First page Back Continue Last page Summary Graphics
The AntiVirus Covert Channel
User system:
- Library: simulate web traffic
- Application: simulate error to change firewall
User:
- Sense: simulate update fail before possibilities tried
- Form: simulate error generate trained complain
- Associate: simulate disassociate subsequent traffic from AV
- Assessment: conceal facts about attempts to bypass security
- Thought: conceal the true nature of the product's covert channels
Firewall:
- Protocol: simulate web traffic, then ICMP, UDP, DNS, Telnet, etc.
- Application: simulate web traffic to fool content checking
Firewall administrator:
- All levels: concealment and simulation to cause them to fail to block it
Notes:
This is a simplistic version of the analysis of the covert channel associated with one antivirus automated update system. This covert channel represents a complex set of deceptions designed to defeat attempts to stop the antivirus program both through computer and human concealment and simulation at multiple levels.