pcaw limits the efficiency of a specific type of network covert channel called protocol (switching covert) channel. In other words, it is an active warden.
Essentially, one needs to (adjust and) execute the setup.sh script and then run one of the limitation scripts:
limit_cc.pl– limitation of protocol switching covert channels (=protocol channels), i.e. covert channels that transfer secret information solely through the utilized protocol of succeeding network packets.limit_cc_randomized.pl– same aslimit_cc.plbut uses a randomized delay for better efficiency.limit_cc_phcc.pl– specific PCAW version for protocol hopping covert channels, i.e. covert channels that embed secret information inside the content of network packets, but utilize several different network protocols in a succeeding manner.limit_cc_bacnet.pl– specific PCAW version for the BACnet protocol's message ID field. Requires execution ofsetup_bacnet.sh.
- Steffen Wendzel, Jörg Keller:
Design and Implementation of an Active Warden Addressing Protocol Switching Covert Channels,
7th International Conference on Internet Monitoring and Protection (ICIMP 2012), pp. 1-6, Stuttgart, Germany, 2012.
- Paper won the Best Paper Award at ICIMP'12
-
Steffen Wendzel, Sebastian Zander: Detecting Protocol Switching Covert Channels, 37th IEEE Conf. on Local Computer Networks (LCN), pp. 280-283, Clearwater, Florida, 2012. (download via IEEE Xplore)
-
Steffen Wendzel, Jörg Keller: Preventing Protocol Switching Covert Channels, International Journal On Advances in Security, vol. 5 no. 3&4, pp. 81-93, 2012.
-
Steffen Wendzel: Novel Approaches for Network Covert Storage Channels, PhD thesis, University of Hagen, submitted: Jan-2013, defended: May-2013.