Serdar Cabuk

IP covert timing channels: design and detection

A network covert channel is a mechanism that can be used to leak information across a network in violation of a security policy and in a manner that can be difficult to detect. In this paper, we describe our implementation of a covert network timing channel, discuss the subtle issues that arose in its design, and present performance data for the channel. We then use our implementation as the basis for our experiments in its detection. We show that the regularity of a timing channel can be used to differentiate it from other traffic and present two methods of doing so and measures of their efficiency. We also investigate mechanisms that attackers might use to disrupt the regularity of the timing channel, and demonstrate methods of detection that are effective against them.

IP Covert Channel Detection

A covert channel can occur when an attacker finds and exploits a shared resource that is not designed to be a communication mechanism. A network covert channel operates by altering the timing of otherwise legitimate network traffic so that the arrival times of packets encode confidential data that an attacker wants to exfiltrate from a secure area from which she has no other means of communication. In this article, we present the first public implementation of an IP covert channel, discuss the subtle issues that arose in its design, and present a discussion on its efficacy. We then show that an IP covert channel can be differentiated from legitimate channels and present new detection measures that provide detection rates over 95%. We next take the simple step an attacker would of adding noise to the channel to attempt to conceal the covert communication. For these noisy IP covert timing channels, we show that our online detection measures can fail to identify the covert channel for noise levels higher than 10%. We then provide effective offline search mechanisms that identify the noisy channels.

Towards automated provisioning of secure virtualized networks

We describe a secure network virtualization framework that helps realize the abstraction of Trusted Virtual Domains (TVDs), a security-enhanced variant of virtualized network zones. The framework allows groups of related virtual machines running on separate physical machines to be connected together as though there were on their own separate network fabric and, at the same time, helps enforce cross-group security requirements such as isolation, confidentiality, security, and information flow control. The framework uses existing network virtualization technologies, such as Ethernet encapsulation, VLAN tagging, and VPNs, and combines and orchestrates them appropriately to implement TVDs. Our framework aims at automating the instantiation and deployment of the appropriate security mechanism and network virtualization technologies based on an input security model that specifies the required level of isolation and permitted network flows. We have implemented a prototype of the framework based on the Xen hypervisor. Experimental evaluation of the prototype shows that the performance of our virtual networking extensions is comparable to that of the standard Xen configuration.

Towards automated security policy enforcement in multi-tenant virtual data centers

Serdar Cabuk a, Chris I. Dalton a, Konrad Eriksson b, Dirk Kuhlmann a, HariGovind V. Ramasamy c, Gianluca Ramunno d, Ahmad-Reza Sadeghi e, Matthias Schunter b and Christian Stuble f a Hewlett–Packard Labs, Bristol, UK E-mails: serdar.cabuk@gmail.com, {cid,dirk.kuhlmann}@hp.com b IBM Zurich Research Laboratory, Ruschlikon, Switzerland E-mails: {kon,mts}@zurich.ibm.com c IBM T. J. Watson Research Center, Hawthorne, NY, USA E-mail: hvramasa@us.ibm.com d Politecnico di Torino, Turin, Italy E-mail: ramunno@polito.it e Ruhr-University Bochum, Germany E-mail: ahmad.sadeghi@trust.rub.de f Sirrix AG Security Technologies, Bochum, Germany E-mail: stueble@sirrix.com

Trusted integrity measurement and reporting for virtualized platforms

Verifiable trust is a desirable property for computing platforms. Current trusted computing systems developed by Trusted Computing Group (TCG) provide verifiable trust by taking immutable snapshots of the whole set of platform components. It is, however, difficult to use this technology directly in virtualized platforms because of complexity and dynamic changes of platform components. In this paper, we introduce a novel integrity management solution based on a small Software-based Root of Trust for Measurement (SRTM) that provides a trusted link to the integrity measurement chain in the TCG technology. Our solution makes two principal contributions: The first is a key management method, by which a verifier can be convinced that the SRTM is a trusted delegatee of a Trusted Platform Module (TPM). The second is two integrity management services, which provides a novel dependency relation between platform components and enables reversible changes to measured components. This extended abstract of the paper focuses on the key management method and shows the high level idea of these two services. Details of the dependency relation, the reversible changes, and the Xen implementation may be found in the full version of the paper.

Analysis and evaluation of topological and application characteristics of unreliable mobile wireless ad-hoc network

We present a study of topological characteristics of mobile wireless ad-hoc networks. The characteristics studied are connectivity, coverage, and diameter. Knowledge of topological characteristics of a network aids in the design and performance prediction of network protocols. We introduce intelligent goal-directed mobility algorithms for achieving desired topological characteristics. A simulation-based study shows that to achieve low, medium and high network QoS defined in terms of combined requirements of the three metrics, the network needs respectively 8, 16, and 40 nodes. If nodes can fail, the requirements increase to 8, 36 and 60 nodes respectively. We present a theoretical derivation of the improvement due to the mobility models and the sufficient condition for 100% connectivity and coverage. Next, we show the effect of improved topological characteristics in enhancing QoS of an application level protocol, namely, a location determination protocol called Hop-Terrain. The study shows that the error in location estimation is reduced by up to 68% with goal-directed mobility.