Description

This paper presents a new behavior based covert channel utilizing the database update mechanism of anti-virus software. It is highly covert due to unattended, frequent, automatic signature database update operations performed by the software. The design of the covert channel is described; its properties are discussed and demonstrated by a reference implementation. This paper uses these points to strengthen the inclusion of behavior-based covert channels within standard covert channel taxonomy.

Date of creation, presentation, or exhibit

2012

Comments

The 2012 International Conference on Security and Management Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in February 2014.

Document Type

Conference Proceeding

Department, Program, or Center

Department of Computing Security (GCCIS)

Campus

RIT – Main Campus

Share

COinS