Correlating Packet Timing with Memory Content Detects IP Covert Timing Channels

We report a novel approach for detecting a hostile process extruding data through a covert timing channel. Our method looks for correlations between the timing of network traffic and bit strings in the address space of the suspicious process. Background Covert leakage of sensitive information from governmental or corporate systems remains a significant… CONTINUE READING