Abstract
In recent years corporations and other enterprises have seen a consolidation of security services on the network perimeter. Services that have traditionally been stand-alone, such as content filtering and antivirus scanning, are pushing their way to the edge and running on security gateways such as firewalls. As a result, firewalls have transitioned from devices that protect availability by preventing denial-of-service to devices that are also responsible for protecting the confidentiality and integrity of data. However, little, if any, practical research has been done on the ability of existing technical controls such as firewalls to detect and prevent covert channels. The experiment in this thesis has been designed to evaluate the effectiveness of firewalls—specifically application-layer firewalls—in detecting, correcting, and preventing covert channels. Several application-layer HTTP covert channel tools, including Wsh and CCTT (both storage channels), as well as Leaker/Recover (a timing channel), are tested using the 7-layer OSI Network Model as a framework for analysis. This thesis concludes that with a priori knowledge of the covert channel and proper signatures, application-layer firewalls can detect both storage and timing channels. Without a priori knowledge of the covert channel, either a heuristic-based or a behavioral-based detection technique would be required. In addition, this thesis demonstrates that application-layer firewalls inherently resist covert channels by adhering to strict type enforcement of RFC standards. This thesis also asserts that metaferography is a more appropriate term than covert channels to describe the study of “carried writing” since metaferography is consistent with the etymology and naming convention of the other main branches of information hiding—namely cryptography and steganography.
Library of Congress Subject Headings
Firewalls (Computer security); Computer networks--Security measures; Cryptography
Publication Date
2010
Document Type
Thesis
Student Type
- Please Select One -
Advisor
Yuan, Bo
Advisor/Committee Member
Johnson, Daryl
Advisor/Committee Member
Lutz, Peter
Recommended Citation
Savacool, Richard, "Firewall resistance to metaferography in network communications" (2010). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/825
Campus
RIT – Main Campus
Plan Codes
COMPSEC-MS
Comments
Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in December 2013.