Title :
Design of the multi-level security network switch system which restricts covert channel
Author :
Liu, Xiong ; Xue, Haiwei ; Feng, Xiaoping ; Dai, Yiqi
Author_Institution :
Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing, China
Abstract :
The administrator shall implement multilevel security policy in a multilevel security network system. The policy must ensure the information flow from low level host to the same level host or high level host, and prevent the information flow from high level host to low level host, but traditional network is difficult to meet the requirement. This paper proposes a design of multi-level security network switch system. The design adds a module named Filter based on OpenFlow. OpenFlow can control the packets flow of the network, and the Filter can check the packet´s content and delay the packets then restrict covert channel. Using OpenFlow and the Filter, the system can implement the multilevel security policy in the scenario of local area network. The experiment verified the feasibility of the design.
Keywords :
computer network security; information filtering; telecommunication switching; OpenFlow; covert channel; information flow; low level host; multilevel security network switch system; multilevel security network system; multilevel security policy; packet content; Channel capacity; Information filters; Protocols; Security; Switches; OpenFlow; covert channel; multi-level security; secure switch;
Conference_Titel :
Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-1-61284-485-5
DOI :
10.1109/ICCSN.2011.6013582
