Adaptive Warden Strategy for Countering Network Covert Storage Channels
This addresses network security for systems vulnerable to covert communication, but it appears incremental as it builds on existing warden strategies.
The paper tackles the problem of detecting and eliminating network covert storage channels by proposing an adaptive warden strategy that selects normalization rules based on traffic characteristics, resulting in better efficiency and effectiveness compared to dynamic wardens.
The detection and elimination of covert channels are performed by a network node, known as a warden. Especially if faced with adaptive covert communication parties, a regular warden equipped with a static set of normalization rules is ineffective compared to a dynamic warden. However, dynamic wardens rely on periodically changing rule sets and have their own limitations, since they do not consider traffic specifics. We propose a novel adaptive warden strategy, capable of selecting active normalization rules by taking into account the characteristics of the observed network traffic. Our goal is to disturb the covert channel and provoke the covert peers to expose themselves more by increasing the number of packets required to perform a successful covert data transfer. Our evaluation revealed that the adaptive warden has better efficiency and effectiveness when compared to the dynamic warden because of its adaptive selection of normalization rules.