
program descriptions may allow unauthorized access to information. [CNSSI_4009:2010]
Covert channel
involving the direct or indirect writing to a storage location by one process
and the direct or indirect reading of the storage location by another process.
Covert storage channels typically involve a finite resource (e.g., sectors on a
disk) that is shared by two subjects at different security levels. [CNSSI_4009:2010]
Covert channel in
which one process signals information to another process by modulating its own
use of system resources (e.g., central processing unit time) in such a way that
this manipulation affects the real response time observed by the second process.
[CNSSI_4009:2010]
1. (I) An
unintended or unauthorized intra-system channel that enables two cooperating
entities to transfer information in a way that violates the system's security
policy but does not exceed the entities' access authorizations.
(See: covert
storage channel, covert timing channel, out-of-band, tunnel.)
2. (O) "A
communications channel that allows two cooperating processes to transfer
information in a manner that violates the system's security policy."
[NCS04]
[RFC4949:2007]
(I) A system
feature that enables one system entity to signal information to another entity
by directly or indirectly writing a storage location that is later directly or
indirectly read by the second entity. (See: covert channel.) [RFC4949:2007]
(I) A system
feature that enables one system entity to signal information to another by
modulating its own use of a system resource in such a way as to affect system
response time observed by the second entity. (See: covert channel.)
[RFC4949:2007]
an enforced,
illicit signalling channel that allows a user to surreptitiously contravene the
multi-level separation policy and unobservability requirements of the TOE (this
is a special case of monitoring attacks).
TOE - Target of
Evaluation
[CC:2006]
the use of a
mechanism not intended for communication to transfer information in a way that
violates security. [ITSEC:1991]
A communication
channel that allows a process to transfer information in a manner that violates
the system's security policy. [TCSEC:1985]
A covert channel
that involves the direct or indirect writing of a storage location by one
process and the direct or indirect reading of the storage location by another
process. Covert storage channels typically involve a finite resource (e.g.,
sectors on a disk) that is shared by two subjects at different security levels.
[TCSEC:1985]
A covert channel
in which one process signals information to another by modulating its own use
of system resources (e.g., CPU time) in such a way that this manipulation
affects the real response time observed by the second process. [TCSEC:1985]
Temas relacionados