[cap-talk] Covert channels
dmbarbour at gmail.com
Mon Feb 21 10:54:01 PST 2011
On Sun, Feb 20, 2011 at 6:46 PM, David Wagner <daw at cs.berkeley.edu> wrote:
> Tim Freeman wrote:
>> A lot of covert channels seem to concern time, so if you're trying to
>> block them then access to the computer's current time of day should be
>> considered security-sensitive.
> I would classify that approach under the category of 'crippling
> the functionality or usefulness of your computer system'.
It wouldn't be a problem if you allowed access to logical time.
I do limit access to even logical time through a capability - albeit,
an unum, which means even untrusted web-app code has access to it. The
reason is more for easy unit-testing than security.
> [Time] is used pervasively in network protocols (TCP has timeouts
> all over the place).
If you ever give untrusted code direct access to network protocols,
you clearly aren't worried about covert channels.
More information about the cap-talk