The method can detect cover timing channels by
- reproducing the timing of every network output;
- comparing the observed timing to the reproduced timing; and
- issuing an alert if there is any discrepancy.
Penn researchers have built a time deterministic replay prototype called Sanity. It reproduces timing to within 2% on commodity hardware. It can be used to detect a variety of existing and novel covert timing channels with perfect accuracy.
Advantages:
All detectors can detect IPCTC with perfect accuracy, existing detectors do worse for more sophisticated channels, and existing detectors cannot detect "Needle in a haystack" well. Sanity detects all channels with perfect accuracy! No false positives, no false negatives.
Intellectual Property:
PCT/US2015/054088 pending
Reference Media:
Covert Timing Channels with Time-Deterministic Detecting Replay, Ang Chen, W. Brad Moore, Hanjun Xiao, Andreas Haeberlen, Linh Thi Xuan Phan, Micah Sherr, and Wenchao Zhou. 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI '14), Broomfield, CO, October 2014.
Desired Partnerships:
Docket # 15-7281
Download PDF
