Firewall resistance to metaferography in network communications

Show full item record

Title: Firewall resistance to metaferography in network communications
Author: Savacool, Richard
Abstract: In recent years corporations and other enterprises have seen a consolidation of security services on the network perimeter. Services that have traditionally been stand-alone, such as content filtering and antivirus scanning, are pushing their way to the edge and running on security gateways such as firewalls. As a result, firewalls have transitioned from devices that protect availability by preventing denial-of-service to devices that are also responsible for protecting the confidentiality and integrity of data. However, little, if any, practical research has been done on the ability of existing technical controls such as firewalls to detect and prevent covert channels. The experiment in this thesis has been designed to evaluate the effectiveness of firewalls&mdash;specifically application-layer firewalls&mdash;in detecting, correcting, and preventing covert channels. Several application-layer HTTP covert channel tools, including Wsh and CCTT (both storage channels), as well as Leaker/Recover (a timing channel), are tested using the 7-layer OSI Network Model as a framework for analysis. This thesis concludes that with <italic>a priori</italic> knowledge of the covert channel and proper signatures, application-layer firewalls can detect both storage and timing channels. Without <italic>a priori</italic> knowledge of the covert channel, either a heuristic-based or a behavioral-based detection technique would be required. In addition, this thesis demonstrates that application-layer firewalls inherently resist covert channels by adhering to strict type enforcement of RFC standards. This thesis also asserts that metaferography is a more appropriate term than covert channels to describe the study of &ldquo;carried writing&rdquo; since metaferography is consistent with the etymology and naming convention of the other main branches of information hiding&mdash;namely cryptography and steganography.
Record URI: http://hdl.handle.net/1850/12272
Date: 2010

Files in this item

Files Size Format View
RSavacoolThesis5-21-2010.pdf 4.928Mb PDF View/Open

The following license files are associated with this item:

This item appears in the following Collection(s)

Show full item record

Search RIT DML


Advanced Search

Browse