CS5430 Project 2: Covert Channel Construction (Fall 2020)

General Instructions. You are strongly encouraged to work as part of a group of 4 students, but working alone or in a smaller group is allowed (although strongly discouraged).

Due: December 11, 2020 at 11:00pm. No late assignments will be accepted.

Submit your solution using CMS.

Covert Timing Channels

Given a source principal that is purportedly isolated from a destination principal, a covert timing channel is a means by which the source principal conveys information to the destination principal by using mechanisms in ways not intended for performing communications: Note, the events used by the source principal to signal a value might be different from the events used by the destination to detect that value.

Example. A TCP connection between processes P1 and P2 can be used as a covert timing channel if it is carrying a steady stream of messages, so the TCP connection is already being used by P1 as an overt channel for communicating with P2.

For signalling on the covert channel, process P1 signals a 0 or a 1 by controlling the time that elapses between successive messages sent using the TCP connection to P2:

Process P2 measures the times when messages become available for receipt on this TCP connection, and P2 recovers the signalled bits P1 sent on the convert timing channel by using the differences between these measurements.

For this covert timing channel, the events involved in signalling (i.e., two successive send operations on the TCP channel) are different from the events involved in detecting (i.e., two successive receive operations on the TCP channel). Also, P1 and P2 in this example might both have access to the same clock (i.e., the clock on the processor that they share). But access by P1 and P2 to a common clock is not required---a known upper-bound on the difference in the clock rates suffices.

Performance Measurement. The utility of a covert timing channel can be described by giving two performance measures. We define raw channel bandwidth to be the number of bits that, on average, are signalled per second using the covert timing channel; and we define channel fidelity rate to be Rgood/Rtotal, where Rgood is the number of correct bits that are detected and Rtotal is the total number of bits that are detected on the covert timing channel.

For the TCP-based covert timing channel sketched above, raw channel bandwidth can be increased by decreasing the elapsed time between the sending of successive messages using the TCP connection. But elapsed time until delivery at P2 will vary for different messages sent using a given TCP connection, due to variations in local execution speed for P2 and due to queuing delays in TCP implementation and (possibly) the network. Therefore, as the time used to signal a value is decreased from 30 seconds, the chances of detection errors increase (because detection error is affected by variations in message-delivery delay).

The trade-off between raw channel bandwidth and channel fidelity rate can be depicted using a graph. The X axis gives raw channel bandwidth; the Y axis gives channel fidelity rate. To be credible, such a graph should

To be interesting, the X axis would span a large enough range values for X so that any interesting behavior in Y is depicted on the graph. Thus, the graph would be flat only if there is no region where changes to X cause changes to Y.

The Project

This project is an opportunity to build and experiment with a covert timing channel.

What to do:

  1. Write a pair of processes P1 and P2 that execute on the same computer. P1 should read a sequence of 0's and 1' from standard input and use a covert timing channel to signal that input to P2; P2 should write to standard output the sequence of 0's and 1's that are the values it detects using the covert timing channel.

    You may implement the covert timing channel by using a TCP-connection, as sketched above. You would start by writing processes P1 and P2 that communicate something innocuous in a sequence of messages over TCP. You would then add (clearly identified) code to create the covert timing channel: add code to P1 for signalling and add code to P2 for detection. But ambitious groups will devise their own covert timing channel. Some might use another shared system service and employ contention for that resource to cause delays that are the basis for the covert timing channel.

  2. Construct a credible and interesting (these characteristics are defined above) graph that depicts raw channel bandwidth vesus channel fidelity rate for the covert timing channel implemented for (1). You should have justifications for

    If it would be helpful, then disable or limit other activity on the computer while you are running and measuring your covert timing channel.

  3. Extra Credit. Write a third process P3 that, when run on the same computer as P1 and P2, reduces the bandwidth of the covert timing channel and/or reduces the channel fidelity rate. P1 and P2 must not be altered in any way. To document the effectiveness of your P3 design, construct a graph that includes two curves: (i) an exact copy of curve depicted in the graph for (2) and (ii) a new curve that depicts raw channel bandwidth vesus channel fidelity rate when P3 is running.

What to submit:

Grading Criteria:

You may implement this project to run on any computer / operating system / programming language---provided that computer will also run a browser that supports Zoom. We reserve the right to request a demo of your system over Zoom. During that Zoom demo, you will use the files in code.zip to build an instance of your system, run the resulting system, and reproduce exampleRun.txt as well as the data in the graphs.