A few days ago, another covert channel paper of my Ph.D. advisor and me got accepted at the ICIMP 2012 in Stuttgart (June).
S. Wendzel and J. Keller: Design and Implementation of an Active Warden Addressing Protocol Switching Covert Channels, ICIMP 2012 (to appear).
Network covert channels enable a policy-breaking network communication (e.g. within botnets). Within the last years, new covert channel techniques occurred which are based on the capability of protocol switching. There are currently no means available to counter these new techniques. In this paper we present the first approach to effectively limit the bandwidth of such covert channels by introducing a new active warden. We present a calculation method for the bandwidth of these channels in case the active warden is used. Additionally, we discuss implementation details and we evaluate the practical usefulness of our technique.
Keywords: Protocol Switching Covert Channel; Protocol Channel, Active Warden