Design of the multi-level security network switch system which restricts covert channel

Author

Liu, Xiong ; Xue, Haiwei ; Feng, Xiaoping ; Dai, Yiqi

Author_Institution

Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing, China

fYear

2011

fDate

27-29 May 2011

Firstpage

233

Lastpage

237

Abstract

The administrator shall implement multilevel security policy in a multilevel security network system. The policy must ensure the information flow from low level host to the same level host or high level host, and prevent the information flow from high level host to low level host, but traditional network is difficult to meet the requirement. This paper proposes a design of multi-level security network switch system. The design adds a module named Filter based on OpenFlow. OpenFlow can control the packets flow of the network, and the Filter can check the packet´s content and delay the packets then restrict covert channel. Using OpenFlow and the Filter, the system can implement the multilevel security policy in the scenario of local area network. The experiment verified the feasibility of the design.

Keywords

computer network security; information filtering; telecommunication switching; OpenFlow; covert channel; information flow; low level host; multilevel security network switch system; multilevel security network system; multilevel security policy; packet content; Channel capacity; Information filters; Protocols; Security; Switches; OpenFlow; covert channel; multi-level security; secure switch;

fLanguage

English

Publisher

ieee

Conference_Titel

Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on

Conference_Location

Xi´an

Print_ISBN

978-1-61284-485-5

Type

conf

DOI

10.1109/ICCSN.2011.6013582

Filename

6013582